• No se han encontrado resultados

5 ANALISIS FORENSE IM EN ORDENADORES

5.4 Análisis de WhatsApp en macOS

5.4.2 Estudio de artefactos

Trust list

This list contains the certificates to be accepted for TLS secured connections (e.g.

HTTPS, SIPS). You can add either individual endpoint certificates or a CA certificate if you want to accept all certificates issued by that CA.

Remove: Remove the selected certificate.

Clear: Remove all certificates from the trust list.

Details: Click the name of a certificate to view its details.

Download: Download a single certificate by clicking the PEM- or DER-link, respectively.

Download all: Download the complete trust list as a PEM-encoded text file.

You can upload that file to another box.

Upload: Select a local certificate file from your computer and press the Upload button to add it to the trust list. You can upload DER, PEM or PKCS#12 encoded certificates. PEM-files may contain multiple certificates. If you want to upload password encrypted certificates (PKCS#12 files only) you have to enter the password before clicking the upload button.

Rejected certificates

This list contains the certificate chains that were rejected before, while trying to establish a secure TLS connection. This happens for example if the certificate is expired or neither the certificate nor any of the issuing CAs is trusted. If one of the certificates should be trusted for future connections you can select and add it to the trust list, directly.

Trust: Add the selected certificates to the trust list and remove the corresponding chains from the rejected certificates.

Clear: Discard all rejected certificate chains.

Details: Click the name of a certificate to view its details.

Device certificate

The device certificate can be used by remote TLS endpoints to authenticate the identity of the device. In general this is not a single certificate but a chain containing the device certificate and the certificates of the intermediate CAs up to the root CA. A TLS connection can only be established if the remote endpoint trusts at least one of their certificates.

Trust: Add the selected certificates to the trust list.

Clear: This button is only displayed if a certificate was installed by the user, before. Click this button to discard the current device certificate and restore the standard certificate.

Renew: This button is only displayed if no certificate was installed by user, before. Click this button to renew the automatically generated standard certificate.

Create new: Click this link to create a new self-singed certificate or certificate request (see below).

Upload: Select a local certificate file and press the "Upload" button. You can upload a single certificate corresponding to the private key of a previously created certificate request in PEM, DER or PKCS#12 format. Instead of that you can upload a complete certificate chain containing the corresponding private key as a PEM or PKCS#12 encoded text file, too. If you want to upload password encrypted certificates (PKCS#12 files only) you have to enter the password before clicking the upload button.

Creating a self-signed-certificate Click the "Create new" link.

Type: Select "Self-signed certificate".

Key: Choose the bit strength of the key pair. Available bit-strengths are 1024, 2048 and 4096-bit. Optionally you can reuse the current key pair.

Validity: Select the Validity time in years.

Other naming options:

There are some other optional naming parameters (Common Name, Organisational Unit, Organization, Locality, State or Province, Country, up to three DNS Names, up to two IP Addresses). You can use them to describe the role of the device within your installation, for example.

Signing request

A certificate signing request contains a public key and an identity. While the corresponding private key is kept secret, the request is being sent to a CA. It will issue an appropriate certificate for the public key after it verified the identity.

Details: Click the name of the signing request to view its details.

Download: Download the signing request by clicking the PEM- or DER-link, respectively.

Remove: Discard the current signing request and the corresponding private key. As an implication certificates for that key cannot be installed, any more.

Creating a certificate signing request

Click the "Create new" link at the device certificate section.

Type: Select "Signing request".

Key: Choose the bit strength of the key pair. Available bit-strengths are 1024, 2048 and 4096-bit. Optionally you can reuse the current key pair.

Common Name: The common name should match with the name of the device. For example, if you access the web interface of the device with https://IP152-6a-52-60, the common name should be "IP152-6a-52-60" or "00-50-c2-6a-52-60".

Other naming options:

There are some other optional naming parameters (Organisational Unit, Organization, Locality, State or Province, Country, up to three DNS Names, up to two IP Addresses).

You can use them to describe the role of the device within your installation, for example. Keep in mind that the CA signing the request can modify these parameters according to their policies.

Uploading the response certificate from a CA See section about device certificate upload.

Application certificates

The application certificates are certificates for specific domains that are used by applications like SIP. The application uses the certificate that matches the own domain. So if you have a PBX with domain "example.com", SIP will fetch the certificate that has "example.com" as its common name.

Trust: Add the selected certificates to the trust list.

Remove: This button is only displayed if a certificate was installed by the user, before. Click this button to discard the current application certificate.

Details: To see details of the certificate the name has to be clicked.

Download: Download a single certificate from the chain by clicking the PEM or DER-link, respectively.

Create new: Click this link to create a new self-singed certificate or certificate request (see below).

Upload: Select a local certificate file and press the "Upload" button.

You can upload a single certificate corresponding to the private key of a previously created certificate request in PEM, DER or PKCS#12-format. Instead of that you can upload a complete certificate chain containing the corresponding private key as a PEM or PKCS#12 encoded text file, too. If you want to upload password encrypted certificates (PKCS#12 files only) you have to enter the password before clicking the upload button.

Creating a self-signed-certificate Click the "Create new" link.

Type: Select "Self-signed certificate".

Key: Choose the bit strength of the key pair. Available bit-strengths are 1024, 2048 and 4096-bit. Optionally you can reuse the current key pair.

Validity: Select the Validity time in years.

Other naming options:

There are some other optional naming parameters (Common Name, Organisational Unit, Organization, Locality, State or Province, Country, up to three DNS Names, up to two IP Addresses). You can use them to describe the role of the device within your installation, for example.

Signing request

A certificate signing request contains a public key and an identity. While the corresponding private key is kept secret, the request is being sent to a CA. It will issue an appropriate certificate for the public key after it verified the identity.

Details: Click the name of the signing request to view its details.

Download: Download the signing request by clicking the PEM- or DER-link, respectively.

Remove: Discard the current signing request and the corresponding private key. As an implication certificates for that key cannot be installed, any more.

Creating a certificate signing request

Click the "Create new" link at the device certificate section.

Type: Select "Signing request".

Key: Choose the bit strength of the key pair. Available bit-strengths are 1024, 2048 and 4096-bit. Optionally you can reuse the current key pair.

Common Name: The common name should match with the name of the device. For example, if you access the web interface of the device with https://IP152-6a-52-60, the common name should be "IP152-6a-52-60" or "00-50-c2-6a-52-60".

Other naming options:

There are some other optional naming parameters (Organisational Unit, Organization, Locality, State or Province, Country, up to three DNS Names, up to two IP Addresses).

You can use them to describe the role of the device within your installation, for example. Keep in mind that the CA signing the request can modify these parameters according to their policies.

Uploading the response certificate from a CA See section about application certificate upload.

4.5 Main Menu ETH0

mode of the interface will be shown.

In the most cases auto is the best choice for the link setup.

The MDI mode (permutation of receive and transmit) will be selected automatically with the ResistTel IP2 / IP152. Only with the ExResistTel IP2 / IP154 it is possible to setup the MDI mode.