Hiding Behind the Keyboard: Uncovering Covert Communication Methods with Forensic Analysis
By Brett Shavers and John Bair
()
About this ebook
Hiding Behind the Keyboard: Uncovering Covert Communication Methods with Forensic Analysis exposes the latest electronic covert communication techniques used by cybercriminals, along with the needed investigative methods for identifying them. The book shows how to use the Internet for legitimate covert communication, while giving investigators the information they need for detecting cybercriminals who attempt to hide their true identity. Intended for practitioners and investigators, the book offers concrete examples on how to communicate securely, serving as an ideal reference for those who truly need protection, as well as those who investigate cybercriminals.
- Covers high-level strategies, what they can achieve, and how to implement them
- Shows discovery and mitigation methods using examples, court cases, and more
- Explores how social media sites and gaming technologies can be used for illicit communications activities
- Explores the currently in-use technologies such as TAILS and TOR that help with keeping anonymous online
Brett Shavers
Brett Shavers is a former law enforcement officer of a municipal police department. He has been an investigator assigned to state and federal task forces. Besides working many specialty positions, Brett was the first digital forensics examiner at his police department, attended over 2000 hours of forensic training courses across the country, collected more than a few certifications along the way, and set up the department’s first digital forensics lab in a small, cluttered storage closet.
Read more from Brett Shavers
Placing the Suspect Behind the Keyboard: Using Digital Forensics and Investigative Techniques to Identify Cybercrime Suspects Rating: 0 out of 5 stars0 ratingsCybercrime Investigation Case Studies: An Excerpt from Placing the Suspect Behind the Keyboard Rating: 0 out of 5 stars0 ratingsCybercrime Case Presentation: An Excerpt from Placing The Suspect Behind The Keyboard Rating: 0 out of 5 stars0 ratingsX-Ways Forensics Practitioner’s Guide Rating: 0 out of 5 stars0 ratings
Related to Hiding Behind the Keyboard
Related ebooks
Implementing Digital Forensic Readiness: From Reactive to Proactive Process Rating: 0 out of 5 stars0 ratingsBotnets: The Killer Web Applications Rating: 5 out of 5 stars5/5Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols Rating: 5 out of 5 stars5/5Digital Triage Forensics: Processing the Digital Crime Scene Rating: 2 out of 5 stars2/5Investigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace Rating: 0 out of 5 stars0 ratingsComputer Forensics: A Pocket Guide Rating: 4 out of 5 stars4/5Practical Anonymity: Hiding in Plain Sight Online Rating: 3 out of 5 stars3/5Cybercrime Investigators Handbook Rating: 0 out of 5 stars0 ratingsUnified Communications Forensics: Anatomy of Common UC Attacks Rating: 4 out of 5 stars4/5Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides Rating: 4 out of 5 stars4/5Managing Online Risk: Apps, Mobile, and Social Media Security Rating: 0 out of 5 stars0 ratingsSeven Deadliest Wireless Technologies Attacks Rating: 0 out of 5 stars0 ratingsCracking the Fortress: Bypassing Modern Authentication Mechanism Rating: 0 out of 5 stars0 ratingsDigital Forensics Basics: A Practical Guide Using Windows OS Rating: 0 out of 5 stars0 ratingsMeeting People via WiFi and Bluetooth Rating: 0 out of 5 stars0 ratingsDigital Forensics Trial Graphics: Teaching the Jury through Effective Use of Visuals Rating: 0 out of 5 stars0 ratingsAugmented Reality Law, Privacy, and Ethics: Law, Society, and Emerging AR Technologies Rating: 0 out of 5 stars0 ratingsDigital Forensics: Threatscape and Best Practices Rating: 0 out of 5 stars0 ratingsBuilding a Digital Forensic Laboratory: Establishing and Managing a Successful Facility Rating: 3 out of 5 stars3/5Hacking a Terror Network: The Silent Threat of Covert Channels: The Silent Threat of Covert Channels Rating: 5 out of 5 stars5/5Thor's Microsoft Security Bible: A Collection of Practical Security Techniques Rating: 0 out of 5 stars0 ratingsCloud Storage Forensics Rating: 4 out of 5 stars4/5Cyber Security Audit A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsVirtualization and Forensics: A Digital Forensic Investigator’s Guide to Virtual Environments Rating: 4 out of 5 stars4/5Inside the SPAM Cartel: By Spammer-X Rating: 2 out of 5 stars2/5Surface, Deep and Dark Web Monitoring The Ultimate Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsAdvances in Cyber Security: Technology, Operations, and Experiences Rating: 0 out of 5 stars0 ratingsWeb Application Obfuscation: '-/WAFs..Evasion..Filters//alert(/Obfuscation/)-' Rating: 5 out of 5 stars5/5Scene of the Cybercrime: Computer Forensics Handbook Rating: 4 out of 5 stars4/5Kernel Based Virtual Machine A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratings
