added "assignment1"

[pub/jan/digfor.git] / report1 / main.tex

\RequirePackage{snapshot} % stats of included files: $filename.dep

\documentclass[12pt,a4paper,ngerman]{article}
\usepackage[ngerman]{babel}

%%%%% Formatting and encoding %%%%%
% encoding
\usepackage[T1]{fontenc}
\usepackage[utf8]{inputenc}

% page
\usepackage[columnsep=1.75cm,lmargin=1.75cm,rmargin=1.75cm,tmargin=2.5cm,bmargin=2.5cm]{geometry}
\setlength{\parindent}{0pt}

\usepackage{fancyhdr}
\pagestyle{fancy}
\lhead{}
\chead{}
\rhead{}
\cfoot{}
\fancyhead[LE,RO]{\leftmark}
\fancyfoot[LE,RO]{\thepage}

% Use sans serif font.
\renewcommand*{\familydefault}{\sfdefault}

% change heading fontsizes.
\usepackage{sectsty}
\subsectionfont{\normalsize}
\subsubsectionfont{\small}

% \chapter hacks
% Create \Hide command (used for chapters)
\usepackage[explicit]{titlesec}
\newcommand*\Hide{\titleformat{\chapter}[display]{}{}{0pt}{\Huge}\titleformat{\part}{}{}{0pt}{}}

% inhibit creation of new double page on new chapter.
\usepackage{etoolbox}
\makeatletter
\patchcmd{\chapter}{\if@openright\cleardoublepage\else\clearpage\fi}{}{}{}
\makeatother

% change heading margins.
\titlespacing*{\chapter}{0pt}{0pt}{-40pt}
\titlespacing*{\section}{0pt}{9pt}{3pt}
\titlespacing*{\subsection}{0pt}{6pt}{0pt}
\titlespacing*{\subsubsection}{0pt}{0pt}{0pt}

% make \paragraph do newlines
\makeatletter
\renewcommand\paragraph{\@startsection{paragraph}{4}{\z@}
  {-.75ex \@plus -1ex \@minus -0.2ex}
  {0.01pt}
  {\normalfont\normalsize\bfseries}
}
\makeatother

%%% TOC changes %%%
% inhibit "Contents" Head in TOC
\makeatletter
\renewcommand\tableofcontents{\@starttoc{toc}}
\makeatother

%make toc consider Chapter and section only.
\setcounter{tocdepth}{3}

% disable chapter, section, ... numbering
\setcounter{secnumdepth}{-1}

%%% /TOC changes %%%

% make footnote numbering reset on every page.
\usepackage[hang,flushmargin,perpage]{footmisc}
%%%%% / Formatting %%%%%

% includable git commit info
\usepackage[missing=run\ build.sh\ or\ gitinfohook.sh]{gitinfo}

% Fürs "last generated" Datum
\usepackage[iso]{isodate}

% Image import stuff
\usepackage[absolute]{textpos}
\usepackage{graphicx}
\DeclareGraphicsExtensions{.pdf,.png,.jpg}

% clickable references/links/...
\usepackage{hyperref}

% euro-sign
\usepackage{eurosym}
\DeclareUnicodeCharacter{20AC}{\euro}

% frames
\usepackage[framemethod=default]{mdframed}
\newmdenv[linecolor=red,backgroundcolor=yellow]{yellowframe}

% quotes
\usepackage[babel,german=quotes]{csquotes}


% START DOCUMENT
\begin{document}\thispagestyle{empty}


\section*{RFC/Cover}
As there is no template or any information on how and what shall (not) be included in a report or how a report should look like, this report is a work-in-progress-RFF (request for feedback).\\

\section*{Cover}
be here...\\
Is there a template for me to use?\\
i can has a real forensic report?\\

\section*{Author}
\textbf{Jan Vales\\0726236\\\url{mailto:jan@jvales.net}\\\\
Assignment 1: Truecrypt\\Digital Forensics\\188.922-2014S}

\newpage

\section*{Table of Contents}\begin{footnotesize}\tableofcontents\end{footnotesize}
\subsection*{Version}\begin{footnotesize}\url{http://git.somenet.org/?p=priv/jan/digfor.git}\\
git clone \url{ssh://git@git.somenet.org:666/priv/jan/digfor}\\
This is revision: \textbf{\gitAbbrevHash}. Document (.tex) compiled on: \textbf{\today}
\end{footnotesize}\vspace{\fill}\newpage


\newpage\section{Questions (6 points)}
\subsection{What is the password of the container?}
After cracking the password using bruteforce the password was found to be
\begin{quote}4865\end{quote}

