Encryption in Investigations

Encryption in Investigations

· Discuss in your own words the effects that encryption can have on incident response activities, and explain how the use of encryption technologies prove to be detrimental to an investigation.

· Devise an example of incident where encryption could be used as protection from an intruder or attacker, and determine the actions that could be taken by the incident responders to manage the situation.


When dealing with encryption it can be challenging for incident response issues. Encryption is a great tool in securing your data for file transfer and to keep prying eyes such as employees from viewing files they should not have access to however, it can become a major liability once those files are decrypted should someone gain access to the key the whole network would become compromised.  Encryption has the ability to secure your data but it can also allow the entire process of detection down.  This would increase the length of time it would take for the IR team to be able to analyze the system for corrupted files.  In addition should you lose the key those files would become useless and could halt a forensic investigation.  I feel it is best to encrypt the data when sending or sharing files but when having data at rest sitting on a server it would be best to protect that server and not encrypt that section of data until it was moved or shared.


Public keys and private keys for encryption, there are several forms of encryption as data is encrypted either via a fixed size (block cipher) or bit-by-bit (stream cipher). Data at rest is better suited to be encrypted using a block cipher such as data encryption standard or the advanced encryption standard algorithm as these algorithms are rather computer intensive which provided better security and the data is encrypted a chunk at a time rather than bit-by-bit.  The asymmetric algorithms operate with the concept of two different keys ( a key pair) to perform cryptographic operations. The public key is used for encryption and the private key is for decryption. I believe this is the best method for sending or transferring data. Since you need both keys in order to open or read the information it makes it useless if someone steals the file during transfer but view the file since they do not have the private key to make it viewable.

Universal Key decryption for Investigation is definitely a strong asset for Security agencies and Law enforcements personals . It gives them an advantage to reach the core of the investigation by decrypting all kind of information whether its an email communication of the detained persons and prove their involvement in the incident .

Apart this in a conclusive manner its all depends upon the person or agencies whether they have a defined purpose to utilize the Universal Key in a proper manner . It can not be misused for any personal interest .

Comments are closed.