Enterprise security Messiah

There were some articles about looking for talents in computer security industry this last days in the promised land of USA and EU.

I don't think the intention of authors was such but I've start to get images of almost biblical class of saviors for enterprise security issues, almost like a prophets searching and moaning for Messiah 
I suppose such thoughts are politically incorrect to think and speak about, but for me as a shamless non believer into religion of security and with Sunday school experience from communist regime past it is nothing :)

Without much joke it really sounds like searching for someone omnipotent who will cure all wrong in your busted and by evil penetrated enterpsie security and bring salvation ...
Bit silly but makes sense in distorted religious way ... as examples is we look on the SANS for
http://www.sans.org/critical-security-controls/ and just try to imagine how much it really cost to implement it, it is obvious why security managers prefer searching for miracles and messiah. You need faith to belive into your savior instead of start working and finding competent professionals, not a miracle makers

After summer 2014

Recently I've finished  2 three day on-demand trainings.  First one was for forensic bridges and write-blockers and the other one was for elcomsoft password recovery bundle. Second was was challenging because there is no official training fro product we decided to modify our anti forensics and encryption materials to create suitable training bundle. From forensic point of view most challenging task is to keep forensically correct environment while data is going from one tool to another and back into final report.

I was trying to avoid heavy math as possible from this training, since it does not belongs there it is about tools and forensics not about cryptography. You must have understanding what cryptography is, how it works and how it is used in anti forensics and most important hos to handle it in forensically sound way. One often overlooked issue is reliability and forensic acceptability of all used tools in processing of evidence. Good practice is to have prof of correctness for each tool in chain but also to have prof for each step in data transfer among tools.

As example I've used windows virtual machines with bitlocker, truecrypt volumes as investigation targets. We used various tools and scenarios to create memory dumps and tested if we can retrieve keys from dumps. All that was done in safe forensic framework of  proven tool like EnCase and its VFS and PDE features. Trough such features it is possible to extract keys from memory dumps or hibernation files and use and use elcomsoft tool to access and dump protected volume. That extracted data is than reacquired into original case in forensic framework tool. More or less same approach works for all of the password extrcators/breakers in elcomsoft bundle.

Practicals and hands on :

Zip peculiarities

Mils unbreakable encryption

Encryption based on dedicated external device

Password vault tool

Password recovery for truecrypt volume

Password recovery for truecrypt volume

Windows logon password

Office documents

Bitlocker password  removal in elcomsoft

Live forensic access to encrypted data

Live – encase forensic

Ftk imager – memory capture

Memory capture – words extraction

Topics discussed:

Encryption and Antiforensics

Antiforensics or counter forensics

Antiforensics methods

Hiding Data - Encryption

The Caesar Cipher

Example: rot13

Some common types of encryption

Steganography

Data destruction

Antiforensics impact

Encryption and Digital Forensics

Background

Sources

Terminology

Encryption algorithms

Encryption keys

Password/Passphrase Implementation

Key space

Breaking passwords

zip – removing encryption or changing password

Truecrypt – removing enrcyption or changing the password

Identifying encrypted data

Encryption software

Encrypted files

Approaching decryption

Human factor

Human factor - language

Decryption methodology

Dictionary Attack

Dictionary-based attack tools

Brute force attack

Brute Force Attacks tools

Key-based attack

Password Reset

Rainbow tables

Encryption and digital evidence

Accessing Encrypted Evidence

Encrypted Evidence is real

Decryption in digital forensic investigation: Perception vs. Reality

Types of Encrypted Evidence

Types of Encryption

Where are passwords

How to attack password-protected artifacts

Workflow is repetitive

Additional word sources

Encryption tools

What is there in the wild ?

Example: Passware Kit Forensic

Example: FTK PRTK/DNA

Example: Elcomsoft bundle

Forensic tool approach

Practical Decryption Tool

Dedicated Decryption Tool

Decryption as part of the general purpose forensic tool

SANS Cyber Aces Online Tutorials

Sans again has excellent materials online for anyone interested in renewing general knowledge in computer security it is for CyberAcess program Cyberaces online tutorial

Covers the most essential areas for going into security:

1. Introduction to Operating Systems, covers Linux, Windows and using virtual labs
2. Networking, covers all important practical networking issues from layering to appllication security
3. System Administration, covers Web Scripting,Bash, PowerShell

Even if you don't plan to do certification it is good to read and remember what you forget :)

My favorite is system administration part, especially power shell, myself always being lagging on windows scritping