1 \RequirePackage{snapshot} % stats of included files: $filename.dep
3 \documentclass[12pt,a4paper,ngerman]{article}
4 \usepackage[ngerman]{babel}
6 %%%%% Formatting and encoding %%%%%
8 \usepackage[T1]{fontenc}
9 \usepackage[utf8]{inputenc}
12 \usepackage[columnsep=1.75cm,lmargin=1.75cm,rmargin=1.75cm,tmargin=2.5cm,bmargin=2.5cm]{geometry}
13 \setlength{\parindent}{0pt}
21 \fancyhead[LE,RO]{\leftmark}
22 \fancyfoot[LE,RO]{\thepage}
24 % Use sans serif font.
25 \renewcommand*{\familydefault}{\sfdefault}
27 % change heading fontsizes.
29 \subsectionfont{\normalsize}
30 \subsubsectionfont{\small}
33 % Create \Hide command (used for chapters)
34 \usepackage[explicit]{titlesec}
35 \newcommand*\Hide{\titleformat{\chapter}[display]{}{}{0pt}{\Huge}\titleformat{\part}{}{}{0pt}{}}
37 % inhibit creation of new double page on new chapter.
40 \patchcmd{\chapter}{\if@openright\cleardoublepage\else\clearpage\fi}{}{}{}
43 % change heading margins.
44 \titlespacing*{\chapter}{0pt}{0pt}{-40pt}
45 \titlespacing*{\section}{0pt}{9pt}{3pt}
46 \titlespacing*{\subsection}{0pt}{6pt}{0pt}
47 \titlespacing*{\subsubsection}{0pt}{0pt}{0pt}
49 % make \paragraph do newlines
51 \renewcommand\paragraph{\@startsection{paragraph}{4}{\z@}
52 {-.75ex \@plus -1ex \@minus -0.2ex}
54 {\normalfont\normalsize\bfseries}
59 % inhibit "Contents" Head in TOC
61 \renewcommand\tableofcontents{\@starttoc{toc}}
64 %make toc consider Chapter and section only.
65 \setcounter{tocdepth}{3}
67 % disable chapter, section, ... numbering
68 \setcounter{secnumdepth}{-1}
72 % make footnote numbering reset on every page.
73 \usepackage[hang,flushmargin,perpage]{footmisc}
74 %%%%% / Formatting %%%%%
76 % includable git commit info
77 \usepackage[missing=run\ build.sh\ or\ gitinfohook.sh]{gitinfo}
79 % Fürs "last generated" Datum
80 \usepackage[iso]{isodate}
83 \usepackage[absolute]{textpos}
85 \DeclareGraphicsExtensions{.pdf,.png,.jpg}
87 % clickable references/links/...
92 \DeclareUnicodeCharacter{20AC}{\euro}
95 \usepackage[framemethod=default]{mdframed}
96 \newmdenv[linecolor=red,backgroundcolor=yellow]{yellowframe}
99 \usepackage[babel,german=quotes]{csquotes}
103 \begin{document}\thispagestyle{empty}
107 As there is no template or any information on how and what shall (not) be included in a report or how a report should look like, this report is a work-in-progress-RFF (request for feedback).\\
111 Is there a template for me to use?\\
112 i can has a real forensic report?\\
115 \textbf{Jan Vales\\0726236\\\url{mailto:jan@jvales.net}\\\\
116 Assignment 1: Truecrypt\\Digital Forensics\\188.922-2014S}
120 \section*{Table of Contents}\begin{footnotesize}\tableofcontents\end{footnotesize}
121 \subsection*{Version}\begin{footnotesize}\url{http://git.somenet.org/?p=priv/jan/digfor.git}\\
122 git clone \url{ssh://git@git.somenet.org:666/priv/jan/digfor}\\
123 This is revision: \textbf{\gitAbbrevHash}. Document (.tex) compiled on: \textbf{\today}
124 \end{footnotesize}\vspace{\fill}\newpage
127 \newpage\section{Questions (6 points)}
128 \subsection{What is the password of the container?}
129 After cracking the password using bruteforce the password was found to be
130 \begin{quote}4865\end{quote}
132 \subsection{What is the secret in the container?}
133 The container had a file secret.txt with the following content
134 \begin{quote}\ttfamily{64e86b30466d506fdf6c0cd976ef4ba798a9cd4faf}\end{quote}