Information Technology For You
Summary of Super-Intelligence From Nick Bostrom Rating: 5 out of 5 stars5/5Hacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing Rating: 3 out of 5 stars3/5How To Use Chatgpt: Using Chatgpt To Make Money Online Has Never Been This Simple Rating: 0 out of 5 stars0 ratingsComputer Science: A Concise Introduction Rating: 4 out of 5 stars4/5Creating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5Practical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5Supercommunicator: Explaining the Complicated So Anyone Can Understand Rating: 3 out of 5 stars3/5Data Analytics for Beginners: Introduction to Data Analytics Rating: 4 out of 5 stars4/5CompTIA Network+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsHow to Write Effective Emails at Work Rating: 4 out of 5 stars4/5Linux Command Line and Shell Scripting Bible Rating: 3 out of 5 stars3/5Handbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5CompTIA A+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Core 1 Exam 220-1101 Rating: 0 out of 5 stars0 ratingsChatGPT: The Future of Intelligent Conversation Rating: 4 out of 5 stars4/5Data Governance For Dummies Rating: 0 out of 5 stars0 ratingsAWS Certified Cloud Practitioner: Study Guide with Practice Questions and Labs Rating: 5 out of 5 stars5/5The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Rating: 4 out of 5 stars4/5Health Informatics: Practical Guide Rating: 0 out of 5 stars0 ratings20 Windows Tools Every SysAdmin Should Know Rating: 5 out of 5 stars5/5The Programmer's Brain: What every programmer needs to know about cognition Rating: 5 out of 5 stars5/5Computer Organization and Design: The Hardware / Software Interface Rating: 4 out of 5 stars4/5Guide to Healthcare Information Protection and Privacy for Executives Rating: 0 out of 5 stars0 ratingsAn Ultimate Guide to Kali Linux for Beginners Rating: 3 out of 5 stars3/5Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5Cyber Security Consultants Playbook Rating: 0 out of 5 stars0 ratings
Reviews for Hiding Behind the Keyboard
0 ratings0 reviews
Book preview
Hiding Behind the Keyboard - Brett Shavers
Hiding Behind the Keyboard
Uncovering Covert Communication Methods with Forensic Analysis
Brett Shavers
John Bair
Larry Leibrock, Technical Editor
Table of Contents
Cover image
Title page
Copyright
Foreword
Introduction
About the Authors
Acknowledgments
Chapter 1. Laying the Foundation of Covert Communications
Introduction
A Brief History of Covert Communication
Covert Communication Overload
Covert Communication Goals
Summary
Chapter 2. The Tor Browser
Introduction
History and Intended Use of The Onion Router
How The Onion Router Works
Forensic Analysis of The Onion Router
Tracking Criminals Using Tor
Used in Combination of Other Tools and Methods
Tails
Related Tor Tools and Applications
Summary
Chapter 3. Triaging Mobile Evidence
Logical Data
Physical Data
Examples of Logical and Physical Data
Wireless Carriers
Mobile Network Operators
Mobile Virtual Network Operator
Determining Target Number
Fonefinder.net
Number Portability Administration Center
Search.org
Subscriber Identity Module
Internal Hardware of a SIM
The SIM File System
SIM Sizes and Evolution
Typical Evidence
SIM Security—PIN and PUK
Triaging Devices
Devices Powered On
Devices Located Off
Manual Exams
Tools Available
Software Solutions
Chapter Summary Points
References for Manual Tools
Chapter 4. Mobile Extraction Issues
Flash Memory
Embedded Multimedia Card, Embedded Multichip Package, and Multichip Package
The Function of NAND
Encoding
Epochs
Cellebrite Physical Analyzer
User-Installed Applications
User-Enabled Security
Advanced Validation
References for Listed Tools
Chapter 5. Data Hiding
Introduction
What is Steganography
Hiding Data Behind Data
Steganalysis
Steganography Methods
Relevant Cases
Summary
Chapter 6. Cryptography and Encryption
Introduction
Brief History of Encryption and Cryptography
Basic Working Knowledge
Hardware
Public and Private Keys
The Key is the Key
So Tell Me Something I Can Do About This!
