The 3T challenge for digital forensics: Tails, Telegram and Tor
In a world on Microsoft Windows, the job of the digital forensics investigator has been relatively easy. The operating system and applications leave lots of fragments of evidence, and these are relatively easy to piece together. In a world of encryption-by-default and the increasing use of Web-based systems, the role is going to get a whole lot more difficult, as secure messaging, secure operating systems and secure network connections can be used to hide all traces of applications, connections and data.
Recently the Afaaq Electronic Foundation (AEF), an arm of the Islamic State who are dedicated to “raising security and technical awareness” among jihadists, published their advice on how to avoid law enforcement surveillance. Their message was broadcast on Telegram, with a message of “Stay calm and use strong encryption”:
It provides a focus on the three T’s which are cause law enforcement to lose sleep: Tor, Telegram and Tails OS.
Tails (The Amnesiac Incognito Live System) OS
With the Tails OS, we see an operating system which focuses on leaving no trace on the…
