Anti forensic

Anti forensic

• 1.
  Anti – ComputerForensic
• 2.
  What is Anti-Forensic •Anti-forensics is more than technology. It is an approach to criminal hacking that can be summed up like this: Make it hard for them to find you and impossible for them to prove they found you.”
• 3.
  Sub Categories • • • • data hiding artifactwiping trail obfuscation attacks against the CF (computer forensics) processes • Tools – Counter Forensics
• 4.
  Purpose & Goals •purely malicious in intent and design • should be used to illustrate deficiencies in digital forensic procedures, digital forensic tools, and forensic examiner education – – 2005 Black Hat Conference by anti-forensic authors – James Foster & Vinnie Liu. – forensic investigators will have to work harder to prove that collected evidence is both accurate and dependable.
• 5.
  Data Hiding • processof making data difficult to find while also keeping it accessible for future use. • encryption, steganography and other various forms of hardware/software based data concealment • different data hiding methods makes digital forensic examinations difficult • When the different data hiding methods are combined, they can make a successful forensic investigation nearly impossible
• 6.
  Encryption • commonly usedtechniques to defeat computer forensics is data encryption. • Presentation on encryption and anti-forensic methodologies the Vice President of Secure Computing, Paul Henry, referred to encryption as a “forensic analyst's nightmare”.
• 7.
  • publicly availableencryption program • Through the use of modern encryption algorithms and various encryption techniques these programs make the data virtually impossible to read without the designated key
• 8.
  Steganography • information orfiles are hidden within another file in an attempt to hide data by leaving it in plain sight. • “Steganography produces dark data that is typically buried within light data (e.g., a nonperceptible digital watermark buried within a digital photograph).” • steganography has the capability of disrupting the forensic process when used correctly
• 9.
  Other Form ofData Hiding • tools and techniques to hide data throughout various locations in a computer system • memory, slack space, hidden directories, bad blocks, alternate data streams, (and) hidden partitions. 1) Slacker - breaks up a file and places each piece of that file into the slack space of other files. 2) bad sectors. To perform this technique, the user changes a particular sector from good to bad and then data is placed onto that particular cluster
• 10.
  Artifact Wiping • - Disk CleaningUtilities DBAN SRM BC Wipe Total Wipeout KillDisk PC Inspector Cyber scrub CyberCide CMRR Secure Erase (Approved By NIST & NSA)
• 11.
  Artifact Wiping • FileWiping Utilities - BC Wipe - R-Wipe & Clean - Eraser - Aevita Wipe & Delete - Cyberscrub Privacy Suite
• 12.
  • Disk DestructionTechniques – magnetic field is applied to a digital media device – device that is entirely clean of any previously stored data – NIST recommends that “physical destruction can be accomplished using a variety of methods, including disintegration, incineration, pulverizing, shredding and melting.”
• 13.
  • Trail Obfuscation –to confuse, disorientate and divert the forensic examination process – covers a variety of techniques and tools that include “log cleaners, spoofing, misinformation, backbone hopping, zombied accounts, trojan commands.” – Timestomp - gives the user the ability to modify file metadata pertaining to access, creation and modification times/dates.
• 14.
  • Transmogrify -allows the user to change the header information of a file, so a (.jpg) header could be changed to a (.doc) header • allows the user to change the header information of a file, so a (.jpg) header could be changed to a (.doc) header