Back to Steganography
Summary
Chapter 7. Antiforensics
Introduction
The Easy and Very Effective Methods
The Best Methods Aren’t the Most Commonly Used Methods
Another Simple Method
File Signature Manipulation
Time Stamp Modifications
Decoy Storage Devices
Portable Apps
Hidden Operating Systems
Virtual Machines
Planning Against Antiforensics
Finding Communication Records on Hard Drives
When All Else Fails or Is Likely to Fail
Summary
Chapter 8. Electronic Intercepts
Introduction
Value of Electronically Intercepted Communications
Authority and Necessity
Technology
Technical Barriers
Finding Cell Phone Numbers
Summary
Chapter 9. Digital Identity
Introduction
Identity
Finding the Digital Identity
Summary
Chapter 10. Putting It All Together
Introduction
Collecting Real-Time Communications
Collecting Historical Communications
Turning Information Into Intelligence
The (Virtually) Impossible
Non-tech Communications
Putting the Case Together
Summary
Chapter 11. Closing Thoughts
Introduction
Privacy Expectations
Legal and Technical Considerations
Summary
Index
Copyright
Syngress is an imprint of Elsevier
50 Hampshire Street, 5th Floor, Cambridge, MA 02139, USA
Copyright © 2016 Elsevier Inc. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.
This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices
Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.
Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.
To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.
British Library Cataloguing in Publication Data
A catalogue record for this book is available from the British Library
Library of Congress Cataloging-in-Publication Data
A catalog record for this book is available from the Library of Congress
ISBN: 978-0-12-803340-1
For information on all Syngress publications visit our website at https://www.elsevier.com/
Publisher: Todd Green
Acquisition Editor: Chris Katsaropoulos
Editorial Project Manager: Anna Valutkevich
Production Project Manager: Punithavathy Govindaradjane
Designer: Matthew Limbert
Typeset by TNQ Books and Journals
Foreword
In the Introduction to Hiding Behind the Keyboard, Brett Shavers is far too modest in saying if you get one nugget of useful information from it, then his writing the book will have been worthwhile. Instead, you will surely find, as I did, an impressive cornucopia of golden nuggets throughout these pages.
A broad landscape of technical topics is thoroughly presented here, including encryption schemes and methods; steganography; the Tor browser; the TAILs operating system; password cracking; decoy storage devices; time stamp modification; file signature manipulation; bootable operating systems; using media address control (MAC) to identify source; portable apps; hidden and decoy operating systems; virtual machines; key loggers; antiforensic methods; electronic intercepts; trap and trace/pen registers; determining digital identity; navigating the Dark Web; and much more—Phew! Equally impressive are the numerous practical tips and examples in the book that come from Brett Shavers’ many years spent in law enforcement and cutting-edge computer forensics.
Also valuable on the subject of smartphones and other portable devices are two exquisitely detailed chapters contributed by Tacoma Police Detective and University of Washington Lecturer, John Bair.
It would be selling this book short if one thought its sole focus was on how cops, robbers, and terrorists play hide-and-seek on the increasingly critical battlefield of computers, smartphones, transmitted electronic files, networks, and so on. It is also about making sure anyone who has to deal with vital digital information, whether on storage media or live,
is fully aware of all the tools out there to find and analyze not only what the bad guys are doing, but also what you can do to counter them. In other words, the book shines a bright light on knowing what you don’t know
so you don’t pass up opportunities to find information so important and sensitive that a multitude of sophisticated ways have been employed to hide it.
Besides those who serve in frontline law enforcement, lawyers who practice in both criminal prosecutions and civil litigation need to read this book—not necessarily for a complete understanding of the technical content, but rather to understand what can happen with electronically stored information, and what options exist to detect it when purposely hidden. I am not ashamed to admit, even after practicing law for 40 years, first as a prosecutor and then as a civil litigator, with the last 20 of those years working primarily as an e-discovery expert witness and forensic examiner, that much of Brett’s book offered me one fact or methodology after another that was new to me, and where I thought I knew something about a topic but in fact didn’t.
