FOR206 - Windows Cryptography

Encryption is being used more and more in legitimate business, as well as within criminal enterprises. Learn about the types of encryption available in Windows, the weaknesses, and what it takes to either decrypt files that have been encrypted or to defeat the encryption by other means. Includes the detection of hidden volumes as implemented by, for example, TrueCrypt. 

Level: Intermediate
Audience:

Cyber forensics investigators

Topics:
  • Modern cryptography

    • Fundamental functions of cryptography
    • Historical ciphers
    • Modulus arithmetic; the XOR function
    • Pseudorandom sequences
    • Early stream ciphers
    • Modern stream ciphers
    • Block ciphers
    • Public key cryptography
    • Choosing algorithms
    • Certificates
  • Data Protection API

    • Strategy and design
    • Algorithms
    • Use
    • Weaknesses
  • Encrypting File System (EFS)

    • Strategy and design
    • Algorithms
    • Use
    • Weaknesses
  • CryptoAPI

    • Strategy and design
    • Algorithms
    • Use
    • Extending
    • Weaknesses
  • Cryptography Next Generation (CNG)

    • Strategy and design
    • Algorithms
    • Use
    • Extending
    • Weaknesses
  • Bitlocker

    • Strategy and design
    • Algorithms
    • Use
    • Extending
    • Weaknesses
  • TrueCrypt

    • Strategy and design
    • Algorithms
    • Use
    • Extending
    • Weaknesses
  • Other cryptography-using elements

    • WinZIP encrypted zip files
    • RAR encrypted archives
    • PDFs
    • Password lockers (LastPass, etc.)
Prerequisites:

Basic experience using Windows. For some of the material, some background in programming is helpful, but is not required. 

Operating systems supported:

All Windows versions

Durations and formats: 2 days with labs