Information Security 493

Lab 11.3: Encrypt a Windows File

Windows operating systems since Windows 2000 have included the ability to encrypt files. Follow these steps:

1. Within Windows Explorer or the Desktop, right-click an individual file and choose Properties.

2. On the General tab, click the advanced button that appears underneath Attributes.

Conti…3. Check the Encrypt box contents to secure data.

Notice that you cannot choose to both encrypt the data and compress it.

4. Click OK to exit. Click OK again at the Properties dialog box.

5. A warning box appears asking if you want to encrypt only the file or the entire directory (the parent folder). Choose to only encrypt the one file and click OK again.

6. What is different about the file appearance now?

Lab 11.4: Turn On Folder Encryption with cipherFolders can be encrypted from the command line in

Windows XP using the cipher command. Earlier versions of cipher allowed you to work with

individual files as well as folders. Starting with Windows XP, cipher now works at the folder level only.

Conti…To use cipher to turn on folder encryption, follow these steps:

1. Choose Start Run.

2. Type cmd and press Enter. This action opens a command window.

3. make sure you are on the C, and your prompt shows “C:\>”.

4. Open ‘My computer’, clicks on C, and create a new folder there. Create a new file test1.txt.

5. Go back to the cmd, Type cipher /e directory, where directory is replaced by the name of a directory/folder you have created. Press Enter.

Conti…6. A message appears that the directory is now

encrypted.7. To see the status of the directory, type cd

folder (where folder is the name of the folder you created), then type cipher directory. A message appears stating that all new files added to this directory will be encrypted.

Conti…8. Create a file within that directory (creating a

file is easily accomplished by typing echo hello > test2.txt, which creates a text file with only the word hello in it).

9. within that directory, type cipher. In the list of files that appears, you’ll see a U to the left of all files that were initially there and an E to the left of the newly created file, which indicates that it is encrypted.

10. Type exit to close the command window.

Lab 11.5: TrueCrypt

TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device).

On-the-fly encryption means that data is automatically encrypted or decrypted right before it is loaded or saved, without any user intervention.

Conti…No data stored on an encrypted volume can

be read (decrypted) without using the correct password or correct encryption keys.

Entire file system is encrypted (e.g., file names, folder names, contents of every file, free space, Meta data, etc).

Conti…Start the program by double clicking on the

icon.

Click on create a volume. Click on next.

Click on select file. Make sure the location is ‘My Document’, and type in a name of the folder you want to create (i.e. you can name it ‘my encrypted files’), and click open. Click next.

Conti…Leave the encryption algorithm and the hash

as it is, and click next.

Type in the size of the folder you want to create (250 MB is good), make sure MB is selected and not KB.

Conti…Type in your password. For the sake of the lab

test type the password 123. Always remember you files are protected as strong as your password.

Confirm the password, click next. The program will warn you that the password is to short, click on yes.

Leave all options as they are and click FORMAT.

Conti…Click OK. And then click Exit.

Now an encrypted volume is created, and if you go to ‘My document’, you will find a file named ‘my encrypted files’, that you cannot open.

Next step is to mount the volume. Start TrueCrypt.

Click on select file, find the file you created ‘my encrypted files’ and click on it.

Conti…Chose one of the letters in the upper window (i.e. j:).

And click Mount.Type in your password (123), and click OK.Close TrueCrypt, go to my computer, and you will find

new drive (i.e. j:) that you can add files to.Now anyone on the computer can see this new drive

and any file in it.

Conti…Start TrueCrypt again. Click on the new volume (i.e.

j:), and click Dismount.

Go back to my computer, you will not find the drive neither any file was in it.

Note: You can use TrueCrypt under your Linux BackTrack. Just go to menu Backtrack Digital Fornsics Anti Forensics TrueCrypt.

Lab 11.6: knowing WireShark.

WireShark purpose is to capture network traffic and to represent it in a readable form.

This exercise will help to get you familiar with wireshark and to understand how to read the packets, to do so, follow the next steps:

Conti…Double click on WireShark file provided to

you.

Scroll through the top window, click on one of the lines, and try to understand the explanation in the middle window.

Conti…Write click on any packet, and chose ‘follow

TCP stream’, that window will show the interaction between the PCs in regard to this stream.

In the filter tap, write down ‘dns’, and click enter. What will this do?

Thanks !

Tutorial Delivered By :Maqsood Mahmud

Researcher/TA,Center of Excellence in Information Assurance,

College of Computer and Information Sciences (CCIS),King Saud University ,

Riyadh ,Kingdom of Saudi Arabia.

Cell: +966-544062273Office: +966-1-4697350Fax: +966-1-4675423

E-mail : information493@gmail.comWeb: http://faculty.ksu.edu.sa/maqsood