This book also has several useful tips on what to do next if you think the digital evidence or lack thereof is taking you nowhere. Many practice tips throughout the book are alone worth the price of admission.
And when it comes to computer forensics, there is nobody anywhere I know who can match Brett’s breadth and depth of knowledge, and I have had the good fortune to know some of the best. Is there some new forensic utility that does this or that? He is all over it. Is there a need to develop a self-executing set of programs on a CD or USB drive to render a target device read-only and shut down all other data ports for the examination? Well, OK, he writes the code for that and gets access to what he needs. He’s fully versed in EnCase Forensics and like many experts happy with how it works; but then X-Ways Forensics comes along, and he wonders could that maybe do more? So Brett totally immerses himself in it for hours and days, he likes the tool, and then coauthors a book about it (X-Ways Forensics Practitioner’s Guide)!
It is no wonder, then, that he has served as an adjunct instructor at the University of Washington’s Digital Forensics Program; as an expert witness and digital forensics consultant; as a speaker at numerous conferences; and as a blogger on digital forensics.
And yet for such a gung ho guy, whenever we meet up at Starbucks to solve the problems of life and the world, he looks and softly talks like a Buddhist monk.
So congratulations to you on buying this book, because with it you get so many fruits from Brett’s genius and remarkable life along with it.
Larry G. Johnson, Attorney and Forensic Technologist, Electronic Data Evidence, Newcastle, Washington
Introduction
Abstract
This book gives investigators the tools, techniques, principles, and theories to uncover anonymous and covert communications. To accomplish this task, the book explains in detail numerous methods to communicate covertly and anonymously.
Keywords
Anonymous; Concepts; Covert; Investigators; Principles; Undercover officers.
Introduction
A person interacts with another for many reasons as a part of social connections. For the majority of contacts, human communications are productive and meaningful for personal and professional relationships. Other types of communications may be beneficial to a person but also carry negative consequences for others. One example of a negative benefit is the communication required between criminals that results in other persons being victimized. Terrorism also falls into this area.
What This Book Is and Is Not
Hiding Behind the Keyboard describes the various means to identify covert communications using forensic analysis and traditional investigative methods. Along with identifying covert communications, the book intends to illustrate methods to identify the persons behind the communications, their mind-set, and technology used. This book intends to be a guide in your investigations with methods to intercept communications and find the persons behind them. Although the title of this book might be provocative, this is simply due to the frustrations investigators endure in cases where suspects are simply using computers and mobile devices anonymously. In no sense is this book intended to be anything other than geared toward the investigator.
A previously published book, Placing the Suspect Behind the Keyboard, focuses on overall case development and general investigative methods and techniques and briefly touches on the electronic aspects of placing a person at a keyboard. Hiding Behind the Keyboard goes beyond general aspects and delves more into the technical aspects of covert communication methods as well as the forensic analysis of electronic communications. In many cases, placing a suspect behind a keyboard may not be the obstacle as much as identifying the actual words and methods of communication used between suspects. In that aspect, Hiding Behind the Keyboard supplements Placing the Suspect Behind the Keyboard to build and resolve an investigation.
This book is not a how to
guide on subverting laws or communicating anonymously to commit crimes. The covert communications described are for the intended purpose of discussing how to identify and subsequently analyze the communications. Much like a driving course teaches someone how to drive but does not teach how to drive a getaway car,
this book shows methods of covert communication for the purpose of understanding how to use techniques to uncover the communication but not in committing a crime.
Also much like learning how to drive a car, this book shows the investigator how to use covert means of communication for their safety and the safety of information being exchanged with others such as with confidential sources or undercover assets. As with any tool, the use determines whether or not it is being used for good purposes.
Describing methods to uncover anonymous communication channels would be incomplete without describing the actual methods. In effect, throughout the book, there are discussions on the how to
communicate covertly to understand how to discover the covert communications. After knowing the how,
you can more effectively find the communication methods and content.
