File000094

Computer Hacking Forensic Investigator Exam 312-49 Printer Forensics

Module XL Page | 3551 Computer Hacking Forensic Investigator Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Computer Hacking Forensic Investigator (CHFI)

Module XL: Printer Forensics

Exam 312-49



News: Inkjet Research Could Aid Forensics

Source: http://www.pcworld.com/

Researchers in the United Kingdom have found that applying a chemical compound on inkjet printer can be used to read the content of a letter without removing it from an envelope. When the chemical compound disulfur dinitride is applied on an envelope which consists of a letter, the words are shown on the envelope to which it has been transferred.

The chemical compound applied to the envelope in gas form crystallizes the ink to make the print visible. In addition to this, fingerprints can also be seen using this compound. This results in a useful forensic tool to know the sender of the letter.



News: Particulate Emissions from Laser Printers

Source: http://www.sciencedaily.com/

Researchers are performing investigation to know whether a printer releases any particles into the air. Reports say that printers release pathogenic toner dust into the air. Researchers at the Fraunhofer Wilhelm Klauditz Institute WKI in Braunschweig, Germany, in collaboration with colleagues from Queensland University of Technology QUT in Brisbane, Australia, are investigating the reality of the reports and the actual particles emitted by printers. The results they came across are, laser printers hardly emit any particles of toner into the air. Some printers emit ultra-fine particles made of organic chemical substances, says WKI Prof. Dr. Tunga Salthammer.

Scientists have discovered a process that enables them to compare the quality, size, and chemical composition of emitted particles. Particle analyzers count the particles and measure their size distribution.

The cause of the emission is the fixing unit – a component that gets heated up at 220°C to put the toner particles onto the paper, explains WKI scientist Dr. Michael Wensing. Due to high temperature, paraffins and silicon oils are evaporated, resulting in ulta-fine particles.



Module Objective

This module deals with investigating printed documents and tracing the printer. It covers the different printing methods that are used for printing purposes, how the printing process is performed, how a particular printer can be identified from a printed document, how the documents are examined, and the different techniques and tools to identify and investigate on a printer.

This module will familiarize you with:

Introduction to Printer Forensics

Different Printing Modes

Methods of Image Creation

Printer Forensics Process

Digital Image Analysis

Document Examination

Phidelity

Cryptoglyph Digital Security Solution

DocuColor Tracking Dot Decoding



Module Flow



Printer Forensics



Introduction to Printer Forensics

Even with the increase in use of email and digital communication, the use of printed documents is on the rise. Many types of printed documents are noticeable by the printer. Some of the documents are identity documents, such as passports and other documents that are used for committing a crime.

The methods that are used in identifying documents include special inks, security threads, or holograms, and are expensive. An easy and cost-effective technique for printer forensics is the use of intrinsic and extrinsic features obtained from modeling the printing process.

It is observed that most of the criminals use printed material for different purposes, such as for changing documents of identity, recording transactions, and writing duplicate notes or manuals. Printed documents, such as instruction manuals, team rosters, meeting notes, and correspondence can help in catching criminals. The detection of devices used for printing documents provides valuable information to law enforcement and intelligence agencies for investigation.

There are various techniques for identifying the technology, manufacturer, and model of printer used for printing. The two commonly used methods for printer identification are passive and active.

The passive method identifies the internal characteristics of the printer, such as which printer is used, the type of model, and manufacturer's products.

In the active method, an extrinsic signature is embedded in the printed page. This signature is created by adjusting the process parameters in the printer, which encodes the identifying data, such as the printer serial number and the date of printing.



Different Printing Modes

Monochrome:

A monochrome printer generates an image containing only one color, usually black. It can produce different tones for those colors, such as a gray-scale.

Color printer:

A color printer generates images of multiple colors

Photo printer:

A photo printer is a color printer that impersonates the color range and resolution of the photographic process of printing. Most of them can be used autonomously without the use of a computer, with the use of USB, memory cards, etc.



Methods of Image Creation

The classification of the method used by the printers for image creation is:

Toner-based printers:

Toner-based printers use toners for printing. Toners are a kind of powder which is made of carbon or synthetic polymers. An electrostatic charge is uniformly distributed around a light sensitive device in the printer known as a drum. Toner-based printers adhere toners to a light sensitive print drum. Static electricity is used to transmit the toner to the printing medium to which it is fused with heat and pressure. Laser printers are toner-based printers that use precise lasers to cause adherence. LED printer uses an array of LEDs to cause toner adhesion.

