Anti-Forensics: Techniques, Detection and Countermeasures
MetadataShow full item record
Computer Forensic Tools (CFTs) allow investigators to recover deleted files, reconstruct an intruder's activities, and gain intelligence about a computer's user. Anti-Forensics (AF) tools and techniques frustrate CFTs by erasing or altering information; creating "chaff" that wastes time and hides information; implicating innocent parties by planting fake evidence; exploiting implementation bugs in known tools; and by leaving "tracer" data that causes CFTs to inadvertently reveal their use to the attacker. Traditional AF tools like disk sanitizers were created to protect the privacy of the user. Anti-debugging techniques were designed to protect the intellectual property of compiled code. Rootkits allow attackers to hide their tools from other programs running on the same computer. But in recent years there has been an emergence of AF that directly target CFTs. This paper categorizes traditional AF techniques such as encrypted file systems and disk sanitization utilities, and presents a survey of recent AF tools including Timestomp and Transmogrify. It discusses approaches for attacking forensic tools by exploiting bugs in those tools, as demonstrated by the "42.zip" compression bomb. Finally, it evaluates the effectiveness of these tools for defeating CFTs, presents strategies for their detection, and discusses countermeasures.
The 2nd International Conference on i-Warfare and SecurityRefereed Conference Paper
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Donohue, Ryan P. (Monterey, California: Naval Postgraduate School, 2016-06);To protect the United States' 4.5 million miles of Economic Exclusion Zone, maritime forces are directed to conduct homeland defense missions and support civil authorities as far from U.S. shorelines as possible to protect ...
Can we defend the defense supply chain? lessons learned from industry leaders in supply chain management Menz, Ronald H. (Monterey, California: Naval Postgraduate School, 2018-03);To protect the defense supply chain from counterfeit electronic parts, this thesis suggests that the Department of Defense (DOD) should adopt supply chain management methodologies used by Apple and the United Kingdom’s ...
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2007-09);September 2007. Six years after the attacks of 9/11, the practice and discipline of homeland defense and security have evolved and matured, moving into an era of self-evaluation. The essays and articles in Volume III, Issue ...