The Intended Audience
Law enforcement officers, criminal investigators, and civil investigators are the intended audience simply because they usually confront covert communications in their positions. In actuality, many of these professionals may not even be aware of the covert communications that are already occurring in their investigations. When you do not know what you do not know, you will almost always miss critical evidence and information.
Throughout this book, both these terms suspects
and targets
are used for the persons involved in covert communications you wish to investigate. The term target is used not as a political or tactical point other than a target
being the subject of your investigation. A target can be a terrorist, criminal, or corporate spy for whom you want to uncover covert communications.
As a practical matter, every person fitting within this intended audience should be well-versed in technology as it relates to communication. The criminals and terrorists of today exploit every means to communicate covertly and anonymously, and most involve technology. To delay learning the methods being used is to delay effectively investigating your targets.
Note
Hiding Behind the Keyboard
Just because your targets use complex methods of covert communication does not mean you cannot use the same methods! Witnesses, informants, agents, undercover officers, and other persons should use secure communications to protect their identities and the information exchanged.
Duration of Relevance for This Guide
Similar to Placing the Suspect Behind the Keyboard, this book has been written as a guide to outlast technology advances. Although technology changes constantly by employing the principles in this guide, you should be able to transfer what becomes old technology to the latest technology. It is mastering concepts and principles that are most important in becoming a great investigator.
As for the technical information in the book, similar to other technologies, what is possible today may not be possible tomorrow and conversely, what is impossible today may be possible in the future. Simply some things get harder, and other things get easier. Either way, you are reading a book with tools to deal with both situations.
Summary
Technology makes covert communications easier, faster, and more secure than ever before. However, most methods can be discovered, analyzed, and broken with the use of technology and investigative methods. This book will introduce and reinforce an investigative mind-set that you can use in any investigation, with any type of target, using any type of covert communication method. It is not easy or quick, but persistence and tenacity in your efforts can produce worthwhile outcomes in finding out what your targets are saying to each other.
The single and most important goal of this book is to give at least one nugget of information that can make a case, save time, identify suspects, and give justice to victims. If an investigator can find that one piece of guidance then the book will have accomplished its goal. After all, solving cases is the goal for the sake of victims. Let’s start and find the nuggets!
About the Authors
Brett Shavers
Brett Shavers is a veteran of the US Marines and former law enforcement officer of a municipal police department. He has worked just about every type of law enforcement specialty from mountain bicycle patrol, SWAT (Special Weapons and Tactics), detective, and undercover narcotics officer in state and federal task forces. After working undercover assignments inside and outside the United States, Brett created the first digital forensic lab at his police department as the first digital forensic examiner. Brett attended over 2000 hours of digital forensic training courses across the country, collected more than a few certifications along the way, and taught digital forensic analysis and investigative methods to hundreds of law enforcement officers.
Brett has been an adjunct instructor at the University of Washington’s Digital Forensics Program, an expert witness and digital forensic consultant, a professional speaker at conferences, a blogger on digital forensics, and an honorary member of the Computer Technology Investigators Network. He has worked forensic cases ranging from child pornography investigations as a law enforcement investigator to a wide range of civil litigation and class action lawsuits as a digital forensic expert consultant, expert, and evidence special master. Brett’s previous books include Placing the Suspect Behind the Keyboard and the X-Ways Forensics Practitioner’s Guide.
John Bair
John Bair is currently employed as a detective with the Tacoma Police Department. He began his law enforcement career with the El Paso Police Department in 1989 after leaving the military. John created a mobile forensic lab in 2006 and also began collateral duties as a mobile forensic instructor with various vendors throughout the United States.
Fox Valley Technical College hired John as a contract instructor to assist in training in the Department of Justice—Amber Alert Program. His expertise with mobile forensics is being utilized to teach a segment within the digital evidence module. This targets investigators responding to scenes where children have been abducted. In Pierce County, Washington, he began a mobile forensic training program which is currently in its fourth year for Superior Court prosecutors and Judical Officers. The program stresses the technical origins of the warrant language, what to check for, validation of evidence, and how to present this dynamic content in court.
John recently created a mobile forensic program at the University of Washington, Tacoma (UWT). His lecture materials are covered in three different courses, which range from logical fundamentals, physical decoding, and advanced destructive techniques. All courses utilize manuals that he has authored and involve current and past case techniques.
