LITIGATION SUPPORT TIP OF THE NIGHT

A free utility called WireShark can be downloaded at https://www.wireshark.org/ . It's a network protocol analyzer. Go to the Interface list and select a network connection, and then click Start. Transmission Control Protocol (TCP) traffic is in green; and User Datagram Protocol (UDP) traffic is in light blue.

TCP network protocols will request lost files when a connection is lost. UDP will not do this if there is an interruption. TCP messages are always sent in order, whereas UDP messages can arrive out of order. If TCP messages do arrive out of order, resend requests are sent, and the sequence needs to be put back in order. Black rows in WireShark signify when a TCP connection has a problem like this. In UDP individual packets are sent one by one. TCP has packets but they are sent in a stream with nothing to show where one begins and another ends. The World Wide Web; SMTP email; FTP are examples of TCP. Voice over IP (VoIP) and Domain Name System (DNS) are UDP.

The National Institute of Standards and Technology makes a free cybersecurity framework reference tool available on its site at: https://www.nist.gov/file/15696. Unzip and run the .exe file and you'll get a great tool that will help a firm or client implement cybersecurity practices according to standard practices and guidelines.

As you can see the framework has five main stages: IDENTIFY; PROTECT; DETECT; RESPOND; RECOVER.

This little program really just integrates outlines of five different cybersecurity guides. The Council on Cybersecurity's Critical Security Controls; Control Objectives for Information and Related Technologies COBIT 5; International Society for Automation's 62443 Standards; the International Organization for Standardization / International Electrotechnical Information Security Management ISO/IEC 27001:2013; and the National Institute of Standards and Technologies' Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53 Rev. 3.

The Framework really just points you to specific sections in each resource in which you can look up more specific information on how to address particular problems. So in this selection we see where to find more information on how to make sure your detection processes can deal with anomalous events by making concerned parties aware of them.

There's another great utility available from the French company, IDRIX, called VeraCrypt. See: https://www.idrix.fr/Root/content/category/7/32/60/ . This is based on TrueCrypt, and can open TrueCrypt volumes. IDRIX claims that its utility has enhanced security features, which they concede come with the trade-off of encrypted files taking longer to open.

A helpful tutorial on how to use the utility is available here. VeraCrypt comes with a cool James Bond style feature allowing you to create a hidden volume inside the encrypted data. So even if someone forces you to reveal the password for the encrypted drive, partition, or file, your truly sensitive data can remain out of the hands of your foes. The 'free' space on any volume encrypted with VeraCrypt is always actually filled with random data, so there's no way to tell that there's extra space taken up with useful data. The hidden data is simply accessed with a password that is different from your decoy data.

VeraCrypt has you select both an encryption algorithm and a hash algorithm. The encryption algorithm encoded the data so it can only be accessed with a password. The hash algorithm allows the recipient to confirm that they have received the same exact data you intended to send.

An odd feature of VeraCrypt is that the wizard makes you generate the encryption keys by randomly moving your mouse cursor around on the screen . . .

A VeraCrypt file will appear as an extensionless file with the file size of the data you specified that it could be capable of holding - not just what you added.

The recipient clicks 'Select File' to browse to the encrypted file, and then clicks MOUNT to enter the password.