Encryption is a method for protecting the confidentiality and integrity of data. The following are some features of encryption:
- Encryption changes a legible format to an illegible format using symmetric and asymmetric methods in order to prevent interceptors from reading the information.
- Encryption is a process that depends on the sharing of a mutually established key, or that is carried out through a private/public key set.
- The currently accepted National Institute of Standards and Technology (NIST) standard for strong encryption algorithms is Advanced Encryption Standard 256-bit (AES256-bit).
In encryption, algorithms are used to transform data input called plaintext into an unreadable format called ciphertext. Only the user who possesses the decryption key can transform the ciphertext back into the original plaintext. Encryption is an effective way of preserving the confidentiality and integrity of an organization's data.
Several common types of encryption can be used based on the requirements of an organization. Symmetric-key encryption requires communicants to have the same keys in order to encrypt and decrypt communications. Public-key encryption has a public encryption key, but in order to read (decrypt) messages, the receiving communicant must also have the decryption key. Organizations and individuals use encryption as a means for safeguarding their sensitive data. Additionally, many device manufacturers are including encryption as a built-in tool, as seen with smartphones.
Encryption is a concern for digital forensics examiner when possible evidence is on an encrypted device, like a smartphone. Special techniques must be followed to gather readable data, either by decryption or other means. During an investigation, when encrypted files or data are located, an examiner needs to ascertain the level to which a device is encrypted. There may only be a few encrypted files, or the entire hard drive disk may be protected (full disk encryption).
Since decryption can be time-consuming, there are a couple of quick checks to follow that may unlock encrypted areas, including checking for passwords and looking for file copies. People will often use the same passwords for multiple purposes, so if any of a user’s passwords can be retrieved, they can be checked against the encryption tool (e.g., web browsing passwords). Since a copy of a modified or deleted file is retained in memory until it is overwritten, there may be an older version of a file (that is now encrypted), which can provide information to an investigation.
References
Balogen, A. M., & Zhu, S. Y. (2013). Privacy impacts of data encryption on the efficiency of digital forensics technology. International Journal of Advanced Computer Science and Applications, 4(5), 36–40. https://arxiv.org/ftp/arxiv/papers/1312/1312.3183.pdf
Casey, E., & Stellatos, G. J. (2008). The impact of full disk encryption on digital forensics. ACM SIGOPS Operating Systems Review, 42(2), 93–98. http://dx.doi.org/10.1145/1368506.1368519
Check Your Knowledge
Choose the best answer to each question:
SSL
Licenses and Attributions
Encryption from Wikimedia Commons is in the public domain. UMGC has modified this work.