DIGITAL FORENSIC 25
In this chapter, you'll learn more about:
· Encryption basics
· Common encryption practices
· Weaknesses of encryption
· What to do when you find encrypted data
Computer forensics is all about perspective and process. A forensic investigator's main perspective must be as a neutral party in all activities. Approach each investigation the same way, ensuring that it is repeatable and sound. After evidence is identified and preserved, analyze it to determine its impact on your case. In many situations, forensic investigators don't have the authority to disclose any evidence except to authorized individuals. It all depends on who owns the computer and who is paying for the investigation. As a forensic investigator, you need to know how to exercise your authority and access protected data properly. The two most common controls that protect data from disclosure are access controls and data encryption. This chapter covers the most common type of access control—the password—and the general topic of encryption.
You will learn basic techniques to obtain passwords to gain access to evidence. You will learn about basic encryption methods and how to recover encrypted evidence.
Passwords
Computer users must commonly provide a user ID to log on to, or otherwise access, a system. User IDs identify a specific user and tell the security subsystem what permissions to grant to that user. Unfortunately, some computer users attempt to impersonate other users by fraudulently providing another person's user ID. By doing so, the impersonator can perform actions that will point back to the stolen user ID owner's account when audited. As a forensic investigator, you'll need to determine the difference between actions taken using a valid user ID and actions conducted by an impersonator using a stolen or otherwise compromised user ID.
user ID
A string of characters that identifies a user in a computing environment.
Real word Scenario
Who Are You, Really?
Fred is an enterprising university student who enjoys testing the limits of his school's computer use policy. The policy clearly states that users may only use their own user IDs to access the computer system. If Fred wants to create some mischief on the university's computer system, he could ignore the policy and use Mary's user ID to access the system. In effect, he could pretend to be Mary. With no controls in place to stop him, Fred could cause many problems and to the untrained eye, it would appear that Mary was the guilty party. A control is anything that stands between Fred and his unauthorized actions. In this case, there actually is at least one control to deter him—the university's computer use and access policy. The university's computer use policy is an administrative control. While administrative controls dictate proper behavior and the penalty of noncompliance, they don't stop unauthorized actions by those who are determined to ignore such policies (as in Fred's case).
There is a si.
Journals The Journals should be a synopsis of ALL your required r.docxpriestmanmable
Journals: The Journals should be a synopsis of ALL your required readings and PowerPoints. These papers are 3 to 6 pages long and include a reference page. Tell me what you learned. Failure to cover any aspect of the information will result is loss of points. APA format is required so remember your title page. Spelling and grammar issues will result in loss of points.
Textbooks for this course:
Mason, D. J., Gardner, D. B., Outlaw, F. H., & O’Grady, E. T. (2016).Policy & politics in
nursing and health care (7th ed.) St. Louis: Elsevier.
(ISBN: 978-0-323-24144-1).
Greer, G. & Fitzpatrick, J. J. (2013). Nursing leadership: From the outside in. New York, NY:
Springer.
(ISBN: 978-0-8261-0866-1).
The Affordable Care Act
Mason Textbook:
Chapters: 19-22
Health Disparities/
Mason Textbook:
Chapters: 23-25, & 27
Pharmaceutical/Public Health/Chronic Care/Families/
Centers
Mason Textbook:
Chapters: 26-32, & 33-39
Glazer Chapter 17
Required Videos- See 12 Videos Below
https://www.youtube.com/watch?v=vju70I6qSKk
https://www.youtube.com/watch?v=JZ7vmXh63Jw
https://www.youtube.com/watch?v=FIiBWX828og
https://www.youtube.com/watch?v=TruDKqHZId8
https://www.youtube.com/watch?v=GW2S8qNzzuY
https://www.youtube.com/watch?v=zKSDpJRpo60
https://www.youtube.com/watch?v=lAzh28nEoWU
https://www.youtube.com/watch?v=awYGY7HDzeM
https://www.youtube.com/watch?v=B6SCwLvOVdk
https://www.youtube.com/watch?v=NSGIrdNnRvw
https://www.youtube.com/watch?v=CjYyPiDicjU
https://www.youtube.com/watch?v=jKjZcbvFEY8
DIGITAL FORENSIC 25
In this chapter, you'll learn more about:
· Encryption basics
· Common encryption practices
· Weaknesses of encryption
· What to do when you find encrypted data
Computer forensics is all about perspective and process. A forensic investigator's main perspective must be as a neutral party in all activities. Approach each investigation the same way, ensuring that it is repeatable and sound. After evidence is identified and preserved, analyze it to determine its impact on your case. In many situations, forensic investigators don't have the authority to disclose any evidence except to authorized individuals. It all depends on who owns the computer and who is paying for the investigation. As a forensic investigator, you need to know how to exercise your authority and access protected data properly. The two most common controls that protect data from disclosure are access controls and data encryption. This chapter covers the most common type of access control—the password—and the general topic of encryption.
You will learn basic techniques to obtain passwords to gain access to evidence. You will learn about basic encryption methods and how to recover encrypted evidence.
Passwords
Computer users must commonly provide a user ID to log on to, or otherwise access, a system. User IDs identify a specific user and tell the security subsystem what permissions to grant to that user. Unfortunately, some computer users attempt t ...
CHAPTER
7
Authentication and
Authorization
One of the most common ways to control access to computer systems is to
identify who is at the keyboard (and prove that identity), and then decide what
they are allowed to do. These twin controls, authentication and authorization,
respectively, ensure that authorized users get access to the appropriate
computing resources, while blocking access to unauthorized users.
Authentication is the means of verifying who a person (or process) is, while
authorization determines what they’re allowed to do. This should always be done
in accordance with the principle of least privilege—giving each person only the
amount of access they require to be effective in their job function, and no more.
Authentication
Authentication is the process by which people prove they are who they say they
are. It’s composed of two parts: a public statement of identity (usually in the form
of a username) combined with a private response to a challenge (such as
a password). The secret response to the authentication challenge can be based on
one or more factors—something you know (a secret word, number, or passphrase
for example), something you have (such as a smartcard, ID tag, or code
generator), or something you are (like a biometric factor like a fingerprint or
retinal print). A password by itself, which is a means of identifying yourself
through something only you should know (and today’s most common form of
challenge response), is an example of single-factor authentication. This is not
considered to be a strong authentication method, because a password can be
intercepted or stolen in a variety of ways—for example, passwords are frequently
written down or shared with others, they can be captured from the system or the
network, and they are often weak and easy to guess.
Imagine if you could only identify your friends by being handed a previously
agreed secret phrase on a piece of paper instead of by looking at them or hearing
their voice. How reliable would that be? This type of identification is often
portrayed in spy movies, where a secret agent uses a password to impersonate
someone the victim is supposed to meet but has never seen. This trick works
precisely because it is so fallible—the password is the only means of identifying
the individual. Passwords are just not a good way of authenticating someone.
Unfortunately, password-based authentication was the easiest type to implement
in the early days of computing, and the model has persisted to this day.
Other single-factor authentication methods are better than passwords. Tokens
and smart cards are better than passwords because they must be in the physical
possession of the user. Biometrics, which use a sensor or scanner to identify
unique features of individual body parts, are better than passwords because they
can’t be shared—the user must be present to log in. However, there are ways to
defeat these methods. Tokens and card ...
In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system.
a)In the words of Snowden properly Imlemented strong crypto system.pdfaoneonlinestore1
a)In the words of Snowden \"properly Imlemented strong crypto systems are one of the few
things that you can rely on.\" By strong crypto he meant Public Key Cryptography(one key is
public and other key is private) like RSA. The 2nd part is implementation which again comes on
human being.Also public key system require that users authenticate each public key before they
use them.Users must keep their local system physically secure and protect the private
key.Finally, it is as good as pass phrase chosen by the user. If somehow Keys are disclosed the
data is no more safe.
b)Identification occurs when you type your username into a login screen because you have
claimed to be that person, while authentication occurs after you have typed in a password and hit
the \'login\' button, at which time the validity you claim to the username is determined. Many
studies have shown that users tend to choose short and guessable passwords, this makes them
vulnerable to attacks. Other ways of stealing the password is using keylogger software where
keystrokes are recorded, users can be fooled by phishing mails, users fail to change password
from time to time even when instructed to, users choose same password for multiple systems.
c)There can be many cases where access control can be compromised- Not locking down
workstations or laptops, not keeping extra security measures on portable devices in case of theft
or you lose them, logging on remote system through open/unencrypted wireless network etc
It is very difficult to remember so many passwords and check all security measures all the time
for human beings. There are people out there who has laid all traps and waiting to steal
information and data. Humans will always be the weakest link in any security system as we are
not designed to act like machine.
Solution
a)In the words of Snowden \"properly Imlemented strong crypto systems are one of the few
things that you can rely on.\" By strong crypto he meant Public Key Cryptography(one key is
public and other key is private) like RSA. The 2nd part is implementation which again comes on
human being.Also public key system require that users authenticate each public key before they
use them.Users must keep their local system physically secure and protect the private
key.Finally, it is as good as pass phrase chosen by the user. If somehow Keys are disclosed the
data is no more safe.
b)Identification occurs when you type your username into a login screen because you have
claimed to be that person, while authentication occurs after you have typed in a password and hit
the \'login\' button, at which time the validity you claim to the username is determined. Many
studies have shown that users tend to choose short and guessable passwords, this makes them
vulnerable to attacks. Other ways of stealing the password is using keylogger software where
keystrokes are recorded, users can be fooled by phishing mails, users fail to change password
from time to time even when instructed .
Journals The Journals should be a synopsis of ALL your required r.docxpriestmanmable
Journals: The Journals should be a synopsis of ALL your required readings and PowerPoints. These papers are 3 to 6 pages long and include a reference page. Tell me what you learned. Failure to cover any aspect of the information will result is loss of points. APA format is required so remember your title page. Spelling and grammar issues will result in loss of points.
Textbooks for this course:
Mason, D. J., Gardner, D. B., Outlaw, F. H., & O’Grady, E. T. (2016).Policy & politics in
nursing and health care (7th ed.) St. Louis: Elsevier.
(ISBN: 978-0-323-24144-1).
Greer, G. & Fitzpatrick, J. J. (2013). Nursing leadership: From the outside in. New York, NY:
Springer.
(ISBN: 978-0-8261-0866-1).
The Affordable Care Act
Mason Textbook:
Chapters: 19-22
Health Disparities/
Mason Textbook:
Chapters: 23-25, & 27
Pharmaceutical/Public Health/Chronic Care/Families/
Centers
Mason Textbook:
Chapters: 26-32, & 33-39
Glazer Chapter 17
Required Videos- See 12 Videos Below
https://www.youtube.com/watch?v=vju70I6qSKk
https://www.youtube.com/watch?v=JZ7vmXh63Jw
https://www.youtube.com/watch?v=FIiBWX828og
https://www.youtube.com/watch?v=TruDKqHZId8
https://www.youtube.com/watch?v=GW2S8qNzzuY
https://www.youtube.com/watch?v=zKSDpJRpo60
https://www.youtube.com/watch?v=lAzh28nEoWU
https://www.youtube.com/watch?v=awYGY7HDzeM
https://www.youtube.com/watch?v=B6SCwLvOVdk
https://www.youtube.com/watch?v=NSGIrdNnRvw
https://www.youtube.com/watch?v=CjYyPiDicjU
https://www.youtube.com/watch?v=jKjZcbvFEY8
DIGITAL FORENSIC 25
In this chapter, you'll learn more about:
· Encryption basics
· Common encryption practices
· Weaknesses of encryption
· What to do when you find encrypted data
Computer forensics is all about perspective and process. A forensic investigator's main perspective must be as a neutral party in all activities. Approach each investigation the same way, ensuring that it is repeatable and sound. After evidence is identified and preserved, analyze it to determine its impact on your case. In many situations, forensic investigators don't have the authority to disclose any evidence except to authorized individuals. It all depends on who owns the computer and who is paying for the investigation. As a forensic investigator, you need to know how to exercise your authority and access protected data properly. The two most common controls that protect data from disclosure are access controls and data encryption. This chapter covers the most common type of access control—the password—and the general topic of encryption.
You will learn basic techniques to obtain passwords to gain access to evidence. You will learn about basic encryption methods and how to recover encrypted evidence.
Passwords
Computer users must commonly provide a user ID to log on to, or otherwise access, a system. User IDs identify a specific user and tell the security subsystem what permissions to grant to that user. Unfortunately, some computer users attempt t ...
CHAPTER
7
Authentication and
Authorization
One of the most common ways to control access to computer systems is to
identify who is at the keyboard (and prove that identity), and then decide what
they are allowed to do. These twin controls, authentication and authorization,
respectively, ensure that authorized users get access to the appropriate
computing resources, while blocking access to unauthorized users.
Authentication is the means of verifying who a person (or process) is, while
authorization determines what they’re allowed to do. This should always be done
in accordance with the principle of least privilege—giving each person only the
amount of access they require to be effective in their job function, and no more.
Authentication
Authentication is the process by which people prove they are who they say they
are. It’s composed of two parts: a public statement of identity (usually in the form
of a username) combined with a private response to a challenge (such as
a password). The secret response to the authentication challenge can be based on
one or more factors—something you know (a secret word, number, or passphrase
for example), something you have (such as a smartcard, ID tag, or code
generator), or something you are (like a biometric factor like a fingerprint or
retinal print). A password by itself, which is a means of identifying yourself
through something only you should know (and today’s most common form of
challenge response), is an example of single-factor authentication. This is not
considered to be a strong authentication method, because a password can be
intercepted or stolen in a variety of ways—for example, passwords are frequently
written down or shared with others, they can be captured from the system or the
network, and they are often weak and easy to guess.
Imagine if you could only identify your friends by being handed a previously
agreed secret phrase on a piece of paper instead of by looking at them or hearing
their voice. How reliable would that be? This type of identification is often
portrayed in spy movies, where a secret agent uses a password to impersonate
someone the victim is supposed to meet but has never seen. This trick works
precisely because it is so fallible—the password is the only means of identifying
the individual. Passwords are just not a good way of authenticating someone.
Unfortunately, password-based authentication was the easiest type to implement
in the early days of computing, and the model has persisted to this day.
Other single-factor authentication methods are better than passwords. Tokens
and smart cards are better than passwords because they must be in the physical
possession of the user. Biometrics, which use a sensor or scanner to identify
unique features of individual body parts, are better than passwords because they
can’t be shared—the user must be present to log in. However, there are ways to
defeat these methods. Tokens and card ...
In cryptanalysis and computer security, password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system.
a)In the words of Snowden properly Imlemented strong crypto system.pdfaoneonlinestore1
a)In the words of Snowden \"properly Imlemented strong crypto systems are one of the few
things that you can rely on.\" By strong crypto he meant Public Key Cryptography(one key is
public and other key is private) like RSA. The 2nd part is implementation which again comes on
human being.Also public key system require that users authenticate each public key before they
use them.Users must keep their local system physically secure and protect the private
key.Finally, it is as good as pass phrase chosen by the user. If somehow Keys are disclosed the
data is no more safe.
b)Identification occurs when you type your username into a login screen because you have
claimed to be that person, while authentication occurs after you have typed in a password and hit
the \'login\' button, at which time the validity you claim to the username is determined. Many
studies have shown that users tend to choose short and guessable passwords, this makes them
vulnerable to attacks. Other ways of stealing the password is using keylogger software where
keystrokes are recorded, users can be fooled by phishing mails, users fail to change password
from time to time even when instructed to, users choose same password for multiple systems.
c)There can be many cases where access control can be compromised- Not locking down
workstations or laptops, not keeping extra security measures on portable devices in case of theft
or you lose them, logging on remote system through open/unencrypted wireless network etc
It is very difficult to remember so many passwords and check all security measures all the time
for human beings. There are people out there who has laid all traps and waiting to steal
information and data. Humans will always be the weakest link in any security system as we are
not designed to act like machine.
Solution
a)In the words of Snowden \"properly Imlemented strong crypto systems are one of the few
things that you can rely on.\" By strong crypto he meant Public Key Cryptography(one key is
public and other key is private) like RSA. The 2nd part is implementation which again comes on
human being.Also public key system require that users authenticate each public key before they
use them.Users must keep their local system physically secure and protect the private
key.Finally, it is as good as pass phrase chosen by the user. If somehow Keys are disclosed the
data is no more safe.
b)Identification occurs when you type your username into a login screen because you have
claimed to be that person, while authentication occurs after you have typed in a password and hit
the \'login\' button, at which time the validity you claim to the username is determined. Many
studies have shown that users tend to choose short and guessable passwords, this makes them
vulnerable to attacks. Other ways of stealing the password is using keylogger software where
keystrokes are recorded, users can be fooled by phishing mails, users fail to change password
from time to time even when instructed .
This paper was published in college journal titled as - "Ethical Hacking: Issues and Types of Hackers"
this paper is all about what is ethical hacking? how it becomes compulsory of IT company? what are the types of hackers?
This paper was presented in National Conference on Emerging Issues on Information Technology in Management
Presentation and speaking notes on a practical approach for privacy protection designed for academic researchers, but open to all working on research, human rights, charities etc.
Strategy and threat modelling
5 Tactics (Go Offline, Technological solutions, Chaos, Transparency, Limitation)
The Challenges
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
It is up to law firms to protect both themselves and their clients with security measures that keep up with increasing risk. The firm can’t risk losing the trust of its clients. Here are some important ways that individual lawyers, and their firms, can improve the security of the information entrusted to them.
Law firms need to stay sharp because corporate security is getting harder,not easier. At the same time, companies are starting to recognize that information security is a fundamental business issue—one that demands an increased focus on cyber resilience, not just security. The reason is simple: criminals and state-sponsored attackers are targeting intellectual property, customer information, and avenues for business disruption. That makes law firms an ideal target.
To learn how you can locate and get a more complete picture of people and businesses across the U.S., visit http://www.lexisnexis.com/publicrecords.
For more topics that are transforming the legal industry,
visit http://www.thisisreallaw.com.
I published a paper on "Ethical Hacking And Hacking Attacks". The purpose of the paper is to tell that what is hacking, who are hackers, their types and some hacking attacks performed by them. In the paper I also discussed that how these attacks are performed.
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
IT security, hackers,IT security and risks and safe guards, password, how to create password, bio-metric authentication , virus , antivirus software ,how to safe a devices from virus.types of viruses
In responding to your peers’ posts, assess your peers’ recommendatio.docxmecklenburgstrelitzh
In responding to your peers’ posts, assess your peers’ recommendations and discuss whether additional modifications are needed. BUT respond according to the post if need be.
1.Nice post on the role of the cryptographic algorithm.
One good thing you need to be aware is the fact that these algorithms can be utilized in a way to strengthen organizations existing plan by providing an additional layer of prevention especially as it relates to network security, but as Olzak (2012) notes, before looking at when and what to encrypt, it is important to understand where encryption fits in the overall security controls architecture. In your own view, do you think that encryption adds additional overhead and cost to the data process?
2.(CH)The Role that most cryptographic algorithms play is pretty essential to big organizations
and most computer users. When using the internet on a daily basis its main objective is to keep your system secure and keep information private from other users. There are many Cryptographic algorithms, that have specific purposes on how they are implemented. One of the most common algorithms is RSA ( Rivest-Shamir-Adleman) mostly common known as asymmetric cryptography. The way it works is it uses one private key and one public key (which is everyone is able to Access). While both keys are able to encrypt the message, the way to decrypt it is by using the opposite key you used from the beginning. This particular algorithm can be used to strengthen and organization's existing plan by adding confidentiality and authenticity to secure a stable connection over the network the organization uses at hand. One of the other main encryptions used by Organizations is symmetric algorithms which converts plaintext data into indecipherable text using only one single key. These Type of algorithms provide a quick and simple solution, although it may be quick but if a third party accesses the key it easily decrypts the message, almost making the algorithm one the most accessible for third parties to obtain.
3.
Cryptographic algorithms are sequences of processes, or rules
, used to encipher and decipher messages in a cryptographic system
(What are Cryptographic Algorithms?, 2017).
These algorithms protect data of an organization.
Many algorithms use encryption and decryption to help secure communications.
Encryption converts plain-text into cipher-text and decryption converts cipher-text into plain-text.
There are various cryptographic algorithms and they mostly fit into the symmetric or asymmetric category.
These algorithms have been used for many years to strengthen an organization.
For an organization, these algorithms protect data so that unwanted people can’t access it.
In other words, it provides authentication.
Making sure only access is granted by those authorized and limiting the amount of people that can access the data.
In addition, cryptographic algorithms make sure a company prote.
Assignment User FrustrationThe quality of the user experience i.docxlynettearnold46882
Assignment: User Frustration
The quality of the user experience is very important to the success of an application. In the early days of computing, users often experienced long delays since computing power was poor and networks had comparatively slow throughput. Modern systems have largely eliminated these delays due to increased network and computing power, yet users still report a high level of frustration.
Write a four to five (4-5) page paper in which you:
Describe three (3) reasons users are still frustrated with modern applications.
Suggest one (1) method for reducing the frustrations for each of the reasons you supplied in Question one (1).
Describe methods for determining if user frustration is caused by poor system design or from the natural frustration associated with learning a new software product.
Suggest at least three (3) methods to reduce the frustrations among the disabled population and how this population can be better served.
Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
The specific course learning outcomes associated with this assignment are:
Describe the inherent design issues across HCI environments.
Explain the use of interaction devices.
Use technology and information resources to research issues in human-computer interaction.
Write clearly and concisely about HCI topics using proper writing mechanics and technical style conventions.
.
Assignment Upstream Approaches to Canadian Population HealthAlt.docxlynettearnold46882
Assignment: Upstream Approaches to Canadian Population Health
Although Canada is contiguous to the United States and has some cultural and historical similarities, Canada’s population enjoys a vastly superior health status. Reasons are many, can be traced historically, and are related to a different view of the role of government. The experience of Canada demonstrates that neither a heterogeneous population, nor a health system that has waiting lines for services, are reasons for poor health. By looking critically at what produces good health in Canada, much can be learned about steps the U.S. might need to take if population health is its goal.
The Canadian Best Practices Portal challenges Canadian public health practitioners and researchers to create upstream interventions aimed at the source of a population health problem or benefit. What is being done to address the influences on population health in Canada?
To prepare
for this Assignment, review your Learning Resources. Search the Internet and scholarly research for examples of Canadian “upstream interventions” that can be put forth as examples of either effective or ineffective efforts to improve population health.
The Assignment (2–4 pages):
Provide a description of an existing intervention in Canada, intended to improve health inequities. Include an explanation of the inequity and how the intervention targets upstream determinants of health.
Describe the organizations involved and/or social policies enacted in the implementation of the intervention.
Explain whether or not the intervention was/is successful and what lessons public health practitioners can learn from that experience that might improve population health in the United States.
Expand on your insights utilizing the Learning Resources.
Use APA formatting for your Assignment and to cite your resources.
.
More Related Content
Similar to DIGITAL FORENSIC 25In this chapter, youll learn more about.docx
This paper was published in college journal titled as - "Ethical Hacking: Issues and Types of Hackers"
this paper is all about what is ethical hacking? how it becomes compulsory of IT company? what are the types of hackers?
This paper was presented in National Conference on Emerging Issues on Information Technology in Management
Presentation and speaking notes on a practical approach for privacy protection designed for academic researchers, but open to all working on research, human rights, charities etc.
Strategy and threat modelling
5 Tactics (Go Offline, Technological solutions, Chaos, Transparency, Limitation)
The Challenges
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
It is up to law firms to protect both themselves and their clients with security measures that keep up with increasing risk. The firm can’t risk losing the trust of its clients. Here are some important ways that individual lawyers, and their firms, can improve the security of the information entrusted to them.
Law firms need to stay sharp because corporate security is getting harder,not easier. At the same time, companies are starting to recognize that information security is a fundamental business issue—one that demands an increased focus on cyber resilience, not just security. The reason is simple: criminals and state-sponsored attackers are targeting intellectual property, customer information, and avenues for business disruption. That makes law firms an ideal target.
To learn how you can locate and get a more complete picture of people and businesses across the U.S., visit http://www.lexisnexis.com/publicrecords.
For more topics that are transforming the legal industry,
visit http://www.thisisreallaw.com.
I published a paper on "Ethical Hacking And Hacking Attacks". The purpose of the paper is to tell that what is hacking, who are hackers, their types and some hacking attacks performed by them. In the paper I also discussed that how these attacks are performed.
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
IT security, hackers,IT security and risks and safe guards, password, how to create password, bio-metric authentication , virus , antivirus software ,how to safe a devices from virus.types of viruses
In responding to your peers’ posts, assess your peers’ recommendatio.docxmecklenburgstrelitzh
In responding to your peers’ posts, assess your peers’ recommendations and discuss whether additional modifications are needed. BUT respond according to the post if need be.
1.Nice post on the role of the cryptographic algorithm.
One good thing you need to be aware is the fact that these algorithms can be utilized in a way to strengthen organizations existing plan by providing an additional layer of prevention especially as it relates to network security, but as Olzak (2012) notes, before looking at when and what to encrypt, it is important to understand where encryption fits in the overall security controls architecture. In your own view, do you think that encryption adds additional overhead and cost to the data process?
2.(CH)The Role that most cryptographic algorithms play is pretty essential to big organizations
and most computer users. When using the internet on a daily basis its main objective is to keep your system secure and keep information private from other users. There are many Cryptographic algorithms, that have specific purposes on how they are implemented. One of the most common algorithms is RSA ( Rivest-Shamir-Adleman) mostly common known as asymmetric cryptography. The way it works is it uses one private key and one public key (which is everyone is able to Access). While both keys are able to encrypt the message, the way to decrypt it is by using the opposite key you used from the beginning. This particular algorithm can be used to strengthen and organization's existing plan by adding confidentiality and authenticity to secure a stable connection over the network the organization uses at hand. One of the other main encryptions used by Organizations is symmetric algorithms which converts plaintext data into indecipherable text using only one single key. These Type of algorithms provide a quick and simple solution, although it may be quick but if a third party accesses the key it easily decrypts the message, almost making the algorithm one the most accessible for third parties to obtain.
3.
Cryptographic algorithms are sequences of processes, or rules
, used to encipher and decipher messages in a cryptographic system
(What are Cryptographic Algorithms?, 2017).
These algorithms protect data of an organization.
Many algorithms use encryption and decryption to help secure communications.
Encryption converts plain-text into cipher-text and decryption converts cipher-text into plain-text.
There are various cryptographic algorithms and they mostly fit into the symmetric or asymmetric category.
These algorithms have been used for many years to strengthen an organization.
For an organization, these algorithms protect data so that unwanted people can’t access it.
In other words, it provides authentication.
Making sure only access is granted by those authorized and limiting the amount of people that can access the data.
In addition, cryptographic algorithms make sure a company prote.
Assignment User FrustrationThe quality of the user experience i.docxlynettearnold46882
Assignment: User Frustration
The quality of the user experience is very important to the success of an application. In the early days of computing, users often experienced long delays since computing power was poor and networks had comparatively slow throughput. Modern systems have largely eliminated these delays due to increased network and computing power, yet users still report a high level of frustration.
Write a four to five (4-5) page paper in which you:
Describe three (3) reasons users are still frustrated with modern applications.
Suggest one (1) method for reducing the frustrations for each of the reasons you supplied in Question one (1).
Describe methods for determining if user frustration is caused by poor system design or from the natural frustration associated with learning a new software product.
Suggest at least three (3) methods to reduce the frustrations among the disabled population and how this population can be better served.
Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
The specific course learning outcomes associated with this assignment are:
Describe the inherent design issues across HCI environments.
Explain the use of interaction devices.
Use technology and information resources to research issues in human-computer interaction.
Write clearly and concisely about HCI topics using proper writing mechanics and technical style conventions.
.
Assignment Upstream Approaches to Canadian Population HealthAlt.docxlynettearnold46882
Assignment: Upstream Approaches to Canadian Population Health
Although Canada is contiguous to the United States and has some cultural and historical similarities, Canada’s population enjoys a vastly superior health status. Reasons are many, can be traced historically, and are related to a different view of the role of government. The experience of Canada demonstrates that neither a heterogeneous population, nor a health system that has waiting lines for services, are reasons for poor health. By looking critically at what produces good health in Canada, much can be learned about steps the U.S. might need to take if population health is its goal.
The Canadian Best Practices Portal challenges Canadian public health practitioners and researchers to create upstream interventions aimed at the source of a population health problem or benefit. What is being done to address the influences on population health in Canada?
To prepare
for this Assignment, review your Learning Resources. Search the Internet and scholarly research for examples of Canadian “upstream interventions” that can be put forth as examples of either effective or ineffective efforts to improve population health.
The Assignment (2–4 pages):
Provide a description of an existing intervention in Canada, intended to improve health inequities. Include an explanation of the inequity and how the intervention targets upstream determinants of health.
Describe the organizations involved and/or social policies enacted in the implementation of the intervention.
Explain whether or not the intervention was/is successful and what lessons public health practitioners can learn from that experience that might improve population health in the United States.
Expand on your insights utilizing the Learning Resources.
Use APA formatting for your Assignment and to cite your resources.
.
Assignment Type up an essay on one of two prompts and submit the .docxlynettearnold46882
Assignment:
Type up an essay on one of two prompts and submit the final draft online.
Choose
only
one
topic:
1.
Symbols are important in Fahrenheit 451. Identify 3 symbols and analyze their references and meanings throughout the novel.
2.
Illustrate how each of Montag's three mentors - a new mentor for each part of the novel - help to spur Montag's ideological progression.
This is the final draft of your individual research paper essay.
1.
Essay must be 7-8 pages typed, not including the works cited page.
2.
Essay must follow MLA format.
3.
Research must include a minimum of 8 sources, 4 of which must be from Library Databases: Proquest, CQ Researcher, Infotrac, Opposing Viewpoints, etc.
4.
Essay must have a complete Works Cited page that cross references correctly to all in-text citations.
Note:
Please submit your document with YOUR last name first. (Example:
Schilf-Research-Paper-Final-Draft.pdf
)
Format:
Follow the BASIC OUTLINE TEMPLATE ( i have already done this part and attached pictures)
A.
Introduction
: Type up an Introduction with an opening strategy (OS) that grabs the readers attention using a story based example (PE, OPE, HYPO, CS, or HYPO/COMBO) that also supports your chosen topic. End the Intro with the Thesis Statement. (Limit 1 to 2 paragraphs)
B.
Body
: Present the analysis position through 3 topic points. Type up the topic sentence and bullet point the evidence (in this case, only quotes from the primary source material). A minimum of 3 quotes for support are needed for each topic point. Ideally, you provide 4 or 5 supporting quotes
C.
Quoting
: Avoid long quotes. Instead, be concise with quoting. You want quotes that are short, dynamic, and memorable. You will still need to set up quotes with a signal phrase that sets up the context of the quote.
D.
Analysis
: Never assume that the quote itself is self-explanatory. You must respond to each quote with your Original Voice (ROV) to illustrate, explain, compare, contrast, identify, analyze, etc. Do not simply restate the quote in your own words. Your response needs to go deeper.
F.
Conclusion
: Type up a Conclusion that revisits the opening strategy story based example. (Limit to 1 paragraph)
G.
Format
: Essay must follow MLA format with a Works Cited page that cross references correctly to all in-text citations.
H.
Length
: Essay should be 3 to 4 pages typed.
Note:
Please submit your document with YOUR last name first. (Example:
Schilf-Fahrenheit-451-Final-Essay.pdf
)
.
Assignment Type:
Individual Project
Deliverable Length:
8–10 slides
Points Possible:
150
Management utilities can be vendor-specific or vendor-neutral. There are many utilities that are
available to provide a proactive approach to monitoring each node of the cluster.
Submit a PowerPoint presentation of 8–10 slides that includes the following:
• Identify 1 vendor-specific server-monitoring utility.
• Identify 1 vendor-neutral monitoring utility.
• In your presentation, list advantages and disadvantages of using one or the other.
Your answer should clearly identify what notification and management interfaces each utility has
available (i.e., e-mail enabled, management console, Web-based)
.
Assignment Type Individual discussion Board; 450 – 550 word.docxlynettearnold46882
Assignment Type
: Individual d
iscussion Board;
450 – 550 words
Leadership varies widely by culture and personality. An international organization with locations in several countries must balance the local customs and cultures with those of the primary culture of the organizations’ headquarters. Using the USA as the headquarters, pick two other countries that might be part of a international internet retail organization and research and discuss the differences that leaders would have to navigate in approach and adapting to different standards of behavior and culture within the countries.
Grading criteria: students are graded on the quality and originality of their posts and responses, not the quantity. Responses should indicate the dilemma that leaders will face in working in cultures where values and leadership styles vary widely from those of the US. Examples may include the use of payments for access, the difficulty that women might experience in dealing with a patriarchal country or other theoretically sound differences in leadership
.
Assignment Two UNIT 2Student Name _______________________.docxlynettearnold46882
Assignment Two UNIT 2
Student Name: ______________________________________________
(Your NAME must be exactly as it is on the roll in e campus and in WEBCOM2)
Your Section Number _____________ (you must enter your section number)
The Unit 2 Assignment 2: Unit Two in the Textbook. ONLINE HUMA 1315send this to professor through WEBCOM 2
DIRECTIONS: The assignment is in WORD. Save the document to your computer and write your answers in the spaces given. You may change the spacing as needed. You are also asked to just write what your thoughts are and what you think such as your own opinion for some answers for some questions.
NOTE: Turn in assignments using WEBCOM2 Internal Messages found under MENU in the top left corner of the site. You may either attach your Word file or copy and paste your entire submission in the message box. Be thorough in your answers. You should use the Textbook, Essential Humanitiesthird edition and/or the Study Guide. The Study Guide is not mandatory; however, it is there for your enrichment. The Study Guide is in WEBCOM 2 in the tab labeled Student Resources. You may also want to use additional information for any assignments from the Internet. If you do, please remember to cite your source at the end of your answer. If you add additional information from the Internet, this is great, but you must cite sources. This applies to photos as well. (Remember that SLO and ULO are for evaluator and for this course to be certified and you do not have to do anything with them. However, they show that the assignments are aligned with the text, WEBCOM 2 and with the test questions.)
When completing your assignment questions, you should use the text for your answers. You may also want to look at the WEBCOM 2 website and the PowerPoints related to the great artists and individuals mentioned in Unit II, and the colored timeline. The timeline shows historical periods. These are available in the Student Resources’ tab. Do not worry about timeline dates being exact. Different sources give different dates depending upon who wrote the timeline. Dates also overlap with time periods, so dates are sometimes given as “approximate dates”. Subject in a question means what it is about. Answer all the following questions:
1. Explain what makes Giotto an important artist and why many historians consider him important in history?
Why is Giotto considered a “transitional” artist? (SLO2: ULO 2.3)
(EXPLAIN WHAT MAKES HIS WORK SIGNIFICANT IN YOUR TWO ANSWERS FOR #1)
2. Distinguish what subject matter the artist, Johannes Vermeer painted during the Baroque Period in Holland? Refer to textbook appendix for visuals.(SLO 1: ULO 1:3; SLO 2, ULO 2.2) You should also write about what you think about his paintings.
EXPLAIN WHAT HIS PAINTING WERE ABOUT SUCH AS WHAT WAS IN HIS PAINTINGS?
3. Pieter Brueghel’s work is unique for his time. Examine the cultural heritage of the people in his paintings. Refer to textbook appendix for visual.
Assignment Two Select a college or university and provide th.docxlynettearnold46882
Assignment Two
Select a college or university and provide the information listed below for the university.
History of the Institution
Mission Statement
Accreditation Status of the Institution
Institutions Goals and Objectives
.
Assignment Two
Objectives
• Understand how the AVL tree works
• Give you further practice with C and data structures
Admin
Marks 10 marks, excluding bonus marks. Marking is based on the correctness and
efficiency of your code. Your code must be well commented.
Group? This assignment is completed individually.
Due Time 23:59:59 pm on Sunday 31 March 2019. 23:59:59 pm on Wed 3 April 2019
Late Submissions Late submissions will not be accepted!
In this assignment, you will implement AVL tree and a set of functions associated with AVL
tree. For simplicity, we make the following assumptions:
1. Each item of an AVL tree contains an integer key and an integer value.
2. No AVL tree contains duplicate items. Two items (k1, v1) and (k2, v2) are duplicates
iff k1=k2 and v1=v2 hold.
3. An AVL tree may contains multiple items with the same key and the number of
duplicate keys is a constant.
A template file named MyAVLTree.c is provided. MyAVLTree.c contains the type definitions of
AVL tree and AVL tree node as well as some basic functions. You can add your own helper
functions and auxiliary data structures for better performance in terms of time complexity.
You need to implement the following functions:
1. AVLTree *CreateAVLTree(const char *filename). This function creates an AVL tree by
reading all the items from a text file or from the standard input (keyboard)
depending on the argument filename. If filename is “stdin”, this function will read all
the items from the standard input. Otherwise, it will read all the items from a text
file with filename as its full path name. (2 marks)
An input text file contains zero or more items where each item is of the form (key,
value). Any characters such as white space between two adjacent items are ignored.
For example, the following sample file contains 10 items:
(2, 50) (4, 30) (9, 30) (10, 400) (-5, -40)
(7, 20) (19, 200) (20, 50) (-18, -200) (-2, 29)
Similarly, when reading from the standard input, each input line may have zero or
more items, separated by one or more white space characters. An empty line
indicates the end of input.
In case of an error in the input, this function will print the error and your program
terminates.
You may assume that the input does not contain duplicate items and thus this
function does not need to check for duplicate items.
The time complexity of this function cannot be higher than O(n logn), where n is the
size of the resulting AVL tree. If your time complexity is higher, you will get 0 mark
for this function. You may assume that each call to a C built-in function takes O(1)
time.
2. AVLTree *CloneAVLTree(AVLTree *T). This function creates an identical copy (clone)
of the input AVL tree T, and returns a pointer to the clone tree. (1 mark)
The time complexity of this function cannot be higher than O(n), where n is the size
of T. If your time complexity is high.
Assignment Topic Exploration and Analysis (Proposal)In Week 6 o.docxlynettearnold46882
Assignment: Topic Exploration and Analysis (Proposal)
In Week 6 of this course, you will submit an 8-page research paper (Final Project) in which you are required to:
Analyze an important social change movement of the
pre-modern era
(pre-1945).
Analyze an important social change movement of the
modern era
(post 1945).
Compare and contrast both movements.
Analyze and explain the leadership structure of both movements. Who led these social change efforts? Was it an individual or a collective effort? What prompted individuals to become leaders of the movements?
Analyze how the movements parallel or complement each other.
Evaluate the success of these movements in promoting social change.
This week, as part of the Final Project writing process, you will complete a Topic Exploration and Analysis (Proposal). In this proposal, you will select your research topics (the two social change movements), create a beginning outline of what you plan to cover in the Final Project, provide a short summary of your initial research findings, and provide an initial bibliography.
In preparation:
Review the Final Project Guidelines document, located in this week’s Learning Resources.
Select and begin to research a social change movement pertinent to the
pre-modern era
(pre-1945). For ideas, look at content contained in Weeks 1–3 of this course. Pay particular attention to the selection of readings in the course text for each of these weeks.
Select and begin to research one of the following social change movements pertinent to the
modern era
(post 1945):
African American civil rights movement
Chicano movement
American Indian or ”Red Power” movement
Women’s rights movement
LGBTQ (lesbian, gay, bisexual, transgender, and queer) rights movement
Disability rights movement
Maintain a listing of scholarly resources that you locate and are using. The Walden Library provides a rich selection of material. Keep in mind that websites are generally not considered sources of scholarly material.
Note:
In your initial research this week, look at the historical background of each issue, the leadership structure in each movement, examples of specific changes that resulted related to each movement, and challenges the movement faced or is still facing. Consider the impact, successes, and failures of each movement.
The Assignment
Write a 1- to 2-page essay that includes:
Identification of the two social movements you will address in your Final Project
A brief outline of what you plan to cover in the paper
A short summary of your initial research findings
A bibliography of resources you used
.
Assignment To consider three sources about the Fall of Rome and w.docxlynettearnold46882
Assignment:
To consider three sources about the Fall of Rome and write an analytical essay.
Purpose:
To demonstrate proficiency in integrating historical sources and producing a well-informed analytical essay.
Part 1:
Research
Examine three sources:
1.
The textbook explanation concerning the decline and fall of Rome (chapter 7).
2.
The class presentation lecture on the Roman Empire.
3.
An article on the subject (“Friends, Romans, Countrymen” – see the Reading & Study link).
Write a 1,000–1,300-word essay concerning the decline and fall of the Roman Empire.
The paper should have a clear thesis statement, located at the end of the introduction.
The paper should cover the following:
1.
The various viewpoints given in the three sources (focus on the viewpoints you agree with)
2.
The variables involved (social, economic, military, etc.).
3.
Lessons the United States (our people and our government) can learn from Rome’s decline and fall.
4.
Similarities between the actions and attitudes of ancient Rome in their decline and fall and our American society today
Be careful that you use only the three sources provided. Use of other sources will be penalized.Textbook:
Perry, M., Chase, M., Jacob, J. R., Jacob, M. C., & Von Laue, T. H. (2013).
Western civilization: Ideas, politics, and society
(10th ed.). Boston: Wadsworth, Cengage Learning. ISBN: 9781111831707.
Williams, S., & Friell, G. (1994). Friends, romans or countrymen? barbarians in the empire.
History Today,
44
(7), 34.
http://bb7.liberty.edu/bbcswebdav/pid-22815357-dt-content-rid-159718173_1/xid-159718173_1
.
Assignment topic Rapid Influenza Testing in Children and Adult.docxlynettearnold46882
Assignment topic : Rapid Influenza Testing in Children and Adults.
When seeking to identify a patient’s health condition, advanced practice nurses can use a diverse selection of diagnostic tests and assessment tools; however, different factors affect the validity and reliability of the results produced by these tests or tools. Nurses must be aware of these factors in order to select the most appropriate test or tool and to accurately interpret the results.
Not only do these diagnostic tests affect adults, body measurements can provide a general picture of whether a child is receiving adequate nutrition or is at risk for health issues. These data, however, are just one aspect to be considered. Lifestyle, family history, and culture—among other factors—are also relevant. That said, gathering and communicating this information can be a delicate process.
For this Assignment, you will consider the
validity
and
reliability
of different assessment tools and diagnostic tests. You will explore issues such as
sensitivity,
specificity,
and
positive
and
negative predictive values
. You will also consider examples of children with various weight issues. You will explore how you could effectively gather information and encourage parents and caregivers to be proactive about their children’s health and weight.
To Prepare
· Review this week’s Learning Resources and consider factors that impact the validity and reliability of various assessment tools and diagnostic tests. You also will review examples of pediatric patients and their families as it relates to BMI.
· Search the Library and credible sources for resources explaining the tool or test you were assigned. What is its purpose, how is it conducted, and what information does it gather?
· Also, as you search the library and credible sources, consider what the literature discusses regarding the validity, reliability, sensitivity, specificity, predictive values, ethical dilemmas, and controversies related to the test or tool.
Assignment
(3–4 pages, not including title and reference pages)
:
For the Adult Assessment Tools or Diagnostic Tests:
Include the following:
· A description of how the assessment tool or diagnostic test you were assigned is used in healthcare.
o What is its purpose?
o How is it conducted?
o What information does it gather?
· Based on your research, evaluate the test or the tool’s validity and reliability, and explain any issues with sensitivity, reliability, and predictive values. Include references in appropriate APA formatting.
For the Child :
Include the following:
· An explanation of the health issues and risks that are relevant to the child you were assigned.
· Describe additional information you would need in order to further assess his or her weight-related health.
· Identify and describe any risks and consider what further information you would need to gain a full understanding of the child’s health. Think about how you could gather this infor.
Assignment Topic 1Choose a contemporary painting, sculpture, o.docxlynettearnold46882
Assignment Topic 1
Choose a contemporary painting, sculpture, or piece of art that captures your interest. This should be a piece created between the end of World War II (about 1945) and today. You may choose one of the illustrations or color inserts in the textbook, or try a virtual museum (check the links in this week's My Humanities Kit).
Before you begin writing your post, view the “Closer Look” art critiques from the unit My Humanities Kit resources. Consider what features are discussed in the piece you select. Aim for an evaluation that notes small details in a work, considers the purpose of various elements, and perhaps investigates the artist’s life.
In the post, begin by introducing the piece of contemporary art created between 1945 and present. What is the title? Who created it and when? What is the style? How would you describe it to someone who had not seen it? Finally, explain why viewing this work is a valuable experience. Connect the Unit 5 reading material in your response; include APA formatting.
Student 1
Hello Class and Professor,
For my piece of Art I have chosen Andy Warhol’s painting “Diamond Dust Shoes 1980”. I not only love the colors that are presented in the piece but the meaning to me signifies how many shoes women fill in our daily lives such as a mother, a friend, a lover, a daughter and etc. I fell a since of gratitude when I look at this colorful piece.
Andy Warhol was born in 1928; he left a huge legacy behind when he passed away in 1987 (Janaro & Altshuler, 2012, p. 142). From drawings, paintings and prints to videography, publishing and performance, he produced more than art -- he was essentially his own brand. From haunting black and white self-portraits to Polaroid snapshots of celebrities, many of the photos in the collection later became the inspiration for Warhol's most well-known Pop Art pieces (Janaro & Altshuler, 2012, p. 142).
Warhol's focus on consumer goods and pop-culture icons, as well as his own taste for money and fame, suggest a life in celebration of the very aspects of American culture that his work criticized (A & E Television Networks, 1996-2013). When looking at this piece of work you have a sense of what life is everyday!
Please look at the link provided below to take a look at this peice of Art. (The last reference below)
Margaret
A & E Television Networks, L. (1996-2013). bio.true story. Retrieved from Andy Warhol Biography: http://www.biography.com/people/andy-warhol-9523875?page=2
Student 2
Hello Class and Professor,
For some reason many of the illustrations in our text I cannot view. So I decided to search for contemporary art photos. There were quite a few interesting images but I found a sculpture or performance piece by Rook Floro that really caught my eye. Oddly, there is no title; at least I have not been able to locate one. Parts of this three-dimensional art look like it has some kind of wiry texture. The piece seems to be an imitation of human emotion. .
Assignment TitleAssessment Item 03 Case Study Analysis – Engagi.docxlynettearnold46882
Assignment Title
Assessment Item 03: Case Study Analysis – Engaging and Motivating staff
Length
3000-3500 wordsLearning outcomes
1. Knowledge - Describe and critically discuss key principles and theories of Human Resource Management.
2. Problem Solving Skills - Critically evaluate and synthesize relevant information to solve real world issues associated with Human Resource Management.
3. Change Management - Analyse the role of Human Resource Management in implementing change within a global context.
4. Global Environment - Identify and critically discuss local, global and international workforce trends and assess the implications for human resource managementLecturer Discretion
Lecturers may, at their discretion, ask students to verbally present their assignment submission or rewrite some selected part/s of their answer in a controlled setting.Task Details
Engaging and motivating employees is at the centre of Strategic Human Resource Management (SHRM) practices. It is therefore important to identify the organisational practices that can be used to foster the cognitive, emotional and behavioural qualities that will positively impact on employees and enhance their motivation.
To understand what motivates people to work is essential to this assignment. The focus of the assignment is to identify the motivational theories, the characteristics of a positive work environment and the HR practices that positively influence affective processes (e.g. motivation, commitment, job satisfaction, wellbeing) and behavioural processes (e.g. effort, reduced turnover and absenteeism).
To complete this assignment successfully students at a minimum should:
· Identify the key motivational theories and discuss which of the theories strongly influences employees’ affective processes and behavioural processes.
· Describe the characteristics of a positive work environment and discuss how HR designs jobs to motivate employees.
· Discuss the synthesis of Hackman and Oldham’s (1976) job characteristics and employees’ psychological states in relation to work outcomes, such as intrinsic work motivation, job satisfaction, and high quality work performance.
International Human Resource Management
· Discuss the possible relationship between Maslow’s general components and job characteristics in view of engaging and motivating employees in organisations.
Your assignment must be formatted with heading.
Harvard referencing style must be used.
References
Gallup Consulting 2010, The state of the global workplace: A worldwide study of employee engagement and wellbeing, viewed 20 February 2015
<http://www.gallup.com/services/176300/state-global-workplace.aspx>
Jackson, S & Schuler, R 1995, Understanding Human Resource Management in the context of organisations and their environments, Annual Review of Psychology, vol. 46, pp. 237-264.
Pfeffer, J & Veiga, F 1999, Putting people first for organisational success, Academy of
Management Executive, vol. 13, no. 2, pp.37-48.
Runni.
Assignment Title Knowledge management cycle process in or.docxlynettearnold46882
Assignment Title:
Knowledge management cycle process in organizations and significance communities of practice
Note:
Each question/concept/ topic must be supported with peer reviewed journal references.
Assignment Structure:
Part A.
1.
Provide brief description about knowledge management processes in organizations. (
1 Mark
)
2. Explain the concept of organizational learning and describe the link between individual and organizational leaning. (
2 Marks
)
3. Describe role of organizational culture in knowledge management. (
2 Marks
)
Part B.
1. Describe the concept of community. Describe its key components. (
1 Mark
)
2. Discuss how communities can be linked to organizational memory in order to foster organizational learning and innovation. (
2 Marks
)
3. Highlight some of the key steps you would need to carry out in order to conduct social network analysis of an organization. What sort of questions could the social network analysis answer? (
2 Marks
)
NO plagiarism/ 700 WORDS
.
Assignment Three Technical Descriptions Due March 2 (1155 PM .docxlynettearnold46882
Assignment Three: Technical Descriptions
Due: March 2 (11:55 PM on Moodle)Peer:Feb 29
For this assignment you will either be creating a technical description or an extended technical definition. Officially, an extended technical definition is a microgenre of a technical description, but there are some differences worth noting. Technical descriptions are “longer explanation[s] . . . of the physical or operational features of an object, mechanism, or process”(Markel 534). While technical descriptions include technical definitions, an extended technical definition is slightly different.
An extended definition includes the three parts of a basic sentence definition, “[1] the term being defined, [2] the category in which the term belongs, and [3] the distinguishing features that differentiate it from its category” (Johnson Sheehan 155). It also expands the definition by adding more details of an object, process, or idea (Markel 534). It is divided by adding some (all) of the following: examples, partition, principle of operation, analogy, negation, and etymology (Markel 538 – 541).
Technical descriptions need a title/indication of the nature/scope of what the description will accomplish; an introduction that answers the questions in table 20.1 on page 545; a body with appropriate detail that discusses each step or section with detail, creativity, and clarity; and a conclusion that usually explains how the steps work together or summarizes the main steps. Look at the guidelines on page 547 for writing tips and additional help.
What you choose to do this on is up to you. You are free to choose any object, place, or process (and the definition of these can be pretty loose—think about my spider example). If you want to choose something that interests you, something you currently work with, something from your future workplace, or something else entirely—go for it. If you want to do something out of the ordinary you can always ask me if it’s okay.
Requirements
· The description/definition should be between 600 to 1000 words.
· It should be typed in a serif font.
· It must focus on clear writing that uses creative and technical writing techniques.
· It should be written for an audience similar to Wikipedia.
· It should follow checklist on page 571 – 572.
Green Hospitality: Green Hospitality:
Saving the EnvironmentSaving the Environment
A student Webzine from the International Council
on Hotel, Restaurant, and Institutional Education
for Future Hospitality & Tourism Professionals
Vol. 17 No. 1 • ISSN: 1095-7898 Spring 2008
HOSTEUR
INTERNATIONAL
CHRIE
The Hospitality &
Tourism Educators
Volume 17, No. 1 | Spring/Summer 2008 Issue2 HOSTEURTM
Sustainability Standards for the Hotel Industry............5
by Andrew Moreo
Destination “Green”land - a Look at the Sustainable
Efforts of the Air Travel Industry......................9
by Katie Fontaine
Green Hotels..................................................
Assignment ThreeUNIT 3 – ON LINE CLASSStudent Name __________.docxlynettearnold46882
Assignment Three
UNIT 3 – ON LINE CLASS
Student Name: ______________________________________________
(Name must be exactly as it is on the e campus roll and the same in WEBCOM 2) Turn in assignment through WEBCOM 2 to Professor on time
Your Section Number _____________ (you must enter your section number)
The Unit 3 Assignment 3: Unit Three in the Textbook.
DIRECTIONS: The assignment is in WORD. Save the document to your computer and write your answers in the spaces given. You may change the spacing as needed.
NOTE: Turn in assignments to me through WEBCOM 2 see the place where you send me the assignment. You may either attach your Word file or copy and paste your entire submission. Be thorough in your answers. You should use the Textbook, Essential Humanitiesthird edition and/or the Study Guide. The Study Guide is not mandatory; however, it is there for your enrichment and it is helpful. The Study Guide is in WEBCOM 2 in the tab labeled Student Resources. You may also want to use additional information for any assignments from the Internet. If you do, please remember to cite your source at the end of your answer. If you add additional information from the Internet, this is great, but then be sure to cite your source at the end of your paragraph. You must cite sources. This applies to photos as well.
DIRECTIONS FOR FULL CREDIT: You will need to show how the architectural structure is significant (importance in history and explain its legacy). You should explain how it fits into the historical period and what it reflects about its time and place. Include names of important individuals connected to the construction and especially the name of the architect, if known. Mention the materials used in the construction and include information about how it was built. Also include location. Use full sentences in your answers and be sure to site your answers if you use photos and the internet if you use google. Do not just write in your site that you used google. You must place exact address. Google is too broad of a site for a reference. Thank you
1. List the major time periods in sequential order. The first period is Prehistoric. Then comes Mesopotamia, and then Egypt etc. Under each period, list the minimum of 3 major accomplishments or achievements of that period. See the WEBCOM 2 Resources tab that has the heading timeline and the Textbook Index in front of the textbook for Unit III which lists the periods of time in order
1. Discuss in written statements at least 2 major differences between the Paleolithic Era (Old Stone Age) and the Neolithic Era (New Stone) found during the Prehistoric Period? (Unit 3, Chapter 3). (SLO 3: ULO 3.4).
EXPLAIN ANSWER FULLY USING THE CHART THAT YOU WILL SEE ON A PAGE IN YOUR TEXT
1. Explain how the Sumerian marble statuettes, sculptures, and Queen Puabi’s Harp that were excavated in modern times help us understand how the Sumerian people’s lived and what their beliefs were during the anc.
Assignment title An Evaluation of the Business Strategy at Mc D.docxlynettearnold46882
Assignment title: An Evaluation of the Business Strategy at Mc Donald’s.
Word count: 4242
Student name: Shane Sunil Mohan
Student number: A001753898
Subject name: 9050PROJ
AQF Level: 9
Discipline: Strategic Management
Theme: Critical Evaluation of a Business Strategy
EXECUTIVE SUMMARY
This paper was fundamentally about conducting a research and analyzing the findings on an evaluation of the business strategy at Mc Donald’s. Mc Donald’s establishment is a centralized, international organization which competes in the fast food industry by supplying hamburgers, french fries, and other consumable items using standardization. Substantial expansion and branding as the main driving force. As mentioned previously, operating in an open market in the food chain sector, one of Mc Donald’s major competition would be Wendy’s. These two establishments offer the exact same service which tends to make it difficult for Mc Donald’s to gain market share. With this being said, this report outlines different strategic strategies in which Mc Donald’s can gain competitive advantage against Wendy’s by providing substantial evidence on Mc Donald’s weaknesses and how it can be improved by using the case study method to help assist presenting its findings.
Table of Contents
1.0 Introduction 4
2.0 Literature Review: 5
2.1 Application of the literature to Mc Donald’s 6
2.2 Analysis with respect to Neoclassical microeconomics: 7
2.3 Analysis with respect to Evolutionary economics: 8
3.0 Research Methodology: 9
3.1 Case study method: 9
3.2 Data Collection: 10
3.3 Presentation of findings: 10
3.4 Analyzing the data: 11
4.0 Data Analysis and Reflections 11
4.1 Presentation of data 11
4.2 Reflection on findings and implications: 12
5.0 Conclusion and Recommendations: 14
5.1 Addressing social changes with differentiation strategy: 15
5.2 Recommendation: Improved Promotional Strategy: 16
5.3 Conclusion 16
References 18
1.0 Introduction
With the increase in the trend of globalization and the increasing competition in global markets, companies work day and night to come with effective strategies. Some of the multinational companies are known for the strategies they use and practice. In this paper, two of the companies operating in the United States of America will be discussed and compared along with the suggestion of a competitive strategy for McDonald’s. One of the companies that was researched in this paper name is McDonald's. This company operates internationally while the opposition organization which is Wendy’s also known as a fast food restaurant operates in the United States of America. As far as McDonald's is concerned, McDonald's was established in the year 1940 by Richard and Maurice McDonald, in San Bernardino, California, United States. The organization's business structure depends on three basic axes: representatives, franchisees, and suppliers. This business structure made by the founder of the organization, Ray Kroc, is known as "the three-legged sto.
ASSIGNMENT The student will submit a research project that compares.docxlynettearnold46882
ASSIGNMENT: The student will submit a research project that compares and contrasts two organizations in the same sector (Career Education Corporation and the Apollo Group Inc. or any other that you prefer), including analysis of the following criteria: legal, social, and economic environments; management structure; operational and financial issues; and impact of potential change factors.
1) Student should analyze the basic legal, social, and economic environments of the organization
2) Student should analyze the managerial, operational and financial issues of the organization
3) Student will analyze the impact of potential change factors as they related to the organization.
4) Student should apply appropriate college level writing standard.
the submission should be in APA Format. LENGTH of Paper: 5 Body Pages
.
Assignment Three Case study report – mixed mediaValue 40 .docxlynettearnold46882
Assignment Three: Case study report – mixed media
Value: 40% of the total marks for the unit
Length: 2000 words, or 5-6 minute video, or audio-narrated powerpoint of 10-15 slides, or photo essay supported with 500 words
Due: Week 12
Task description
Attend the event nominated in Assignment 2.
Briefly describe the event – name, date, location and venue, and attendance numbers and demographics.
Describe and critically analyse the positive and negative impacts of the event utilising the principles of sustainability and the triple bottom line approach.
Describe and discuss how the event’s program elements related to the aims and objectives identified in Assignment Two.
Describe and discuss the marketing of the event and how the promoted experience related to the actualisation and attainment of its aims and objectives (include actual audience details – numbers, demographic composition).
Provide recommendations for future activities which clearly identify issues relevant to event management.
The task is a report on the event nominated in Assignment Two that uses the triple bottom line approach to identify and critically analyse - the attainment of the events aims and objectives; the positive and negative economic, environmental, sociocultural impacts of the event; and recommendations which clearly identify issues relevant to the event management.
The evaluation report should use creativity in the approach to the task style.
The assignment may be presented as a 2000 word essay, or a 5-6 minute video, or an audio-narrated powerpoint of 10-15 slides, or a photo essay supported with 500 words. The process for submission of this assessment will depend upon the format chosen and prior negotiation with the tutor is required.
.
Assignment The Nurse Leader as Knowledge WorkerThe term kn.docxlynettearnold46882
Assignment: The Nurse Leader as Knowledge Worker
The term “knowledge worker” was first coined by management consultant and author Peter Drucker in his book,
The Landmarks of Tomorrow
(1959). Drucker defined knowledge workers as high-level workers who apply theoretical and analytical knowledge, acquired through formal training, to develop products and services. Does this sound familiar?
Nurses are very much knowledge workers. What has changed since Drucker’s time are the ways that knowledge can be acquired. The volume of data that can now be generated and the tools used to access this data have evolved significantly in recent years and helped healthcare professionals (among many others) to assume the role of knowledge worker in new and powerful ways.
In this Assignment, you will consider the evolving role of the nurse leader and how this evolution has led nurse leaders to assume the role of knowledge worker. You will prepare a PowerPoint presentation with an infographic (graphic that visually represents information, data, or knowledge. Infographics are intended to present information quickly and clearly.) to educate others on the role of nurse as knowledge worker.
Reference: Drucker, P. (1959).
The landmarks of tomorrow. New York, NY: HarperCollins Publishers.
To Prepare:
Review the concepts of informatics as presented in the Resources.
Reflect on the role of a nurse leader as a knowledge worker.
Consider how knowledge may be informed by data that is collected/accessed.
The Assignment:
Explain the concept of a knowledge worker.
Define and explain nursing informatics and highlight the role of a nurse leader as a knowledge worker.
Develop a simple infographic to help explain these concepts.
Your PowerPoint should Include the hypothetical scenario you originally shared in the Discussion Forum. Include your examination of the data that you could use, how the data might be accessed/collected, and what knowledge might be derived from that data. Be sure to incorporate feedback received from your colleagues’ responses.
.
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
The Indian economy is classified into different sectors to simplify the analysis and understanding of economic activities. For Class 10, it's essential to grasp the sectors of the Indian economy, understand their characteristics, and recognize their importance. This guide will provide detailed notes on the Sectors of the Indian Economy Class 10, using specific long-tail keywords to enhance comprehension.
For more information, visit-www.vavaclasses.com
Ethnobotany and Ethnopharmacology:
Ethnobotany in herbal drug evaluation,
Impact of Ethnobotany in traditional medicine,
New development in herbals,
Bio-prospecting tools for drug discovery,
Role of Ethnopharmacology in drug evaluation,
Reverse Pharmacology.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
This is a presentation by Dada Robert in a Your Skill Boost masterclass organised by the Excellence Foundation for South Sudan (EFSS) on Saturday, the 25th and Sunday, the 26th of May 2024.
He discussed the concept of quality improvement, emphasizing its applicability to various aspects of life, including personal, project, and program improvements. He defined quality as doing the right thing at the right time in the right way to achieve the best possible results and discussed the concept of the "gap" between what we know and what we do, and how this gap represents the areas we need to improve. He explained the scientific approach to quality improvement, which involves systematic performance analysis, testing and learning, and implementing change ideas. He also highlighted the importance of client focus and a team approach to quality improvement.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
How to Split Bills in the Odoo 17 POS ModuleCeline George
Bills have a main role in point of sale procedure. It will help to track sales, handling payments and giving receipts to customers. Bill splitting also has an important role in POS. For example, If some friends come together for dinner and if they want to divide the bill then it is possible by POS bill splitting. This slide will show how to split bills in odoo 17 POS.
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
DIGITAL FORENSIC 25In this chapter, youll learn more about.docx
1. DIGITAL FORENSIC 25
In this chapter, you'll learn more about:
· Encryption basics
· Common encryption practices
· Weaknesses of encryption
· What to do when you find encrypted data
Computer forensics is all about perspective and process. A
forensic investigator's main perspective must be as a neutral
party in all activities. Approach each investigation the same
way, ensuring that it is repeatable and sound. After evidence is
identified and preserved, analyze it to determine its impact on
your case. In many situations, forensic investigators don't have
the authority to disclose any evidence except to authorized
individuals. It all depends on who owns the computer and who
is paying for the investigation. As a forensic investigator, you
need to know how to exercise your authority and access
protected data properly. The two most common controls that
protect data from disclosure are access controls and data
encryption. This chapter covers the most common type of access
control—the password—and the general topic of encryption.
You will learn basic techniques to obtain passwords to gain
access to evidence. You will learn about basic encryption
methods and how to recover encrypted evidence.
Passwords
Computer users must commonly provide a user ID to log on to,
or otherwise access, a system. User IDs identify a specific user
and tell the security subsystem what permissions to grant to that
user. Unfortunately, some computer users attempt to
impersonate other users by fraudulently providing another
person's user ID. By doing so, the impersonator can perform
actions that will point back to the stolen user ID owner's
account when audited. As a forensic investigator, you'll need to
determine the difference between actions taken using a valid
2. user ID and actions conducted by an impersonator using a stolen
or otherwise compromised user ID.
user ID
A string of characters that identifies a user in a computing
environment.
Real word Scenario
Who Are You, Really?
Fred is an enterprising university student who enjoys testing the
limits of his school's computer use policy. The policy clearly
states that users may only use their own user IDs to access the
computer system. If Fred wants to create some mischief on the
university's computer system, he could ignore the policy and
use Mary's user ID to access the system. In effect, he could
pretend to be Mary. With no controls in place to stop him, Fred
could cause many problems and to the untrained eye, it would
appear that Mary was the guilty party. A control is anything that
stands between Fred and his unauthorized actions. In this case,
there actually is at least one control to deter him—the
university's computer use and access policy. The university's
computer use policy is an administrative control. While
administrative controls dictate proper behavior and the penalty
of noncompliance, they don't stop unauthorized actions by those
who are determined to ignore such policies (as in Fred's case).
There is a simple solution. User IDs provide identification for
users. Another piece of information that only the real user
should know provides authentication that the user is who he or
she claims to be. The most common method of authentication is
a password. To authenticate using a password, users provide not
only a user ID, but the proper password as well during login.
The security system then validates that the password provided
matches by comparing it to the stored value for that user ID. If
the two match, the security system authenticates and trusts the
user and allows access to the computer system.
3. password
A string of characters that security systems use to authenticate,
or verify, a user's identity. Security systems compare passwords
a user provides during login to stored values for the user
account. If the value provided (password) matches the stored
value, the security subsystem authenticates the user. Most
operating systems store passwords when users create login
accounts.
There are two main reasons for investigators to crack
passwords. First, you may need a password to log in to a
computer or access a resource. Second, you may need a
password or key to access encrypted data that may be vital to
the success of the investigation.
During an investigation, forensic investigators commonly need
access to one or more computer accounts. When a suspect or
other knowledgeable user cooperates with an investigation,
obtaining a user ID and password can be as easy as asking for
it. Never forget to try the simple approach: When users
cooperate, it can save valuable time. Always ask for any needed
user IDs and passwords. When passwords aren't readily
available, here are three alternative methods to acquire them:
· Find passwords
· Deduce passwords
· Crack passwords
Forensic investigators not only understand what each of these
three techniques is, but know when and how to use each one as
well.
Although passwords are the most common user authentication
technique, they aren't always secure. In the next sections, we'll
examine each password recovery technique and show you how
quickly and easily some passwords can become available.
Finding Passwords
By far, the easiest way to obtain a password is simply to ask
someone who knows the password to provide it to you. If asking
nicely doesn't work, try social engineering. Build trust with a
person who knows information you need to further the
4. investigation. This person could be anyone who knows the
password. The password or other information sought could be as
simple as a phone call away.
For example, you could call and pretend to be a member of the
network administrator team. A simple statement like, "Hi, this
is Tom from network support. Your computer looks like it is
sending out a virus to other computers. I need to log on to stop
it. What is the user ID and password you used to log on this
morning?" Fortunately for the forensic investigator, far too
many people are only too willing (and in fact, often eager) to
help and quickly provide the requested information. Mission
accomplished! When using social engineering techniques to
gather information, experienced forensic investigators will
ensure they have permission to conduct these types of activities
before proceeding. As long as you abide by any applicable
security policies, encouraging a suspect to give you the
information you need is perfectly fine. Law enforcement
officials are good at doing this. Ask them for help, especially if
this is a criminal investigation.
If social engineering isn't an option, or the person who knows
the password won't cooperate, then there are other simple
approaches you can try. There are two basic types of passwords:
those that are easy to remember and those that are hard to
remember. With more people becoming aware of security issues,
passwords now tend to be more secure than in the past. Most
people equate password complexity with security. That is, long,
hard-to-remember passwords appear to be more secure than
simple ones.
Tip
Longer passwords can be less secure than shorter ones.
