![]() This leaves important information such as file name, size and timestamps unencrypted. Through the use of modern encryption algorithms and various encryption techniques these programs make the data virtually impossible to read without the designated key.įile level encryption encrypts only the file contents. The majority of publicly available encryption programs allow the user to create virtual encrypted disks which can only be opened with a designated key. In a presentation given on encryption and anti-forensic methodologies, the Vice President of Secure Computing, Paul Henry, referred to encryption as a "forensic expert's nightmare". ![]() One of the more commonly used techniques to defeat computer forensics is data encryption. When the different data hiding methods are combined, they can make a successful forensic investigation nearly impossible. Each of the different data hiding methods makes digital forensic examinations difficult. Some of the more common forms of data hiding include encryption, steganography and other various forms of hardware/software based data concealment. " Obfuscation and encryption of data give an adversary the ability to limit identification and collection of evidence by investigators while allowing access and use to themselves." Also, counter-forensics has significance for defence against espionage, as recovering information by forensic tools serves the goals of spies equally as well as investigators.ĭata hiding is the process of making data difficult to find while also keeping it accessible for future use. They believe that this will result in better tools and education for the forensic examiner. They stated that by exposing these issues, forensic investigators will have to work harder to prove that collected evidence is both accurate and dependable. This sentiment was echoed at the 2005 Blackhat Conference by anti-forensic tool authors, James Foster and Vinnie Liu. ![]() Others believe that these tools should be used to illustrate deficiencies in digital forensic procedures, digital forensic tools, and forensic examiner education. The conventional wisdom is that anti-forensic tools are purely malicious in intent and design. Within the field of digital forensics there is much debate over the purpose and goals of anti-forensic methods. Attacks against forensics tools directly has also been called counter-forensics. He has proposed the following sub-categories: data hiding, artifact wiping, trail obfuscation and attacks against the CF (computer forensics) processes and tools. One of the more widely accepted subcategory breakdowns was developed by Dr. It is an approach to criminal hacking that can be summed up like this: Make it hard for them to find you and impossible for them to prove they found you." Neither author takes into account using anti-forensics methods to ensure the privacy of one's personal data.Īnti-forensics methods are often broken down into several sub-categories to make classification of the various tools and techniques simpler. Ī more abbreviated definition is given by Scott Berinato in his article entitled, The Rise of Anti-Forensics. ![]() ![]() One of the more widely known and accepted definitions comes from Marc Rogers of One of the earliest detailed presentations of anti-forensics, in Phrack Magazine in 2002, defines anti-forensics as "the removal, or hiding, of evidence in an attempt to mitigate the effectiveness of a forensics investigation". 3.3 Disk degaussing / destruction techniquesĪnti-forensics has only recently been recognized as a legitimate field of study. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |