Difference between pages "SSL forensics" and "Google Desktop Search"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (added Category:Network Forensics)
 
 
Line 1: Line 1:
'''SSL (TLS) forensics''' is the process of capturing information exchanged through SSL (TLS) connections and trying to make sense of it in some kind of forensics capacity.
+
{{Expand}}
 +
Google Desktop Search is an application for both [[Windows]] and [[Mac OS X]] that allows the user to index and then search their local hard drives. These applications integrate with other Google tools such as searching the web and [[Gmail]].  
  
== Overview ==
+
By default, the Mac version caches content that can be recovered even after the original has been deleted.
  
TLS (''Transport Layer Security'') provides authentication and [[encryption]] for many network protocols, such as: ''POP'', ''IMAP'', ''SMTP'', ''HTTP''. However, it is possible to tunnel almost every TCP-based protocol through TLS using such tools as [http://stunnel.mirt.net/ stunnel].
+
Google Desktop will be discontinued as of September 14 2011 [http://googleblog.blogspot.com/2011/09/fall-spring-clean.html]
  
Generally, many TLS realizations require only server to be authenticated using signed certificate.
+
== See Also ==
  
== Data decryption ==
+
[[Windows Desktop Search]]
  
Data exchanged through SSL (TLS) connections can be decrypted by performing ''man-in-the-middle'' attack. Attacker can modify TLS handshake and provide new certificates (with attacker's encryption keys).
+
== External Links ==
  
Some commercial [[network forensics]] systems can perform such an attack:
+
* [http://desktop.google.com/ Official website]
* Mera Systems [http://netbeholder.com/en/products/lawful_interception.html Sleek Buster] (supports signed by a trusted CA forged certificates)
+
* [http://en.wikipedia.org/wiki/Google_Desktop Wikipedia entry on Google Desktop]
* [http://www.edecision4u.com/edecision4u/Products.html E-Detective HTTPS/SSL Network Packet Forensics Device]
+
* [http://en.wikipedia.org/wiki/List_of_search_engines#Desktop_search_engines Wikipedia list of Desktop search engines]
  
As well as some open-source tools:
+
[[Category:Desktop Search]]
* [http://ettercap.sourceforge.net/ ettercap] (unsupported, last version - 2005/05/29)
+
* [http://monkey.org/~dugsong/dsniff/ dsniff] (obsolete, last stable version - 2000/12/17)
+
 
+
== Other information ==
+
 
+
The TLS protocol also leaks some significant information:
+
* Current date and time on a TLS client and server (old versions of [[Firefox]] and [[Thunderbird]] leak system's uptime);
+
* Hostname being accessed ("server_name" extension);
+
* Original data size.
+
 
+
== [[The Onion Router]] ==
+
 
+
[[Tor]] tunnels application data through TLS connections and it is not possible to decrypt such connections by performing traditional ''man-in-the-middle'' attack. [[Tor]] also sends application data in chunks to make it harder to guess exactly how many bytes users are communicating.
+
 
+
== Links ==
+
 
+
* [http://rfc.net/rfc2246.html RFC 2246 (TLS 1.0)]
+
* [http://rfc.net/rfc4346.html RFC 4346 (TLS 1.1)]
+
 
+
[[Category:Network Forensics]]
+

Latest revision as of 02:49, 9 June 2014

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Google Desktop Search is an application for both Windows and Mac OS X that allows the user to index and then search their local hard drives. These applications integrate with other Google tools such as searching the web and Gmail.

By default, the Mac version caches content that can be recovered even after the original has been deleted.

Google Desktop will be discontinued as of September 14 2011 [1]

See Also

Windows Desktop Search

External Links