Passwords that expire frequently can be less secure as well. The
reason is that when a user must use a password that is too hard
to remember, he will often write it down. The hassle of
retrieving a lost password often encourages users to keep sticky
notes with passwords written on them. When encouraging the
5. use of strong passwords, allow users to create ones they can
remember.
Because a password is a string of characters that authenticates a
user's identity, it is important that the user always have access
to the password. The more complex a password is, the more
likely it is that the user has it written down or otherwise
recorded somewhere. Look around the computer for written
notes. It's not uncommon for forensic investigators to find
sticky notes with passwords written on them in plain sight, or in
some cases, even taped to the computer system itself. You'll
find that this phenomenon occurs in a surprisingly large
percentage of the sites you investigate. As a forensic
investigator, you'll become an expert at recognizing common
"hiding places" for password notes, such as:
· On the monitor (front, sides, top, etc.)
· Under the keyboard
· In drawers (look under pencil holders and organizers)
· Attached to the underside of drawers
· Anywhere that is easily accessible from the seat in front of the
computer but not readily visible
· Personal digital assistants (PDAs) and smartphones
· Obvious files on the hard disk (such as passwords.txt)
While this approach may seem too simple and obvious, never
dismiss this important method for finding passwords. Few
people trust their memories for important passwords. There is a
good chance some users you'll be investigating wrote down their
passwords and put them somewhere handy.
Deducing Passwords
So, you've looked all around the physical hardware and desk but
you still can't find the password you are looking for. What next?
Don't worry—there are still other options available to obtain
passwords. In spite of all the common rules for creating
"strong" passwords, many users routinely break the rules. If you
are trying to guess a password, try the obvious ones. The more
the forensic investigator knows about the user, the better the
chances of guessing the password. Try some of these ideas:
6. · User ID
· Birth date
· Social security number
· Home address
· Telephone number
· Spouse/children/friend name
· Pet name
· Favorite team name or mascot
· Common word or name from a hobby
Note
Use this section as a lesson for creating your own passwords.
Because so many people ignore password best practices, take it
upon yourself to be unique. Take the time to create strong
passwords and keep them secure. Passwords can also easily be
secured through the use of password vault programs such as
RoboForm Pro (www.roboform.com).
Although guessing a password is possible, it isn't very
productive in most cases. Don't spend a lot of time trying to
guess a password. This method is most effective if you have a
strong hunch that you will be successful. It may be possible for
forensic investigators to solve password puzzles by piecing
several pieces of information together. People often hide the
real password but leave clues that can help you to guess the
password contents. For example, during an investigation, a note
was found that read "me 4 her -7." After trying several
combinations, we hit on a password that consisted of the
subject's initials, "ajd," and his wife's initials, "rgd." The
password was "ajd4rgd7. (Just in case you're wondering, this
wasn't the actual password—the initials were changed to protect
the innocent!)
Even though you might get lucky occasionally, really
"guessing" a password isn't very common. It looks good in the
movies, but it doesn't happen that often in the real world.
Deduced passwords normally come from piecing several pieces
of information together. For instance, when analyzing a
7. subject's activity, keep track of visited Web sites and locally
protected applications. Cookies for recently visited Web sites
may be left behind that store an unprotected password. People
are creatures of habit and many tend to use the same passwords
repeatedly, so if you find an unprotected password for one
resource, try it in other areas.
As much as it violates good security practices and common
sense, the same password is often used to protect both secured
servers and to subscribe to a Web site's news services. If you
find a password, see if the user also uses it elsewhere.
Note
When poking around and guessing passwords, forensic
investigators might end up locking the resource they are
attempting to access owing to excessive failed logon attempts.
Always make sure you have at least two copies of media. If one
copy is corrupted, you can always make a new working copy
from your second image. You never want to explain to the judge
that you had to check out the original media from the evidence
locker twice because you messed up the first copy.
Up to now, our password discussion has focused on nonspecific
strategies. Finding, guessing, or deducing a password is more of
an art than a science. It involves knowing your subject and
knowing how people think. It might take a lot of homework, but
it is fun and can yield that gold nugget that opens up the
evidence you need.
Cracking Passwords
The last method of obtaining a password is the most technical
and complete. When a password can't be obtained by any other
means, forensic investigators try a process known as password
cracking. Cracking a password involves trying every possible
combination, or every combination in a defined subset, until the
right one is found.
password cracking
Attempting to discover a password by trying multiple options
and continuing until you find a successful match.
8. Different utilities allow forensic investigators to crack
passwords online or offline. These utilities employ several
different methods. Because older UNIX systems stored encoded
passwords in a single file, the /etc/passwd file, several utilities
emerged that tried different combinations of password strings
until they found a match for each line in the file. All forensic
investigators had to do was copy the /etc/passwd file to their
own computer, launch the password cracker, and let it run.
This approach became so popular and dangerous that newer
flavors of UNIX, and now Linux, go to great lengths to hide
encoded passwords in another file. Most UNIX and Linux
systems store passwords in the /etc/shadow file. This file has
highly restricted access permissions and requires super user
permission to access. If you are investigating a computer system
running UNIX or Linux, look at the /etc/passwd file. An x
character between two colons indicates that the actual password
is stored in the shadow file. For example, here is what a line
from the /etc/passwd file looks like if password shadowing is in
use (notice the "x" after the user name, msolomon):
msolomon:x:517:644::/home/msolomon:/bin/bash
Real word Scenario
Tales from the Trenches: The Contract Ends Now!
Several contractors were working at a manufacturing plant in
southern California. These contractors filled various functions,
including project management and application development. The
project goal was to modify a manufacturing software package to
meet the client's specific needs. One morning, the company's
system administrator noticed that his assigned IP address was in
use when he booted his computer. After a couple comments
under his breath, he rebooted again and found that the IP
address was available. He took note of the people who were in
the office that morning and started doing a little investigative
work on his own to find out if anyone was using his IP address.
He found that a particular contractor had installed a common
9. password cracker in his home directory. A further look at the
contractor's history file showed that he had been engaging in
attempts to crack the system's password file.
The system administrator immediately removed the contractor's
access and had him terminated. The company's policy regarding
appropriate use of computing systems forbade any use of
password-cracking software and provided grounds for
immediate termination.
There are many password-cracking utilities available to forensic
investigators. Some commons ones include:
· Cain and Abel (http://www.oxid.it/cain.html)
· Cain and Abel is a free (donation requested) password
recovery utility for Microsoft Windows operating systems that
uses several techniques to find passwords.
· John the Ripper (http://www.openwall.com/john/)
· John the Ripper is an open source password cracker that
reveals weak passwords in most operating systems.
· Hydra (http://freeworld.thc.org/thc-hydra/)
· Hydra is a free, fast network authentication cracker. Hydra can
attack the most common network protocols.
· ElcomSoft (http://www.elcomsoft.com/)
· ElcomSoft produces a variety of commercial software that
recovers passwords from operating systems and application
software.
· LastBit (http://lastbit.com/)
· LastBit produces a variety of commercial software that
recovers passwords from operating systems and application
software.
· L0phtCrack (http://www.l0phtcrack.com/)
· L0phtCrack is a commercial tool that recovers passwords and
more from computers running multiple operating systems.
· RainbowCrack (http://project-rainbowcrack.com/)
· RainbowCrack is a free tool for cracking Linux and Windows
passwords using precomputed hash tables, called rainbow
10. tables.
Anytime passwords are found stored in a file or database,
forensic investigators can use offline password-cracking
techniques. Online password cracking methods are used if the
password repository can't be found or you don't have access to
it (it might reside on another system). Online password cracking
is much slower and may fail more frequently (and for more
reasons) than offline cracking. Online password-cracking
utilities attempt to pass logon credentials to target systems until
it finds a successful user ID/password pair. The number of
attempts that are necessary to find a password is the same as an
offline cracking utility, but the act of passing the logon
credentials to another process requires substantially more time.
If the target computer is remote to the client password-cracking
utility, network propagation further slows the process and adds
to the possibility of failure.
Unauthorized Password Cracking is Illegal
Never attempt to crack passwords unless you have specific, and
written, authority to do so. The person or organization who
owns the computer system can provide the necessary
permission. Without written permission, you may be at risk of
substantial civil and criminal penalties. Ensure that the
permission you receive comes from someone with the authority
to give it to you, is in writing, and is specific about what you
can (and can't) do.
The main reason to crack a password is to obtain password-
protected evidence. Permission to crack a password is obtained
from the computer owner or a court. In cases where the
computer's owner is unwilling to provide permission to crack a
password, a court order will suffice.
Regardless of the type of utility used, there are three basic
approaches, or "attack types," that password-cracking utilities
commonly employ.
11. Dictionary Attack
A dictionary attack is the simplest and fastest attack. The
cracking utility uses potential passwords from a predefined list
of commonly used passwords. The password dictionary stores
the list of passwords. The larger the dictionary, the higher the
probability the utility will succeed (but the longer it will take to
attempt the entire dictionary file). A little research on the
Internet will yield several dictionaries of common passwords.
dictionary attack
An attack that tries different passwords defined in a list, or
database, of password candidates.
An offline dictionary attack calculates hashed values of
passwords from a password dictionary. The utility compares the
hashed value with stored passwords to find a match. Since the
cracking utility spends most of its time calculating hash values,
there is an opportunity to speed up the process. If you plan to
use a password dictionary for several attempts at password
cracking, you can precompute the password hashes from the
password dictionary. These precalculated password hashes, or
rainbow tables, make offline dictionary attack processes much
faster. As a forensic investigator you'll find that passwords are
statistically located halfway through any given process. For
example, if given the choice to choose a password between 1
and 100, 50 percent of people will choose a password below the
number 50 while the other half will choose a password above
50.
The reason this type of attack works so well lies in human
nature. People tend to use common, easy-to-remember
passwords. Most would be surprised to find their favorite
password in a password dictionary. Any passwords found in a
password dictionary are too weak and should be changed.
AccessData's Password Recovery Toolkit offers a great benefit
when used with their FTK software. The investigator exports a
"dictionary" file from FTK and then uses it as the dictionary file
to crack encrypted files found on the suspect hard drives. The
dictionary file is made up of every word found on the suspect
12. hard drive. This enables you to crack a password by using a list
of every word on the suspect computer, potentially including
when the user entered the password (as is the case with a
password that was cached from memory).
Brute Force Attack
On the other end of the spectrum is the brute force attack. A
brute force attack simply attempts every possible password
combination until it finds a match. If the utility attempts to use
every possible combination, it will eventually succeed.
However, the amount of time required depends on the
complexity of the password. The longer the password, the more
time it will take to crack.
Brute force attacks should never be your primary method for
cracking passwords for two reasons. First, brute force attacks
are slow. They can take a substantial amount of investigative
time. Also, the length of the password may not be known. In
this case, the utility will have to try many, many combinations
that won't succeed before finding the right one.
Second, the client, resource server, or authentication credentials
(passwords) may be located on different computers. If so, the
brute force attack will generate a huge volume of network
traffic. Excessive network traffic and multiple failed logon
attempts may make a tangible impact on the network. Unless
you can set up a copy of the suspect network in your lab, you
may not be able to secure permission to launch a brute force
attack.
Hybrid Attack
The final type of attack, the hybrid attack, combines the
dictionary and brute force attack methods. In a hybrid attack,
the utility starts with a dictionary entry and tries various
alternative combinations. For example, if the dictionary entry
were "lord," the hybrid attack utility would look for these
possible alternatives:
· Lord
· l0rd
· 1ord
13. · 10rd
hybrid attack
A modification of the dictionary attack that tries different
permutations of each dictionary entry.
And many, many others. As you can see from this list, it is
common to obscure passwords derived from dictionary words by
replacing the letter "l" with the digit "1," or replacing the letter
"o" with the digit "0." Don't do this with your own passwords.
Even simple cracking utilities know this trick.
Regardless of the type of utility used, there are tools that can
help you get the passwords you need to access evidence.
The next section addresses one of the methods of protecting
data from disclosure—encryption.
Encryption Basics
After they gain access to the file that contain needed evidence,
forensic investigators may well find that the file itself is
unreadable. As computer investigators begin to use more
sophisticated tools, both regular and malicious users are taking
more sophisticated steps to hide information. One method used
to hide information is to modify a message or file in such a way
that only the intended recipient can reconstruct the original.
Note
This chapter does not cover the mathematics behind encryption
in any detail (such a discussion is beyond the scope of this
book).
Cryptography scrambles the contents of a file or message and
makes it unreadable to all but its intended recipient. In the
context of a computer investigation, a forensic investigator is an
unintended recipient. The word cryptography comes from Greek
words krypto, which means "hidden," and graphein, which
means "to write."
cryptography
The science of hiding the true contents of a message from
unintended recipients.
Although cryptography's importance has become more widely
14. acknowledged in recent years, its roots are traced back 5,000
years to ancient Egypt. The Egyptians used hieroglyphics to
document many rituals and procedures. Only specially trained
agents could interpret these early hieroglyphics.
Around 400 B.C., the Spartans used an innovative method to
encrypt, or hide, the meaning of military communication from
unauthorized eyes. They would wrap a strip of parchment
around a stick in a spiral, similar to a barber's pole. The scribe
would write the message on the parchment and then unwind it
from the stick. With the parchment stretched out, the message
was unintelligible. In fact, the only way to read the message, or
decrypt it, was to wrap the parchment around another stick of
the same diameter and equal, or greater, length. The "secrets" to
reading the message were the dimensions of the stick and the
knowledge of how to wrap the parchment. Anyone who
possessed these two components could read the secret message.
encrypt
To obscure the meaning of a message to make it unreadable.
decrypt
To translate an encrypted message back into the original
unencrypted message.