Toner-based printers can print on both sides of a paper, reducing paper usage.

Inkjet printers:

Inkjet printers spread small and enough amounts (normally a few picolitres) of ink to media. An inkjet printer is useful in the case of color applications including photo printing. Inkjet printers perform by propelling variable sizes of droplets of liquid or molten material (ink) to a sized page.

Impact printers:

Impact printers are dependent on forceful impact in order to transfer ink to the media, similar to that of typewriters. A daisy wheel printer is an impact printer in which the type is molded around the edge of a wheel.

Dot-matrix printers:

Printers depend on a matrix of pixels, or dots, which combines to form a larger image. A dot matrix printer is specially used for impact printers that use a matrix of small pins to create accurate dots. It can generate graphical images in addition to text. It differs in print resolution and the overall quality is of 9 or 24 pin printheads. The resolution is more for more pins per inch.

Line printers:

Line printers print an entire line of text at a time.

The two principle designs of line printers are:

Drum printers:

The drum takes the entire character set of the printer repeated in each column that is to be printed



Chain printers or train printers:

The character set is positioned multiple times around a chain that moves horizontally past the print line

Digital minilab:

A digital minilab is a computer printer that makes use of traditional chemical photographic processes to print digital images. Inputs to digital minilab are photographs, which uses a built-in film scanner to capture images from negative and positive photographic films.

Dye-sublimation printer:

A dye-sublimation printer uses heat to transfer dye to the medium such as poster paper, plastic card, etc. It lays one color at a time with the help of a ribbon which has color panels.

The advantages of this printer are increased resolution and life of printouts. Printouts from this printer are waterproofed.

Spark printer:

A spark printer consists of a special paper that is coated with a layer of aluminium on a black backing, which is printed with the help of pulsing current onto the paper through two styli that move across on a moving belt at a high speed.



Printers with Toner Levels

Source: http://www.cs.dartmouth.edu/

Figure 40-01: Printer toner levels



Parts of a Printer

A printer is comprised of:

A print head with a print head connector

A carriage with a carriage connector, which can detach the print head from the print head connector

A driver for driving the print head

A microprocessor for controlling the driver in accordance with an N-bit print head identification signal, wherein N is a positive integer

A plurality of signal lines for connecting the microprocessor to the carriage connector

A parallel-to-serial converter, which is disposed on the print head, for converting N parallel inputs into an N-bit print head identification signal



Printer Identification Strategy

Two strategies to identify a printer used to print a document are:

Passive:

The passive strategy is characterized by finding the intrinsic features in the printed document which are characteristics of a particular printer, model, or manufacturer’s product. This is referred as the intrinsic signature. The intrinsic signature needs to understand and model the printer mechanism and develop mechanism tools to detect the signature in the printed document.

Active:

In the active strategy, an extrinsic signature is embedded in a printed page. An extrinsic signature is generated when the process parameters are modulated in the printer mechanism to encode the information that includes the printer serial number and date of printing. The information can be embedded using electrophotographic (EP) printers by modulating the intrinsic feature called banding.

Figure 40-02: Identifying a printer



Printer Forensics Process

Printer forensics is comprised of the following four basic steps:

Pre-processing

Printer profile

Forensics

Ballistics



Pre-Processing

A printed document is digitally scanned and saved in an uncompressed format. Each page of the document is prosecuted.

In the first stage, multiple copies of the same character are located in a scanned document. To perform this, the user first selects a bounding box around a character of interest to serve as a template.

In order to minimize the effect of luminance variations across printers, the intensity histograms of the characters are matched as follows:

Select a random set of characters and average their intensity histograms to create a reference histogram so that the luminance variations across printers is minimized

Each character’s intensity histogram is then matched to this reference histogram

A single character is then selected as a reference character. Each character is placed into spatial alignment with the reference character by using a coarse-to-fine differential registration technique.



Printer Profile

Once the characters are aligned properly, a profile is constructed based on the degradation introduced by the printer. Based on the complex nature of degradation, a data driven approach is used to characterize the degradation. A principal components analysis is applied to the aligned characters to create a new linear basis that embodies the printer degradation.



Forensics

In a forensics setting, determine if a part of the document has been manipulated:

Splicing in portions from a different document

Digitally editing a previously printed and scanned document and then printing the result.



