Below is my email contents which was sent to my lecturers on 7 December 2008 after performing two successful forensic experiments on Ubuntu machine. It was performed when I was still joining MSc in Forensic Informatics at the University of Strathclyde, UK.
Based on teaching materials of CS935 and CS936, I performed an experiment in the last few days with the result was successful. It is about email encryption using key pair and virtual machine (VM). The experiments I run were under Ubuntu and Windows XP with the number of machines are 2 in which all of them are my experimental laptops.
For first experiment, firstly, I carried out it on Ubuntu machine, I used the 'Passwords and Encryption Keys' application which is default application on Ubuntu 8.10, then I run it to obtain key pair consisting of private key and public key. After that I install the applications Thunderbird and Enigmail in which Thunderbird is for mail client and Enigmail is for email encryption.
I run Thunderbird to make a new account based on my email address of Gmail and CIS Strathclyde email. For gmail, I set up imap.gmail.com:993 and smtp.gmail.com:587, while imaphost.cis.strath.ac.uk:993 and smtphost.cis.strath.ac.uk:25 for CIS email.
I used OpenPGP from Enigmail to manage key pair from the first application. With OpenPGP, I chose which key pair I would like to send it's public key by email to someone. In this case, I chose my Gmail key pair to be sent to my CIS email, so that my CIS email received the public key of my Gmail.
I moved to the other machine to open my CIS email account in order to import the PGP public key from my Gmail. After importing it, I checked to OpenPGP to make sure by setting 'Owner Trust'. From my CIS email, I write e new message, then I encrypted by choosing the public key and sent it to my Gmail.
I then moved again to the previous machine to open my Gmail account, then I opened the recent encrypted email from my CIS email, then decrypted it by using the private key of my Gmail as passphrase.
Why I used 2 different machines was in order to get a real world between sender and receiver. Actually, at the first experiment, I used only 1 machine, but it did not work well because it records the cache of PGP key although I have cleared it up. It also could not store the imported public key because the key pair had existed.
After successful experiment under Ubuntu, I tried to perform it under Windows XP. I installed Thunderbird, Enigmail and GnuPG. GnuPG is used for making key pair under Windows OS. Conducting experiment under Ubuntu and Windows XP is rather different on making key pair. On Ubuntu, I could do it directly by using the 'Passwords and Encryption Keys' application, while under XP, I did it by using 'Key Management' of OpenPGP. Thereafter I carried out the same steps, the result was excellent.
Conclusion, Thunderbird, Enigmail and PGP can be used to encrypt the email through key pair well either under Ubuntu or Windows XP.
Second experiment was making virtual machine by using VirtualBox. This experiment was performed in order to ensure whether the VirtualBox can run under Ubuntu and XP.
Firstly, under Ubuntu machine, I made a virtual machine of Windows XP as guest machine. After the installation was successful, before run it, I made an initial snapshot as the basics for examination, after that I run the VM, then I made again the snapshot as the second baseline, thereafter I browsed the internet in order to download Mozilla Firefox.
After downloading process finished, I installed it into the VM then I run Firefox to browse google and Strathclyde website, still in the progress of Firefox, I made again a snaphot as the third baseline. After all, I shutdown the VM.
Conclusion, the VirtualBox can be used to make VM well including making some snapshots for further analysis either under Ubuntu or Windows XP.
The email encryption is really useful when performing secure communication Although it is tapped, it is almost impossible to decrypt the email contents if the key size of encryotion applied is high such as 4096 bit. So far there is no algorithm which is successful to break 4096-bit email encryption. It also provide key expiry meaning the encryption key will be expired in a certain period. It is very useful when the key is stolen after expiry period. The key will be useless as it cannot be used to access the encrypted emails. Because of this advantage, it is frequently used at this time among internet users for sending or receiving confidential information.
Meanwhile the virtual machine (VM) is useful for forensic investigators to examine a forensic image in controlled environment. The changes happen can be detected appropriately. Through VM, the investigators can peform snapshots in every steps taken in order to control the contents; therefore VM can be said as a forensically sound solution to investigate an image. VM can also be used by criminals to perform cyber crimes by using web browsers. The internet logs is recorded in VM, not in main machine. If the investigators try to seek the logs in main machine, they will get nothing. They should do investigation on VM.
Standing from the point of Email Encryption and VM, the forensic investigators should understand about it as there is always a possibility it is used by criminals to hide their trace to be detected by law enforcement officers.
I've known about only dozen programs which are able to overcome such troubles. But one of the simply tools is the next, which relieved me some time ago. It forced me to believe that it can help with any kind of problem related to such propositions - pst recovery outlook 2007.
ReplyDelete