Roman Emperor Julius Caesar was the first to use a
cryptography method, or cipher, similar to the decoder rings
popular as children's trinkets. He used a method called a
substitution cipher, to send secret messages to his military
leaders. This cipher encrypts a message by substituting each
letter of the original message with another letter. A substitution
table provides the static mapping for each letter. For example,
here is a simple Caesar cipher mapping table:
Original:
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Mapped:
DEFGHIJKLMNOPQRSTUVWXYZABC
cipher
An algorithm for encrypting and decrypting.
substitution cipher
15. A cipher that substitutes each character in the original message
with an alternate character to create the encrypted message.
For each character in the original message, read the character
directly below it in the mapped character string. The string
"HELLO" would become "KHOOR."
The recipient decrypts the message by reversing the process.
The recipient translates each letter from the encrypted message
to the original letter by reading the mapping table backward.
The resulting message is identical to the original. One must
possess the translation table to encrypt and decrypt messages
using a simple substitution cipher. The main weakness of the
cipher is the table itself. Anyone who discovers or acquires the
translation table can decrypt messages.
Although the algorithms used in current encryption
implementations are far more complex than the Caesar cipher,
the basic approach and goals are the same. Next, we'll examine
some common encryption practices.
Common Encryption Practices
In general, encryption provides:
· Confidentiality Assurance that only authorized users
can view messages
· Integrity Assurance that only authorized users can
change messages
· Authentication Assurance that users are who they
claim to be
· Nonrepudiation Assurance that a message originated
from the stated source
To a forensic investigator, the most common exposure to
encryption occurs when confronted with encrypted files.
Encryption is becoming more common for hiding file contents.
Though there are other valuable uses for cryptography, such as
securing communication transmissions and authenticating the
originator of a message, they are beyond the scope of this
discussion.
As a forensic investigator, you must understand cryptography
basics and how you should react when you encounter encrypted
16. files.
Usually you'll recognize encrypted files when an attempt to
open a file with a known extension fails. For example, you
might attempt to open an encrypted Microsoft Word document
in Microsoft Word, but you receive an error message instead.
The text of the error message tells you that you need a converter
to read the file. In other words, Microsoft Word doesn't
recognize the contents of the encrypted file.
Another sign of encrypted files is a collection of meaningless
filenames. Many encryption utilities change filenames to hide
the meaning and type of the file.
There are two main types of encryption algorithms. (An
algorithm is the detailed sequence of steps necessary to
accomplish a task.) Each type has strengths and weaknesses, but
they both serve the same function.
· Private key algorithms use the same value to encrypt
and decrypt the original text. Private key algorithms are
sometimes referred to as symmetric key algorithms because the
same key is used to encrypt and decrypt files.
· Public key algorithms (also known as asymmetric key
algorithms) use one value to encrypt the text and another value
to decrypt it. One implementation is to use public and private
key pairs.
Encryption algorithms transform an original message, called
plaintext, into an encrypted message, called ciphertext. The
algorithm also generally provides a method for reversing the
process by translating the ciphertext back into the original
plaintext message. We looked at the Caesar cipher, which is a
substitution cipher, in the previous "Encryption Basics" section.
Another type of cipher is a transposition cipher. For example,
suppose you want to send a message to a particular recipient
that no one else can read. You choose a block transposition
cipher to change the order of the letters in the original message.
First, write the original message in a block with a specific
number of columns. Next, you create the ciphertext by reading
down each column.
17. Transposition cipher
An encryption method in which the positions of plaintext
characters are shifted by a defined number of places to produce
ciphertext. Ciphertext created with a transposition cipher is a
permutation of the plaintext.
Our plaintext message is:
I would like to meet with you in private at pier 42 tonight at
midnight.
Using a block width of 10, you rewrite the message:
iwouldlike
tomeetwith
youinpriva
teatpier42
tonightatm
idnightxxx
You can add specific characters to make the message fill up the
last row.
Next, construct the ciphertext by reading down the columns.
Our encrypted message is:
ityttiwooeodomuannueitiilenpggdtpihhlwrettiiiraxktv4txeha2mx
All you have to do to decrypt the message is to rewrite it in a
block and read the message across the rows. The key to the
process is knowing that the original block used 10 columns.
Once you know the number of columns in the original block,
simply divide the length of the ciphertext, 60, by the number of
columns, 10. This tells you there are six rows in the original
plaintext block. Write the ciphertext in columns using six rows
and you can read the original message.
All algorithms use some type of value to translate the plaintext
to ciphertext. Each algorithm performs steps using the supplied
value to encrypt the data. The special value that the algorithm
uses is the encryption key. Some encryption algorithms use a
single key, while others use more than one. The Caesar cipher
uses a single key value. The key value tells how many positions
to add to the plaintext character to encrypt and the number to
subtract from the ciphertext character to decrypt. As long as the
18. sender and receiver both use the same algorithm and key, the
process works.
encryption key
A code that enables the user to encrypt or decrypt information
when combined with a cipher or algorithm.
Private, or Symmetric, Key Algorithms
The easiest type of encryption to understand and use is the
private key algorithm, also referred to as a symmetric key
algorithm. It is symmetric because the decrypt function is a
simple reversal of the encrypt function. In other words, it looks
the same on both sides. (See Figure 7.1.)
Figure 7.1: Symmetric key algorithm
private key algorithm
An encryption algorithm that uses the same key to encrypt and
decrypt. Also known as symmetric key algorithm.
This type of algorithm is simple, fast, and a frequent choice for
encrypting data. The key and the algorithm are all that is
required to decrypt the file. (Sounds simple doesn't it? And it is,
if you have the key and algorithm.) Although this type of
algorithm is common for encrypting files, it can be more
difficult to use for message encryption. The problem is
managing the encryption key. The key is required to decrypt a
file or message. Plus, you have to find a way to get the key to
the recipient in a secure manner.
If someone is eavesdropping on all communication between you
and your intended recipient, then he or she will likely intercept
the encryption key as well as any encrypted data. With the key,
they will be able to decrypt files at will. For the purposes of
computer forensics, you will more likely find symmetric
algorithm—encrypted files on media. The simple reason for this
is that symmetric algorithms are fast and easy to use. Because
you have only a single key, you don't need to specifically
generate keys and then keep up with multiple values. That
means you need the single key.
19. Note
Don't assume that computer investigators only deal with file
encryption using symmetric keys. You will encounter various
types of encryption and algorithms. Encryption is a discipline in
itself. This section just highlights those issues you are most
likely to encounter.
Key discovery is similar to password discovery. Forensic
investigators need to find, deduce, or crack the encryption to
get to the key. The biggest difference between cracking
passwords and cracking encryption keys is that cracking
encryption keys is usually much harder and takes far longer.
The simple explanation is that the plaintext for a password is
generally limited to a couple dozen characters. The plaintext for
a file could be gigabytes. Cracking the encryption key takes
substantially longer than cracking a password.
Many well-known symmetric encryption algorithms exist. Here
are a few of the more common ones forensic investigators are
likely to encounter:
· Data Encryption Standard (DES)
First published in 1977
Adopted by the U.S. government standard for all data
communications
Uses 56-bit key (plus eight parity bits)
Old and weak by today's standards
· Triple DES (3DES)
More secure than DES
Uses three separate DES encryption cycles
· Blowfish
Stronger alternative to DES
Key size can vary from 32 bits to 448 bits
· Advanced Encryption Standard (AES)
The latest, strongest standard adopted by the U.S. government
after an exhaustive competition among algorithms designs
developed by leading world experts in cryptography
Based on the Rijndael cipher
Key sizes are 128, 192, or 256 bits
20. · Serpent
Came in second place in the AES competition
Similar block sizes and key sizes to AES
· Twofish
Related to the Blowfish algorithm
One of the five finalists in the AES competition
Advanced Encryption Standard (AES) competition
Sponsored by the National Institute for Standards and
Technology (NIST), the AES competition was for an encryption
standard to replace DES. The competition began in 1997 and
culminated with the announcement in 2000 that the winner of
the Advanced Encryption Standard was the Rijndael cipher.
Each algorithm in the previous list can effectively encrypt files.
For more security, use a newer algorithm and a secure key.
Research some of the common encrypt/decrypt utilities and
compare the algorithms they support.
Public, or Asymmetric, Key Algorithms
The other type of encryption algorithm is the public key
algorithm. This type of algorithm is also called asymmetric
because the decrypt process differs from the encrypt process.
An asymmetric encryption algorithm addresses the issue of key
distribution by requiring two keys to complete the encrypt-
decrypt process.
public key algorithm
An encryption algorithm that uses one key to encrypt plaintext
and another key to decrypt ciphertext. Also called asymmetric
algorithm.
The process starts with key generation. The software that
encrypts plaintext will also have a utility to generate keys.
When asked, the user supplies a passcode and the utility uses
the passcode to generate a private key and a public key. This is
called a key pair. Private keys are meant to be secret and should
not be disclosed to anyone. On the other hand, public keys can
be distributed to anyone. The encryption algorithm uses the
private key to encrypt plaintext and the public key to decrypt
resulting ciphertext. (See Figure 7.2.)
21. Figure 7.2: Asymmetric algorithm
passcode
A character string used to authenticate a user ID to perform
some function, such as encryption key management.
The resulting process allows you to encrypt data with your
private key. Anyone who has the public key can decrypt the file
or message. This process lets anyone verify that a file or
message originated from a specific person. If you can decrypt a
file with Fred's public key, Fred had to encrypt it with his
private key. Although this is great for sending messages and
verifying the sender's identity, it doesn't add much value if all
you want to do is encrypt some files.
The most common type of encryption you will run into during
evidence analysis is file encryption. For that reason, we focus
on symmetric key algorithms.
Steganography
Both symmetric and asymmetric encryption algorithms share
one common trait: Encrypted files can be recognized by
examining their contents. The fact that a file has encrypted
content draws attention to its value. A forensic investigator may
want to decrypt a file just because it contains encrypted content
and, therefore, probably contains some data of value or other
evidence.
Encrypt It All!
If you are going to use encryption, then it's generally a good
practice to encrypt everything to avoid drawing attention to
particular encrypted files. As an analogy, if every letter mailed
was written on a post card, and you suddenly found a post card
placed inside of an envelope, you'd want to know why. Placing
the post card in an envelope would draw attention to the fact
that something might be hidden in that message. The same is
true for encrypting files. If forensic investigators find encrypted
files when all other files are unencrypted, they'll want to know
what the user is hiding in the encrypted file.
22. There is another approach. Steganography is the practice of
hiding one message in another, larger message. The original
message, or file, becomes the carrier and the hidden message is
the payload. Large pictures and sound files make good carriers
because the payload can be inserted without changing the
original file in an obvious way. Steganographic utilities insert
payload bytes into the carrier by slightly changing bytes in the
carrier file. If the original data in the carrier separates the
changed bytes by wide enough margin, changes are
unnoticeable. If you change every 100th pixel in a picture by a
single shade of color, the resulting picture appears almost
identical to the original.
Steganography allows users to embed desired data into
seemingly innocent files and messages. A secret message
embedded in a picture file can be sent via e-mail as an
attachment and raise no suspicion. Or better yet, the user can
simply post the picture on a Web site and there won't be a direct
connection between the user and the person they are
communicating with. The ease with which anyone can obtain
steganographic utilities makes covert data communication and
storage easy.
Real World Scenario
Keeping Secrets
Intelligence experts suspect that the terrorists who planned and
carried out the attacks on New York and Washington, D.C. on
September 11, 2001, may have used steganography to
communicate with one another. Investigators suspected the
terrorists of embedding messages in digital pictures and then e-
mailing the pictures (and embedded messages) as attachments to
normal e-mail messages. The messages looked like common e-
mails with attached pictures. The pictures could have been
anything. Nothing was there to provide a clue that the pictures
held secret messages. That is the power of steganography.
23. Detecting steganography is difficult. It can be detected only by
noticing the changes to the carrier file or using statistical
analysis to detect an anomaly. Detecting changes to the carrier
file requires a noticeable difference that you can see or hear.
Statistical analysis depends less on human perception because it
compares the frequency distribution of colors of a picture with
the expected frequency distribution of colors for the file. For
audio carrier files, a statistical analysis utility would use sound
patterns instead of colors.
Another method for detecting steganography is finding
steganographic utilities on a suspect machine. Although the
mere presence of such software doesn't prove steganography is
in use, it certainly provides motivation to look harder for carrier
files with embedded messages. Few people go to the trouble of
acquiring and installing steganographic utilities without using
them.
Here are a few steganographic utilities that you might encounter
in your career as a forensic investigator. Look at several of
these for more information about and examples of how
steganography works:
· Puff
(http://members.fortunecity.it/blackvisionit/PUFFV200.HTM)
The freeware Puff steganography tool runs in Microsoft
Windows and handles many carrier file types.
· Invisible Secrets (www.invisiblesecrets.com) Invisible
Secrets is a full-featured commercial Microsoft Windows
application that makes it easy to hide data in several different
types of carrier files.
· PhilTools Image Steganography
(http://philtools.com/image_steganography/) PhilTools is a
Web site that allows users to submit an image file and a
message. The web site hides the message in the image and
returns the new image to the user. Hidden messages can also be
extracted from a carrier image at this site.
24. Remember that the appeal of steganography is that its very
nature masks the existence of the message. Forensic
investigators can look at a suspect drive and easily overlook
embedded data if they aren't careful. Look for utilities that
create steganographic files. Also, look for files that would make
good carriers. If the circumstantial evidence points to hidden
data, chances are steganography is in use.
Next, let's examine the quality of encryption by considering key
length and key management.
Strengths and Weaknesses of Encryption
Encryption is not a perfect safeguard. With some effort,
forensic investigators can access encrypted data. Encryption is
far from worthless, though. As a forensic investigator, you'll
likely need to access information that is encrypted and break the
encryption algorithms.
Before you're ready to defeat file encryption, you need a better
understanding of the strengths and weaknesses of encryption.
This knowledge will provide a better awareness of where to
start and what steps to take for each unique situation.
Key Length
The length of the encryption key directly relates to the
encryption algorithm's strength. Although there are differences
in the relative strength of each algorithm, the key length choice
has the greatest impact on how secure an encrypted object will
be. Simply put, longer keys provide a larger number of possible
combinations used to encrypt an object.
A key that is 4 bits in length can represent 16 different key
values, because 24 = 16. A key length of 5 bits allows 32 key
values, and so forth. It may be easy to decrypt a file or message
with only 32 different key values. However, larger keys mean
more potential key values.
Some older algorithms approved for export by the U.S.
government used 40-bit keys. These algorithms aren't secure by
today's standards because of their small key length. A 40-bit
key can hold one of 240 values, or 1,099,511,627,776 (1
trillion). Assuming that you have a computer that can make 1.8
25. million comparisons per second, it would take about a week to
evaluate all possible key values.
The Data Encryption Standard (DES) algorithm uses 56-bit
keys. Although DES is too weak for most security uses, it is far
stronger than a 40-bit key algorithm. A DES key can store one
of 256, or 72,057,594,037,927,936 (that is 72 quadrillion)
values. Using the same computer as before, it would take about
1,260 years to evaluate all possible key values.
As key values increase in size, the computing power required to
crack encryption algorithms grows exponentially. At first
glance, it looks like an algorithm with a key length that requires
over 1,000 years to crack is sufficient. Unfortunately, that isn't
the case. Today's supercomputers can evaluate far more than 1.8
million comparisons per second. With parallel-processing
capability, you could realistically create a unit that can crack
DES in a matter of minutes (or even seconds). That is the reason
key lengths are commonly over 100 bits. Longer keys provide
more security by reducing the possibility of using a brute force
attack to discover the encryption key.
Using Amazon to Crack Passwords
In November 2010, an article reported that a security researcher
was able to crack SHA-1 passwords by renting processing
power on Amazon's EC2 cloud computing service:
· http://threatpost.com/en_us/blogs/cloud-makes-short-
work-strong-encryption-111910
Key Management
Because the encryption key is crucial to the encryption process,
it must be protected at all costs. If the key is disclosed, the
encrypted data is no longer secure. Symmetric algorithms use a
single key. The sender and receiver must both posses the key to
encrypt and decrypt the data. For local file encryption, the same
person is likely to encrypt and decrypt the data. The purpose of
encryption in such a case is to protect file contents from any
26. unauthorized access.
As a forensic investigator, you may find encrypted files on both
hard disks and removable media. In fact, suspects with a basic
knowledge of security will often encrypt files before archiving
them to removable media. In many such cases, an encryption
utility is found on the main computer. Look for a stored copy of
the key. Many people keep copies of important information in
ordinary text files. Look for a file with an obvious name (such
as key.txt or enc.txt) or one that contains a single large number
and little else. Personal notes or other personal information
manager files with an unusually large number that seems to
have no other meaning are also great places to look. A forensic
investigator's task in such a situation is similar to finding
passwords.
The next section addresses proper handling of encrypted data by
first identifying encrypted files and then decrypting them to
extract the data.
Handling Encrypted Data
At some point in the investigation, you'll likely encounter
encrypted data. The course of action depends on the particular
type of encryption and the value of the expected evidence once
the data is decrypted. If you suspect the encrypted data holds a
high value for your case, it will warrant more time and effort to
get at that data. Decrypting data can require a substantial effort.
Only pursue that course of action when necessary.
Identifying Encrypted Files
Identifying encrypted files is easy. You try to access a file with
the appropriate application and you end up getting garbage. The
first step you should take in this instance is to find out the type
of file you're dealing with. Most operating systems make
27. assumptions about file types by looking at the file's extension.
For example, a file with the .doc extension is normally a word
processing document, and a file with the .zip extension is
normally a compressed archive file. Never trust extensions. One
way to "hide" files from casual observers is simply to change
their extensions to another file type.
For example, an easy way to hide pictures from standard viewer
applications would be to change the extension from .jpg to .txt.
Any extension would work, but the .txt extension would
represent all such files as text files in most file browser
windows. If an unscrupulous user wants to represent hidden
pictures as another file type, it's simple to use another defined
file extension. Alternatively, an undefined file extension, such
as 'xxx', could be used, but these files would likely attract more
attention.
As a forensic investigator, you need to ensure that you aren't
simply looking at altered file extensions. Always use a file
viewer that looks at both the file extension and the file contents.
Such a utility will notify you if it finds files that use a
nonstandard extension. When you find such files, you may be
dealing with files that someone deliberately hid.
Another telltale sign that you are dealing with encrypted data is
a generated filename. Many encryption utilities have the option
to obscure the filename as they encrypt the plaintext file. It is
harder for a forensic investigator to identify a file named
100455433798.094 than one named My Illegal Activities.doc.
Although many applications generate filenames, any time a
collection of files with obviously generated filenames is found,
the experienced forensic investigator finds out why. They might
be encrypted files.
In summary, if during the course of an investigation, forensic
investigators find files that don't fit their extensions or have
unknown extensions, the investigators should consider them
potentially encrypted. Look at their location in the file system,
and check any path history of file accesses and encryption
utility activity. The file encryption utility might keep track of
28. recent write locations. Take hints wherever you find them.
Decrypting Files
Assume that you have identified one or more encrypted files.
What does the forensic investigator do next? The simple answer
is to crack the encryption. The complete answer is a little more
complex.
Before exhausting an investigative budget on the latest
encryption busting utilities, take the simple approach first. Ask
the suspect. If you haven't found encryption keys written down
or otherwise recorded in obvious places, just ask. If you're
lucky (and you might be), your suspect might provide the keys
voluntarily. If asking doesn't work or you know the suspect is
unlikely to cooperate, use social engineering next. If a suspect
can be convinced to divulge secrets like encryption keys, lots of
time and work can be saved. Only resort to technical means
when you have exhausted all conventional methods of collecting
information.
Note
The suggestion to use social engineering doesn't mean that
forensic investigators should engage in questionable activities.
Make sure all activities are documented and approved before
you engage in social engineering activities. Evidence that the
court deems as inadmissible is worthless to any case.
First, evaluate the type of encryption you see. A common type
of encryption is provided by popular applications. Microsoft
Office and WinZip both provide options to encrypt the contents
of its data files. Although convenient, application-supported
encryption tends to be very weak. There is a wide variety of
utilities that specialize in cracking application encryption
available for use by forensic investigators. Here is a short list of
utilities that help recover file contents of specific file formats:
· Zip Password by LastBit (http://lastbit.com/zippsw/)—
Password recovery utility. Decrypts ZIP/WinZip/pkzip files
· Passware Password Recovery Software
(http://www.lostpassword.com)—Recovers passwords from MS-
29. Office application files
· ElcomSoft password recovery software
(http://www.crackpassword.com)— These products recover
passwords from various application files
Note
Many other utilities are available to help forensic investigators
defeat application-specific file encryption. Their wide
availability should emphasize that such encryption has far less
value than generic file encryption algorithms. In short, don't
rely on any application vendor to provide strong embedded
encryption for your own privacy needs.
After ruling out embedded encryption, forensic investigators
need to move to more sophisticated methods. Always begin by
looking for low-hanging fruit. Let's assume you are looking at
an encrypted document. Find out as much as possible about the
file's context. Here are a few questions to consider:
· Does the file have a defined extension?
Unless you have information to the contrary, assume the file's
extension is valid.
Encrypting a file and then changing the extension to throw off
an investigator is too much work for most people.
· Where is the file located?
File location, especially unusual locations, may give clues to
the originating application.
If you find files stored in unusual locations, check the default
document directories for installed applications. That
information might tell you what application created the file.
· What application(s) likely created the file?
If you know, or suspect, what application created the file, see if
the application uses a cache or temporary files.
Look at deleted files in the application's temporary directory.
Any files here are likely to include pre-encryption data.
· What is the last access time for the file?
Look for any deleted files with access times just prior to the last
access time of the encrypted file. Although good encryption
30. utilities won't leave such obvious traces behind, the application
that generated the file might not be so careful.
· Do installed applications create temporary files during
creation/editing?
Attempt to recover all the files you can. Even the most innocent
ones may be valuable.
· Are there any files in the Recycle Bin?
Don't laugh; it happens!
These questions will get you started. The best outcome from
searching for deleted and unencrypted copies of files is to find a
pristine, unencrypted copy of the one file you need. Although
it's possible to find just what you're looking for, it is more
likely that you will simply find another piece of the puzzle. Any
unencrypted file or file fragment that relates to an encrypted
file will increase chances of successfully decrypting files. Let's
look at a few attack methods to decrypt suspect files.
Real word Scenario
Tales from the Trenches: Opening Encrypted Files
Customers retain computer forensic experts to open encrypted
files from time to time.
One day, Bill, a previous client, contacted me and insisted I
meet with him right away. Naturally, I told him I would be right
over. He said we needed to meet "away from the office" and
suggested a local restaurant where we could talk in private.
As soon as I arrived, Bill told me he was having major troubles
at work with a small group of employees whom he thought were
planning to leave the company, form their own firm, and
compete against him. Bill knew there was nothing he could do
to keep the employees from leaving, but he wanted to ensure
that they didn't take any proprietary information belonging to
his company with them when they left.
He was specifically concerned because the company's "network
guy" came to him and reported that he had recently observed an
unusually large amount of network activity for a few employees,
including accessing the customer database and billing system.
31. While this type of access wasn't against company policy and
was within the employee's job description, it was unusual
enough for the network guy to report it. Bill asked him to "keep
an eye open" for any more unusual activity.
A few days later, the network guy informed Bill he observed an
increase in the amount and size of e-mail these same employees
were sending through the company e-mail server. When he
explored further, he noted these employees sent a large number
of encrypted e-mails to a former employee. He was, of course,
unable to read the e-mails. Encryption wasn't normally used by
the company, but it wasn't against the company policy to use
encryption, either.
Bill needed proof that these employees were sending proprietary
information out of the company to this former employee so that
he could terminate their employment and so that he could obtain
a "cease and desist" order against his former employee to
prevent him from using the proprietary information.
As expected, while examining the employees' computers, I
located a large number of encrypted files and attempted to crack
the password protection so I could see the content of the files.
The employee protected the majority of files with PGP, a very
strong encryption utility. I knew that the possibility of cracking
a PGP-protected file was very slim, but I also knew that I had
human nature working in my favor.
On one of the computers, I located a small collection of
Microsoft Word documents that were password protected using
the built-in Microsoft password-protection security. This
protection scheme can be very simple to crack using a variety of
available commercial cracking utilities. I was able to open each
of these files within a few minutes and review their contents.
The fact that none of these files had anything to do with the
case didn't deter me. I learned a long time ago that people are
generally very lazy when it comes to choosing passwords and
typically will use the same password in several places.
I attempted to use the recovered password to open the PGP files
and was able to access all of the information that was stored on
32. this employee's computer. I located enough evidence to assist
Bill in obtaining the "cease and desist" order and to terminate
the employees without fear of being sued for wrongful
termination.
Although this is one example of overcoming an encryption
technology by using a weakness in the implementation of the
technology (the human weakness of reusing passwords) and not
a weakness in the technology itself, you will find many
situations where a weak encryption technology works in the
investigator's favor.
Known Plaintext Attack
The known plaintext attack is a method of cracking encryption
that uses the plaintext and the associated ciphertext. If a
forensic investigator is lucky enough to have both the
unencrypted and encrypted versions of a file, the relationship
between the two can be analyzed and the encryption key
deduced. Some archive file password crackers utilize this type
of attack. Simply provide an unencrypted file and an encrypted
ZIP archive, and the utility will compare the two and attempt to
find the key used in the encryption.
known plaintext attack
An attack to decrypt a file characterized by comparing known
plaintext to the resulting ciphertext.
As a part of an investigation, forensic investigators often have
access to files that may appear to be unrelated to the evidence
that is needed. Savvy forensic investigators won't be deterred by
this because they know these files could help provide the key
the suspect used to encrypt the files. Keeping track of multiple
encryption keys is difficult, so forensic investigators are often
able to use that discovered key to decrypt other encrypted files.
Chosen Plaintext Attack
Forensic investigators may have access to the encryption
engine, but not the key. It is possible the encryption utility
allows users to encrypt files using stored credentials without
33. disclosing those credentials. In such cases, forensic
investigators may be able to discover the encryption key using a
chosen plaintext attack. In a chosen plaintext attack, files are
encrypted and then compared to the resulting encrypted file.
After you create the plaintext and ciphertext, the attack
progresses just like the known plaintext attack.
chosen plaintext attack
An attack to decrypt a file characterized by comparing
ciphertext to a plaintext message you chose and encrypted.
Brute Force Attack
The brute force attack method for decrypting files is the worst
choice and should be used only after exhausting other methods
first. It uses the same approach as brute force password
cracking. The utility tries every possible key value to see if the
decryption results in an intelligible object. Use this option as
your last resort.
Which Way to Go?
Each type of attack requires different input, output, and access
to the encryption utility. Always try the easiest methods first. If
these don't work, move on to more complex approaches. There
are no guarantees that discovering a method to decrypt files will
be successful within a reasonable timeframe. A brute force
attack will always work eventually. However, remember that
"eventually" can mean several thousand years.
Use what you can and take the time to think about the evidence.
Evidence collection and analysis is very much like assembling a
puzzle. Forget about the picture; look at how the pieces fit
together.