Ballistics

In a ballistics setting, determine if a document was printed from a specific printer. A printer profile is generated from a printer to determine if the document in question was printed from this printer. Assume that the printer profile is constructed from the same font family and size as the document to be analyzed.



A Clustering Result of a Printed Page

The printed page shows a clustered result of the HP LaserJet and Xerox Phaser. The top part of the page is printed with an HP LaserJet 4350 and the bottom half was printed on a Xerox Phaser 5500DN. These documents are scanned and combined and printed on a HP LaserJet 4300 printer. A printer profile was created from 200 copies of the letter “a.” The printer profile is effective in detecting fakes composed of parts initially printed on different printers.

Figure 40-03: A Clustering result of a printed page (Source: http://www.cs.dartmouth.edu)



Digital Image Analysis

The digital image analysis technique is used to analyze patterns generated in the printed document due to uneven movements by the print engine. The uneven movement causes lines to be printed across a page instead of a solid smooth print, which is called banding.

The banding effect has been attributed to two causes:

Fine banding is because of the unevenness of the rotor component of the polygon mirror or due to mechanical flaws of the laser scanning unit

Rough banding is due to an uneven motion of the photoconductor drum or fuser unit

Patterns resulting from banding are different from one printer to another, and it can be used to match a document to a printer that produced it. The banding effect can vary the size of a print across the page in patterns that differ based on the printer used. Digital image analysis is used to identify and measure the size variations.

A high-spatial-resolution digital image analysis system is built that consists of a Hamamatsu C4742-95-12NRB monochrome digital CCD camera. The main feature of the camera is that the CCD chip is Peltier- cooled to increase its signal-to-noise ratio. A high-quality Linos Mevis C lens is used to magnify the object’s image that improves the resolution of the images produced by the camera. The accuracy of the measurement is supported with the use of an LED light source from a DF-LDR-90. The illumination system is powered by a TTI EL302D power supply and regulated by RS components. The camera is mounted on a heavy Polaroid MP4 Land camera stand to negate vibration problems.



Printout Bins

Printout bins are a staging area of a document after it has been printed. A printout provides the information about the project and the user who printed the document.

There is a method and system for identifying and facilitating access to computer printouts contained in an array of printout bins.

Each printout contains the information of the related project and the user who printed the document.

The bin consists of the information that uniquely identifies the user by name, PIN number, the user project number, the date and/or time the printout was prepared, etc.

The bin access is allowed only if:

Acceptable confidential user identification is presented

At least one printout for that user is presently contained in the locked bin



Document Examination

Document examination is an important aspect in printer forensics to analyze documents.

Printed documents can be examined to:

Find a genuine or counterfeit document

Determine the way a document was generated

Find the machine used print the document

The various factors considered by a document examiner are:

The paper type (physical properties, optical properties)

Security features of the paper (e.g. watermark)

Printing process used

Verifying other digital evidence such as perforations

Microscopic analysis reveals tiny imperfections which links documents from one to another

The different aspects of the examination are:

Altered or obliterated writing:

o The presence of physical alterations or obliterated writing can sometimes be determined and the writing can sometimes be deciphered

o The manufacturer can sometimes be determined if a watermark is present

Examining date of the document:

o Paper examination - The letterheads and watermarks of business or personal stationery will be changed from time to time by the manufacturer. Samples of such papers will help in determining whether a document exists in that time period.

o Typescript - Comparison of printed documents produced by an organization over a period of time. This can this can help an investigator conclusion whether a printer was used for a certain period of time or just recently.

Signature examination:

o A signature examination is performed mainly to compare the signatures of the specimen (provable) to the questioned (disputed) signatures

o In a signature comparison, the features of the questioned signature(s) - construction, shape, proportions, and fluency - are reviewed and then matched to the same features in the specimen signatures

Examining spur marks found on inkjet-printed documents:

o Spur marks are the tool marks formed by the spur gears in the paper conveyance system of many inkjet printers

o The spur marks on the printed document are compared with the spur marks of known printers to know the relationship between them

o The comparison of two spur marks is based on the characteristics pitch and mutual distance



Services of a Document Examiner

A document examiner examines the printed documents to find the links to other documents or printers. He/she is also responsible for finding the printer used to print the document.

The document examiner examines the document for any alterations, counterfeiting of the document, and substitutions.