\subsection{What is the secret in the container?}
The container had a file secret.txt with the following content
\begin{quote}\ttfamily{64e86b30466d506fdf6c0cd976ef4ba798a9cd4faf}\end{quote}

\subsection{What was saved in the container by Spongebob?}
The container had 3 files in it:\\

\subsubsection{awesome.jpg}
The File is a picture of spongebob looking at a rainbow.
\begin{quote}
\textbf{size}: 362372 byte\\
\textbf{''file''-output}: JPEG image data, EXIF standard\\
\textbf{sha512}\\\ttfamily{
d27a77d59c21732d5edd192423ab8402fee3e46e0aa2bfde5f7032c2f7ee706c\\
772ab08658e48c7558737809c00ce70355bdfaa1ca588d21ca43081eb4f2119a}
\end{quote}

\subsubsection{secret.txt}
File contains a hexadecimal String of length 42.
\begin{quote}
\textbf{size}: 42 byte\\
\textbf{''file''-output}: ASCII text, with no line terminators\\
\textbf{sha512}\\\ttfamily{
47bae836b0320214341f89a8be9831ec6d8921970292488522aea4d1b41da6ea\\
68921775c50de78cd06ffd7bb092c0e2fee7a00f6b2ba0153d7ccb3240531132}
\end{quote}


\subsubsection{wasted.jpg}
The File is a picture of spongebob and another individual.
\begin{quote}
\textbf{size}: 100058 byte\\
\textbf{''file''-output}: JPEG image data, JFIF standard 1.01\\
\textbf{sha512}\\\ttfamily{
61aa8217eb71360c9c15255f73ab849dc173384de6465d18c276f6a4a4bbc236\\
f14a5968e96f12102a9e6c44d7736c4ebc703881db0fe18797446db0db4f9a3e}
\end{quote}


\newpage\section{Analyze (2 points)}
\subsection{How much time is needed for brute forcing different password lengths and character sets?}
Numeric passwords have only 10 possible states with one digit.\\
With a 4 digit password it would take at max (10**4) 10000 operations to bruteforce such a password.\\
If we add lowercase characters, we get 36 possible states with one digit.\\
With a 4 digit password it would take at max (36**4) 1679616 operations to bruteforce such a password.\\
If we add uppercase letters, we get 62 possible states with one digit.\\
With a 4 digit password it would take at max (62**4) 14776336 operations to bruteforce such a password.\\
We can add non-alphanumeric characters to get even more possible states with one digit.\\


\subsection{What is the minimum password length and complexity for having a secure container for at least 10 years? (You may assume constant computing power)}
10 years have 315576000 seconds. On my machine/setup I can probe for 18 passwords per second.\\
If we assume that we can probe 18 passwords per second (in my setup), we need a password that needs at least 5680368000 operations to bruteforce to get a secure container for 10 years.\\
This would be a numeric password with 10 digits, an alphanumeric password with 7 digits, an mixedcase alphanumeric password with 6 digits.\\
Using non-alphanumeric characters will decrease the min-required-digits-on-my-setup even further.\\
But as one can assume that professional bruteforcing involves distributed GPU or ASIC powered cracking a password should be way longer than that in order to be safe from evil guys like the NSA.


\newpage\section{Details}
\subsection{Container}
\begin{quote}
\textbf{size}: 1048576 byte\\
\textbf{''file''-output}: data\\
\textbf{sha512}\\\ttfamily{
543d0debc10eb3d2a8cc584eec273b84526891cbb2c594bd92150596b96b56c4\\
44d1fd8e55f3434eb1f2d9386f4c91af0151832125e5f707eb4d4815bf793b78}
\end{quote}


\subsection{Used tools}
Tools that were used for analysis (-{}-version):
\begin{itemize}
\item TrueCrack v3.5
\item sha512sum (GNU coreutils) 8.5
\item wc (GNU coreutils) 8.5
\item ls (GNU coreutils) 8.5
\end{itemize}

\subsection{Machine tools}
\begin{itemize}
\item \textbf{Virtual machine}\\
Linux debian 3.2.0-0.bpo.4-amd64 \#1 SMP Debian 3.2.51-1~bpo60+1 x86\_64 GNU/Linux
\item \textbf{Oracle VirtualBox} 4.3.10
\item \textbf{Host machine}\\
 Linux rebx 3.14.0-gentoo-somenet.org \#1 SMP Sun Apr 6 01:00:17 CEST 2014 x86\_64 Intel(R) Core(TM)2 Duo CPU T9300 \@ 2.50GHz GenuineIntel GNU/Linux
\end{itemize}

\end{document}