136 \subsection{What was saved in the container by Spongebob?}
137 The container had 3 files in it:\\
139 \subsubsection{awesome.jpg}
140 The File is a picture of spongebob looking at a rainbow.
142 \textbf{size}: 362372 byte\\
143 \textbf{''file''-output}: JPEG image data, EXIF standard\\
144 \textbf{sha512}\\\ttfamily{
145 d27a77d59c21732d5edd192423ab8402fee3e46e0aa2bfde5f7032c2f7ee706c\\
146 772ab08658e48c7558737809c00ce70355bdfaa1ca588d21ca43081eb4f2119a}
149 \subsubsection{secret.txt}
150 File contains a hexadecimal String of length 42.
152 \textbf{size}: 42 byte\\
153 \textbf{''file''-output}: ASCII text, with no line terminators\\
154 \textbf{sha512}\\\ttfamily{
155 47bae836b0320214341f89a8be9831ec6d8921970292488522aea4d1b41da6ea\\
156 68921775c50de78cd06ffd7bb092c0e2fee7a00f6b2ba0153d7ccb3240531132}
160 \subsubsection{wasted.jpg}
161 The File is a picture of spongebob and another individual.
163 \textbf{size}: 100058 byte\\
164 \textbf{''file''-output}: JPEG image data, JFIF standard 1.01\\
165 \textbf{sha512}\\\ttfamily{
166 61aa8217eb71360c9c15255f73ab849dc173384de6465d18c276f6a4a4bbc236\\
167 f14a5968e96f12102a9e6c44d7736c4ebc703881db0fe18797446db0db4f9a3e}
171 \newpage\section{Analyze (2 points)}
172 \subsection{How much time is needed for brute forcing different password lengths and character sets?}
173 Numeric passwords have only 10 possible states with one digit.\\
174 With a 4 digit password it would take at max (10**4) 10000 operations to bruteforce such a password.\\
175 If we add lowercase characters, we get 36 possible states with one digit.\\
176 With a 4 digit password it would take at max (36**4) 1679616 operations to bruteforce such a password.\\
177 If we add uppercase letters, we get 62 possible states with one digit.\\
178 With a 4 digit password it would take at max (62**4) 14776336 operations to bruteforce such a password.\\
179 We can add non-alphanumeric characters to get even more possible states with one digit.\\
182 \subsection{What is the minimum password length and complexity for having a secure container for at least 10 years? (You may assume constant computing power)}
183 10 years have 315576000 seconds. On my machine/setup I can probe for 18 passwords per second.\\
184 If we assume that we can probe 18 passwords per second (in my setup), we need a password that needs at least 5680368000 operations to bruteforce to get a secure container for 10 years.\\
185 This would be a numeric password with 10 digits, an alphanumeric password with 7 digits, an mixedcase alphanumeric password with 6 digits.\\
186 Using non-alphanumeric characters will decrease the min-required-digits-on-my-setup even further.\\
187 But as one can assume that professional bruteforcing involves distributed GPU or ASIC powered cracking a password should be way longer than that in order to be safe from evil guys like the NSA.
190 \newpage\section{Details}
191 \subsection{Container}
193 \textbf{size}: 1048576 byte\\
194 \textbf{''file''-output}: data\\
195 \textbf{sha512}\\\ttfamily{
196 543d0debc10eb3d2a8cc584eec273b84526891cbb2c594bd92150596b96b56c4\\
197 44d1fd8e55f3434eb1f2d9386f4c91af0151832125e5f707eb4d4815bf793b78}
201 \subsection{Used tools}
202 Tools that were used for analysis (-{}-version):
205 \item sha512sum (GNU coreutils) 8.5
206 \item wc (GNU coreutils) 8.5
207 \item ls (GNU coreutils) 8.5
210 \subsection{Machine tools}
212 \item \textbf{Virtual machine}\\
213 Linux debian 3.2.0-0.bpo.4-amd64 \#1 SMP Debian 3.2.51-1~bpo60+1 x86\_64 GNU/Linux
214 \item \textbf{Oracle VirtualBox} 4.3.10
215 \item \textbf{Host machine}\\
216 Linux rebx 3.14.0-gentoo-somenet.org \#1 SMP Sun Apr 6 01:00:17 CEST 2014 x86\_64 Intel(R) Core(TM)2 Duo CPU T9300 \@ 2.50GHz GenuineIntel GNU/Linux