TER General Board

Rude curiosity
socrates17 1 Reviews 3943 reads
posted

Forensics of all types have always facinated me.  Your use of the term "best practices" suggests a connection to ERP vendor SAP.  In the not too distant past, I had a very bad experience with SAP.  Currently, I am having a better experience with J.D. Edwards, from none of whose employees have I heard the nearly oxymoronic phrase "best practices."  (If you are still practicing, how can you possibly determine if what you are doing is the "best" you can do???  How do you get to Carnegie Hall???)

If you cannot figure out from that information, who I am, then you are not really trying.  If you succeed, please do me the courtesy of emailing privately.

Montt6752 reads

There has been a lot of discussion about personal information and the use or misuse of it. Some providers (and clients) are going to collect it no matter what others think so I would like to provide some help for them to keep it secure. I am an IT pro and do forensics work. Here is an inexpensive and reliable solution for both providers and hobbyists to keep contact information secure, if you follow these instructions, neither I nor LE, or the NSA can access your data without your permission.

1. Download DriveCrypt v3.02b at http://www.securstar.de
It is only $39.95 and is very easy to use.

2. Create 16bit Stereo WAV files by ripping to WAV file some songs off of one or more of the music CDs that you own using the program that comes with your CD burner, or buy Roxio's EasyCD Creator 5.0 Platinum at http://roxio.com for $99.95, or my personal favorite, Version 7.2 of Media Jukebox which is only $24.98 at http://www.musicex.com/mediajukebox/  

Easy CD Creator is VERY easy to use but expensive. Media Jukebox is has a much bigger learning curve, but is powerful and inexpensive. For example, you can use it to create Stereo WAV files or MP3s from internet radio, or anything that plays across your sound card.

What are we going to do with these cool tools now? DriveCrypt will not only encrypt your hard disk (I DO NOT recommend this) but it will take a Stereo WAV file and turn it into an encrypted file container. You can store any file in it - photos, text files, you name it.

The encrypted WAV file mounts (I love that word) like a drive letter and you can save or copy files into it, then dismount it. The WAV file still plays as music but DriveCrypt, using Steganography (for the curious search Yahoo or Google for more information about this information hiding technique) hides your files inside the music file and there is no way to even tell the difference betweeen the music file you have used as an encryption container and any other music file on your hard disk (or CD, ZIP disk, etc).

The capacity is 25-50% of the file size depending on the settings you choose. For example Bad Company's Shooting Star is over 65mb so you could hide over 30mb of files in it.

Password strength is as good as you want to use. You can have up to 4 passwords to open the file and if you make them good enough, even the NSA cannot break the encryption. This is assuming that anyone would even guess that you are storing information in a music file.

Best Practices:

1. Use music you own. We wouldn't want to break the copyright laws, now would we?

2. Make lots of Stereo WAV files (security through obscurity) and enjoy them. How about creating a play list using Windows Media Player 7.1?

3. Keep your contact info (or little black book) in a simple text file created using Windows Notepad, and store it in the encrypted WAV file.

4. Use a password that is effective but something you can remember like: Itw@$@d@rk@nd$t0rmyn1ght! or H0tC0ff33!(don't use these!) substituting @ for a, and $ for s, and maybe 1 for L and so on. Doesn't hurt to begin or end a string with a character of your choice like % or something.

5. Delete all your old contact files or databases and then use BCWipe available from http://www.jetico.com/ for only $29.95 to securely wipe the deleted files and file slacks from your hard disk to DOD standards.

6. Do not EVER send anything in an email that could ever be used against you or someone else by LE or an employer. How about "Hey you got time to hang out tomorrow?" or something instead of "Do you provide Full Service?"

7. Have fun and Play Safe!

(I have no connection with any of the products mentioned)

My friend (and briefly, lover - what an appalling idea THAT turned out to be) Erin was fired for "excessive Internet use during working hours."  And she was not even accessing sex-related sites.  However, she WAS accessing what I can only describe as the gossip board under Yahoo/Finance and may (we are still not sure) have been posting derogatory information on the company and its upper management on said board.

LE etc. will not undertake the time and effort to track your internet usage, as I have stated in earlier threads.  The same, sad to say, is not true of your employers' IT/HR departments.

Forensics of all types have always facinated me.  Your use of the term "best practices" suggests a connection to ERP vendor SAP.  In the not too distant past, I had a very bad experience with SAP.  Currently, I am having a better experience with J.D. Edwards, from none of whose employees have I heard the nearly oxymoronic phrase "best practices."  (If you are still practicing, how can you possibly determine if what you are doing is the "best" you can do???  How do you get to Carnegie Hall???)

If you cannot figure out from that information, who I am, then you are not really trying.  If you succeed, please do me the courtesy of emailing privately.

Register Now!