As a contract instructor, he has instructed at various federal labs within the United States (Secret Service, Immigrations and Customs Enforcement). He has presented on mobile evidence as a guest speaker at Paraben’s Innovative Conference, Washington State Association of Prosecuting Attorneys’ (WAPA) Summit, and the Computer Technology Investigations Network Digital Forensics Conference. Recently he spoke at the 16th Annual Conference on Information Technology Education and at the 4th Annual Research in IT Conference in Chicago, Illinois. These conferences are sponsored by the ACM Special Interest Group for Information Technology Education (SIGITE). John and two other professors from the UWT recently coauthored a paper regarding the current mobile forensic program.
John has 31 certifications related to digital evidence. The following reflect the most significant related to mobile forensics: Cellebrite Certified Mobile Examiner (CCME), Mobile Forensics Certified Examiner (MFCE), Cellebrite Certified Logical Operator (CCLO), Cellebrite Certified Physical Analyst (CCPA), AccessData Certified Examiner (ACE), Cellebrite Mobile Forensics Fundamentals (CMFF), AccessData Mobile Examiner (AME), and Cellebrite Certified Task Instructor (CCTI).
Acknowledgments
I would like to thank John Bair for his work as a coauthor. John’s expertise in mobile device forensics is beyond comparison, and this book benefited greatly from his experience. I was fortunate to have Larry Leibrock as the book’s tech editor. Larry’s extensive experience across a wide range of positions in digital forensics and his willingness to provide technical edits for content was invaluable.
I am humbled by Larry Johnson’s foreword who wears many hats in my life as my attorney, advisor, confidant, and friend. I also want to give appreciation to other experts in the industry for taking the time to review, give input, and make sure that the book is relevant in topic and material—Chris McNulty of the Seattle Police Department, Tim Carver of Trine University, and Steve Beltz of T-Mobile. Every suggestion, recommendation, and comment was taken to heart and appreciated. And if not for Anna Valutkevich of Syngress, this book would have taken twice as long to finish and been half as good as it is.
Certainly not a day goes by that I do not thank my wife Chikae for her support. Although she may think I am her supporter, my strength comes from her to get things done right, no matter the obstacles. Of all my luck and timing, she has always been, and will always be, my precious treasure.
Brett Shavers
Brett Shavers was introduced to me while working on a project at the University of Washington. Many months later, Brett approached me and requested that I help write a few words regarding mobile forensics. I was quite humbled and agreed. Because of Brett, I have had to try and articulate a couple of things that may in turn help others. It is for that reason that Brett deserves nearly all of my thanks.
The remainder of my gratitude goes to my family. My late father, who spent 44 years with Bell and Mountain Bell Telephone—he gave me my passion for electronics. Today I have my current team which consists of Alexa, Zack, Hannah, Daisy, and Dexter (the last two on the list being of the K-9 persuasion).
Of course I can’t forget the team captain Char. She binds my life together with companionship, laughter, much needed advice, and never-ending love. Without her I would not be who I am today. She has been and continues to be an endless blooming flower that I can’t stop admiring.
John Bair
Chapter 1
Laying the Foundation of Covert Communications
Abstract
Communication is a requirement for business operations, government functions, and human-to-human interaction to exist. Without communication, none of these will be possible. From simple conversations to the most advanced encrypted communications, information must transit from person to person. The vast majority of communications are legitimate for human relationships; however, some communications either facilitate criminal acts or are actually criminal in nature. The focus of uncovering covert and anonymous communications is to undermine the criminal elements of communications in order to prevent, detect, and reduce crime.
Keywords
Anonymous; Communication; Covert; Criminal activity; Encryption; Government; History of communications; Investigations; Methods; Personal communication
Introduction
You have probably taken communication courses in either high school or college and been taught how to effectively communicate in business and personal relationships. These types of communication courses are valuable in many aspects, but do not relate to the investigative methods you will see in this book. I intend to give you sufficient and necessary principles, concepts, and practical methods to not only uncover covert communications but also determine the content of the conversations using both forensic analysis and interpretation of data.
You will notice that much of the information in this book details how to communicate anonymously and covertly
alongside with how to find anonymous and covert communications.
Unlike driving a car where you do not need to know engines or transmissions work, as an investigator, you do need to understand how these types of communications take place in order to understand the methods to uncover and analyze them. The technical explanations may be beyond the scope of a