The document examiner conducts research related to the document.

The research includes finding comparable documents to verify authenticity, the paper used, the type of printer, etc.

The examiner conducts tests on the documents to find the conclusions. She/he prepares a review based on the outcome of the tested documents.



Tamper-Proofing of Electronic and Printed Text Documents

Text document should be tamper proofed and authenticated to distribute them in electronic or printed forms. A text document authentication system tests the authenticity of a text document. The authenticity is performed at a global level in which a system gives a binary decision about the entire document, i.e. authentic or fake.

If the system performs decisions at the local level it is referred as a “text document and tamper-proofing system.” A text document authentication and tamper-proofing system aims at validating the authenticity of a text document and representing the local modifications, if the document is assumed to be a fake.

A solution to the document authentication is the generation of a document hash, which is securely stored. To perform authentication, a hash value is generated from the document and compared with the stored hash.

For the document to be authentic, the two hash values should be identical. Tamper proofing is based on the concept of local hashing, where hashing is computed from each local part of the document. This will ensure identifying the local parts where the modifications are done to the document.

There are three approaches to a hash-based document authentication based on where the hash is stored:



Hash storage in an electronic database

Hash stored in the document itself by using auxiliary special means of 2D bar codes, special links or crystals, memory chips, etc.

Hash stored in the document content by using data hiding techniques



Phidelity

Phidelity is a technology used to enhance the security of printed documents by providing layers of protection.

It provides five security features that work independently to ensure the document’s security.

Phidelity’s Optical watermark uses normal printers differently to print visual covert and overt watermarks. When a document with optical watermark is copied then the overt watermark disappears and covert watermark is made visible, showing that the document is a copy. It generates secured optical watermarks against different types of attacks with the use of common desktop printers, eliminating the need of special inks and papers. Optical watermark offers an easy way to verify the important documents via quick visual verification.

Phidelity SecureCODE is the result of creative use of open standards in both 2-Dimensinal (2D) barcodes and Public Key Infrastructure (PKI). A 2D barcode graphically represents the data and PKI is a technology that implements trust using digital signatures, certificates, and secrecy through the use of encryption when required. Combining the two technologies forms a synergy to create SecureCODE which is verified to discover the tampering of the document content.

Phidelity’s Microprint is an innovative feature to print in small fonts. It appears as an underline to the naked eye which actually contains the textual information that can be read using a magnifying glass. When printing an important document as Microprint, any casual copy of the original document will result in distorted text in the duplicates. It provides an efficient way of verifying the authenticity of a document.

Phidelity’s Print control makes use of a novel way to control printing. This helps in restricting the printing of a document more than needed. It reduces the risk of information leakage by restricting the number of documents printed. PrintControl is highly user-centric by providing automated printer detection, selection for printing, and dynamic configuration of optical watermark based on the specific printer to achieve the best watermark effect for security. It prevents printing of secured documents to virtual printers such as PDF creator.

Phidelity’s ID Trace covertly embeds the tracking information related to document identification into a printed document. This helps in tracing the document after it has been printed. It is used as a forensic tool to find the source of the leakage.



Zebra Printer Labels to Fight against Crime

Source: http://www.zebraprinterlabels.net/

Law enforcement agencies depend on Zebra printer labels for exact and confidential printing needs at the time of collecting important criminal evidence. Zebra printer labels helps to identify criminal evidence more quickly with Zebra bar code printers. They produce ID badges (for both criminals and law enforcement) and maintain criminal records confidentially and safely.

The labels allow law enforcement agencies to collect evidence effectively and in a timely manner. The Zebra printer labels used by the law enforcement agencies to fight against crime are:

High performance bar code printers

Industrial and commercial bar code printers

Mobile printers

PAX print engines



Cryptoglyph Digital Security Solution

Source: http://www.alpvision.com/

The Cryptoglyph security process provides an invisible marking with standard ink and standard printing processes. It can be included in the current packaging production line or other document processing workflow before printing. Embed the invisible Cryptoglyph file in the prepress digital packaging image file or produce it before printing it with the document processing system. Cryptoglyph does not require any packaging design or page template modifications.

Unlike the processes which use additional elements such as inks and holograms, Cryptoglyph uses standard ink during the standard printing process. It can be perceptible only with the use of the appropriate equipment.

The two elements in Cryptoglyph are:

1. Print the invisible micro-points over the entire area of the primary packaging or secondary packaging. These micro-points are impossible to replicate or erase due to its invisible nature.

2. These micro-points consist of encrypted information that can be deciphered using the encryption key.



Case Study: Dutch Track Counterfeits via Printer Serial Numbers

Source: http://www.pcworld.idg.com.au/

Printouts reveal hidden code information about the printer it was printed from. The Dutch police force solved the cases related to prints with the help of printer manufacturers. Government agencies use this hidden information to fight against counterfeiters.

Security:

The Canon company strives to protect customers from counterfeits. Anna McIntyre, PR manager at Canon Europe, says that protection from counterfeits is crucial and it has fitted all of its color machines with anti-counterfeits detection technology. Canon works with different authorities in order to minimize counterfeits.

Sources who know the printer industry reveal that the security code is a unique number which is printed on every color page from a particular printer. The code can be printed as thin as 0.1 millimeter. This indeed helps to find out which county delivered a specific printer, and to which dealer.

Success:

"We are familiar with this research method," said Ed Kraszewski of the Dutch national police agency KLPD. The spokesman did not reveal that the method is used deal with counterfeits, but sources said that the Dutch Railway Police is investigating a gang which is counterfeiting tickets.

Research:

Researchers at Purdue University in West Lafayette, Indiana, explained a method they developed that allows authorities to trace documents of specific printers. Technique used to trace the documents are: by analyzing the document to identify characteristics that are unique for each printer, and by designing printers to purposely embed individualized characteristics in documents.

"Investigators want to be able to determine that a fake bill or document was created on a certain brand and model of printer," said Edward J. Delp, a professor of electrical and computer engineering at Purdue.

Researchers used specific software for detecting slight variations in printed characters that they call intrinsic signatures.



Is Your Printer Spying On You?

A printer is an important factor for the investigation of a crime. A printer notes the information about the documents that are printed. Nowadays, new printers, which can contain a secret code, are available. This secret code is already installed in the printer during its manufacturing. This code is used to detect the printer and the person who used it.

This printer has helped forensics investigating organizations, such as the FBI, to monitor the documentation activities of organizations. According to a report by the ACLU, since 2001, the FBI has collected more than 1100 pages of documents from organizations and groups, such as Greenpeace and United for Peace and Justice.



DocuColor Tracking Dot Decoding

DocuColor Tracking Dot Decoding is a part of the Machine Identification Code Technology project. DocuColor color laser printers print the tracking code on a printout page, which reads the date, time, and the printer’s serial number.

These printers print rectangular grids of 15 by 8 miniscule yellow dots on every color page. The same grid is printed repeatedly on the complete page, but the repetition of grids started somewhat different from other grids. Due to this, each grid is separated from other grids. All the grids are printed parallel to the side of a page, and are slightly different from other grids.

These yellow dots have different background colors, so they are invisible to the naked eyes under white light. You can see that dots with the help of a microscope or by illuminating the page in blue light. Under pure blue light, these dots look black.



Figure 40-04: Image of the dot grid produced by a Xerox DocuColor 12 (Source: http://www.infowars.com)

Figure 40-05: Image of a portion of the dot grid (Source: http://www.infowars.com)

Image of one repetition of the dot grid from the same Xerox DocuColor 12 page, under illumination from a Photon blue LED flashlight:



Figure 40-06: Illumination from a Photon blue LED flashlight (Source: http://www.infowars.com)

Figure 40-07: Black dots in the microscope image (Source: http://www.infowars.com)



Explanatory text that show the significance of the dots:

Figure 40-08: Significance of dots (Source: http://www.infowars.com)

The topmost row and first left column are the parity row and column used for error correction. They help the investigator to read the forensic information accurately. All the rows and columns, except the topmost row, contain an odd number of dots. If any row or column has an even number of dots, then it has been read incorrectly. Every column consists of seven bits, (excepting the first, because it is the parity bit). Then bytes are read from right to left. Each column has a different meaning as explained in the following:

15: unknown. It is constant for each separate printer. It gives some information about the printer’s model and its configuration

14, 13, 12, 11: Serial number of the printer in binary coded decimal fashion

10: Separator

9: It is unused

8: Indicates the year when the page was printed

7: Indicates the month

6: Indicates the day of printing

5: Indicates the hour when the page was printed

4, 3: Unused

2: Minute

1: It is row parity bit, which shows that all rows consist of an odd number of dots



Tools



Print Spooler Software

Source: http://www.networkprinting.info/

The print spooler is meant to send the documents to be printed to the print queue for processing, which allows the CPU and the printer to concentrate on other tasks before printing the data present in the print queue. The print spooler has many duties in managing the print process. It manages the printing pools, maintains the track record on which task went to which printer, and the devices that are connected to the port.

The print spooler is also called the print scheduler, since it schedules the jobs to be done. The spooler maintains a file that is to be printed, emailed, faxed, or sent to a device which is presently used by other tasks. It gives flexibility to the user to delete a file that is about to be processed or presently waiting to be printed.

The print spooler prints the document to the intended printer when the printer is ready. It allows system resources to perform other tasks, where the Line Printer Requester (LPR) print spooler performs the printing process.



Investigating Print Spooler

For each print job in Windows XP, the files found in C:\Windows\System32\spool\Printers folder are:

.SPL - the spool file consists of the print job’s spool data

.SHD - the shadow file consists of the job settings

To view the metadata of the print job, use the PA Spool View tool. To view the spooled pages, use the EMF Spool View tool.

Enhanced metafiles provide true device independence. Enhanced metafiles are standardized, which allows pictures stored in this format to copy from one application to other.

Check the spool folder location of a specific printer by opening the registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers \<printer>

Figure 40-09: EMF Spool View tool (Source: www.clubhack.com)



Figure 40-10: PA Spool View tool (Source: www.clubhack.com)



Printer Tools: iDetector

Source: http://www.graphicsecurity.com/

iDetector is an effective tool to visually compare inspected documents and products with genuine ones. It is ideal for brand owners and document examiners, and can generate and record information about the authentication performed. Brand integrity inspectors can easily capture checkpoints on genuine products, and add them to a secure database. Captured images of inspected products can be verified on the spot, or transferred via the Internet to the authentication server.

Figure 40-11: Screenshot of iDetector



Printer Tools: Print Inspector

Source: http://www.softperfect.com/

Print Inspector is a powerful print management and auditing solution for your corporate network. This software lets you manage the print jobs queued to any shared printer and provides easy access to the printer and print server settings. It saves detailed statistics about all printed documents in a separate database. A built-in reporting tool lets you create various reports based on the collected data about all printed documents.

Figure 40-12: Screenshot of Print Inspector



Tool: EpsonNet Job Tracker

Source: http://www.business-solutions.epson.co.uk/

EpsonNet Job Tracker is web-based application software. It gives a clear picture of what is being printed, where and by whom, thereby helping you control your printing costs.

Epson NetJob Tracker Benefits:

Monitors and analyzes network printer activity

Controls access to color, keeps costs down

Manages print resources, improves network traffic

Defines printer activity, calculates, assigns and recovers costs

Sends reports automatically to departments and managers

Controls by time of day, type of printing, number of pages



Summary

Printer forensics refers to the investigation done on any printed document or the printer used to print the document

Investigation of the documents and printers will provide valuable information for the law enforcement agencies and intelligence agencies

Different printing modes are monochrome , color printer, and photo printer

Methods used for image creation are: toner-based printers, inkjet printers, impact printers, dot-matrix printers, line printers, digital minilabs, dye-sublimation printers, spark printers

A printed document is first digitally scanned and saved in an uncompressed format

Methods and systems for identifying and facilitating access to computer printouts are contained in an array of printout bins



Exercise:

1. Describe what you understand by “printer forensics.”

2. What are the different methods of image creation?

3. Describe the printer forensic process.

4. Explain digital image analysis.

5. Discuss printout bins.

6. How is tamper-proofing of electronic and printed text documents done?



7. How is Phidelity is used to enhance the security of printed documents?

8. What is the Cryptoglyph security process?

9. Explain DocuColor Tracking Dot Decoding.

10. Discuss the different tools used in printer forensics.



Hands-On

1. Visit http://www.spiritus-temporis.com/ and read about computer printers.

2. Download the Print Inspector from http://www.softperfect.com/products/pinspector/, run it,

and check the results.

3. Visit http://www.undocprint.org/ and read “Ways to investigate print spooler.”

4. Visit http://www.alpvision.com/ and read “Cryptoglyph Digital Security Solutions.”

File000094

Technology

Transcript of File000094