Professor Bill Buchanan of Napier University has written a series of articles for Company Connecting on Cyber Crime and the challenges that Digital Forensic Investigators face. Yesterday we looked at vishing. Over the next three days we look at tools utilised by those wishing to remain anonymous i.e. Tails, Telegram and Tor. We start with the operating system ‘Tails’.
The usage of encryption is increasing in protecting data while at rest (on disk), on the air (through the network), and even in memory (within RAM). Whilst we aim to protect the rights of privacy for individuals, the same methods can be used by criminals to hide their tracks.
Along with criminals, terrorists have become smarter in terms of spreading their message and in passing on information without being tracked by law enforcement agents. Recently the Afaaq Electronic Foundation (AEF), an arm of the Islamic State who are dedicated to “raising security and technical awareness” among jihadists, published their advice on how to avoid law enforcement surveillance.
Their message was broadcast on Telegram, with a message of "Stay calm and use strong encryption" (see Figure 2). It provides a focus on the three T's which are cause law enforcement to lose sleep: Tor, Telegram and Tails OS. Tails (The Amnesiac Incognito Live System) OS. With the Tails OS, we see an environment which focuses on leaving no trace on the computer and which aims to encrypt all the files, emails and instant messages (Figure 3).
As it's a live operating system, it boots from a USB stick, and this leaves no trace that it has been run (apart from in the running memory, and which will decay quickly). In the promotion of the operating system the creators define the terms of:
forgetfulness; loss of long-term memory.
incognito, adjective & adverb:
(of a person) having one's true identity concealed
and where they have built an operating system and application set to hide all traces of user activity. Like many of the other open source Linux distributions, it is a collection of tools required for privacy, such as using the Tor Browser (Figure 4). The Debian-based operating system even detects when it is running in a virtual environment, and not booted live from a USB stick/DVD.
Figure 2: "Stay calm and use strong encryption"
Figure 3: Tails OS install