Hiding Behind the Keyboard: Uncovering Covert Communication Methods with Forensic Analysis


Posted on by Ben Rothke

In chapter 2 of Hiding Behind the Keyboard: Uncovering Covert Communication Methods with Forensic Analysis (Syngress ISBN 978-0128033401), authors Brett Shavers and John Bair discuss the Tor browser and how it can offer tremendous levels of security and privacy. Their goal in the book is to help security professionals and investigators use investigative techniques against those employing such tools for nefarious purposes.

HBTK

A perfect example is from 2013 where a Harvard student used Tor and other privacy tools to send in a false bomb threat. Investigators noted that while the student used Tor, it was his other sloppy security measures that led to his arrest. In the book, the authors show how an investigator can capitalize on such mistakes to find a perpetrator.

A persistent theme thoughtful the book is that while the tools criminals use get better and more sophisticated over time, the mistakes criminals make are constant. The odds of discovery increase the longer they use any system of communications. The authors show the reader how they can make the most of those mistakes to find a perpetrator.

Shavers is a former law enforcement officer while Bair currently works in law enforcement and the book take a very hands-on, real-world approach to using these tools and techniques in the field. The book is light on theory, and heavy on actionable forensic analysis.

At 225 pages, the 11 chapters cover a broad range of topics from evidence and extraction, cryptography and encryption, anti-forensics and more. It’s far from a comprehensive guide to the topic, and there topics the authors don’t cover. Other areas need a more detailed approach for mastering of the topic.

For those looking for an introductory text on various investigative tools and techniques, Hiding Behind the Keyboard: Uncovering Covert Communication Methods with Forensic Analysis is an excellent resource.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

forensics & e-discovery hackers & threats security awareness

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs