Conference Paper

Investigation of Countermeasures to Anti-Forensic Methods

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... A. R. Mothukur et al. [16] present several suggestions for how to address the following weaknesses present in computer forensics: ...
... Some authors have focused on explaining countermeasures to mitigate the effects of anti-forensics in a more general scope, such as. A. R. Mothukur et al. [16,[203][204][205]. Others, however, detail, in depth, the techniques used to mitigate specific attacks. ...
... Further articles explore different aspects of the anti-forensic field, including the definition and classification of anti-forensic techniques [204], their impact on the investigation of cybercrime [16], their application in blogs to maintain anonymity [205], methods by which to hide data in NTFS partitions [206], the analysis of anti-forensic techniques in databases [207], and the reverse engineering of steganography tools [208], all of them focusing on the proposal of countermeasures to solve these problems. ...
Article
Full-text available
The main purpose of anti-forensic computer techniques, in the broadest sense, is to hinder the investigation of a computer attack by eliminating traces and preventing the collection of data contained in a computer system. Nowadays, cyber-attacks are becoming more and more frequent and sophisticated, so it is necessary to understand the techniques used by hackers to be able to carry out a correct forensic analysis leading to the identification of the perpetrators. Despite its importance, this is a poorly represented area in the scientific literature. The disparity of the existing works, together with the small number of articles, makes it challenging to find one’s way around the vast world of computer forensics. This article presents a comprehensive review of the existing scientific literature on anti-forensic techniques, mainly DFIR (digital forensics incident response), organizing the studies according to their subject matter and orientation. It also presents key ideas that contribute to the understanding of this field of forensic science and details the shortcomings identified after reviewing the state of the art.
... The query of "whether computer anti-forensics can impede the investigation process and prevent real artifacts from being discovered and acceptable in the judicial process" is one of the main issues that needs to be taken care of. 6 The review study used a variety of methods to find the best review sources. First, rely only on reliable sources from governmental organizations like the judicial system and organizations in charge of developing technical standards. ...
... 11 Where the proof must be a comprehensive, dependable, accurate, experimentally lawful, and legally measured evaluation of this evidence reveals and recognizes its relevance. 6 Conlan outlined some of the limitations of a digital forensic inquiry as follows to provide more contexts: a) Psyche: All forensic investigators employ a variety of techniques during the investigations. 3 Some procedure efficacy varies based on the investigator's intelligence, experience, and background, as well as factors like education and experience. ...
Chapter
Developments in digital forensics investigations have occurred along with those in anti-forensics. Legal issues involving cybercrime are difficult to investigate and even more difficult to prosecute since a forensic investigator must often develop a case by examining artefacts left on a device or network. When cyber criminals became more aware of the techniques utilized in digital forensics, countermeasures to these approaches were developed. The goal of these procedures is to sabotage forensic investigations, and many of them are readily available and simple to use. The purpose of this research is to improve our understanding of these Anti-Forensic technologies by doing in-depth individual analyses and discussing the functionality and methods, as well as the possibilities of mitigation. The topic of this Anti-Forensics study is within Data Hiding; there are different ways available; however, this project focuses on a steganography tool known as Stegosploit and looks to see if embedding JPG images with malicious code without visual distortion of the image is conceivable.
Conference Paper
Full-text available
This paper reviews peer-reviewed empirical studies on gamification. We create a framework for examining the effects of gamification by drawing from the definitions of gamification and the discussion on motivational affordances. The literature review covers results, independent variables (examined motivational affordances), dependent variables (examined psychological/behavioral outcomes from gamification), the contexts of gamification, and types of studies performed on the gamified systems. The paper examines the state of current research on the topic and points out gaps in existing literature. The review indicates that gamification provides positive effects, however, the effects are greatly dependent on the context in which the gamification is being implemented, as well as on the users using it. The findings of the review provide insight for further studies as well as for the design of gamified systems.
Article
Full-text available
Network and Digital Forensics provide information about electronic activity in new, sometimes unprecedented forms. These new forms offer new, powerful tactical tools for investigations of electronic malfeasance when incorporated under traditional legal regulation of state power, particular that of Fourth Amendment limitations on police searches and seizures under the U.S. Constitution. These tactical tools raise issues of public policy and privacy that may raise concerns about the proper police oversight of civil society. How those issues are resolved will define personal privacy, autonomy and dignity in the 21st digital century.
Conference Paper
Full-text available
Network forensics is an extension of the network security model which traditionally emphasizes prevention and detection of network attacks. It addresses the need for dedicated investigative capabilities in the current model to allow investigating malicious behavior in networks. It helps organizations in investigating outside and inside network attacks. It is also important for law enforcement investigations. In this paper, various aspects of network forensics are reviewed as well as related technologies and their limitations. Also, challenges in deploying a network forensics infrastructure are highlighted.
Article
Full-text available
There are no general frameworks with which we may analyze the anti-forensics situation. Solving anti-forensic issues requires that we create a consensus view of the problem itself. This paper attempts to arrive at a standardized method of addressing anti-forensics by defining the term, categorizing the anti-forensics techniques and outlining general guidelines to protect forensic integrity.
Article
Full-text available
The process of using automated software has served law enforcement and the courts very well, and experienced detectives and investigators have been able to use their well-developed policing skills, in conjunction with the automated software, so as to provide sound evidence. However, the growth in the computer forensic field has created a demand for new software (or increased functionality to existing software) and a means to verify that this software is truly “forensic” i.e. capable of meeting the requirements of the ‘trier of fact’. In this work, we present a scientific and systemical description of the computer forensic discipline through mapping fundamental functions required in the computer forensic investigation process. Based on the function mapping, we propose a more detailed functionality orientated validation and verification framework of computer forensic tools. We focus this paper on the searching function. We specify the requirements and develop a corresponding reference set to test any tools that possess the searching function.
Conference Paper
While many fields have well-defined education agendas, this is not the case for digital forensics. A unique characteristic of the evolution of digital forensics is that it has been largely driven by practitioners in the field. As a result, the majority of the educational experiences have been developed in response to identified weaknesses in the system or to train individuals on the use of a specific tool or technique, rather than as a result of educational needs assessments based on an accepted common body of knowledge. In June, 2008 a group of digital forensics researchers, educators and practitioners met as a working group at the Colloquium for Information Systems Security Education (CISSE 2008) to brainstorm ideas for the development of a research, education, and outreach agenda for Digital Forensics. This paper presents the research in education needs that the group identified associated with the development of a digital forensics education agenda.
Recovering and Examining Computer Forensic Evidence
  • G Michael
  • Mark M Noblett
  • Lawrence A Pollitt
  • Presley
Noblett, Michael G., Pollitt, Mark M., and Presley, Lawrence A., "Recovering and Examining Computer Forensic Evidence," Forensics Science Communications, vol. 2, No. 4. October 2008.
Computer Security: Principles and Practice
  • W Stallings
  • L Brown
Validation and Verification of Computer Forensic Tools-Searching Function
  • L L Vrizlynn
  • Jill Yinghua Guo
  • Jason Slay
  • Beckett
Vrizlynn L. L. Yinghua Guo, Jill Slay, Jason Beckett, "Validation and Verification of Computer Forensic Tools-Searching Function," The Digital Forensic Research Conference (DFRWS 2009), [Online], Available: https://www.dfrws.org/sites/default/files/session-files/paper-validation_and_verification_of_computer_forensic_software_tools-searching_function.pdf
Recovering and Examining Computer Forensic Evidence
  • noblett
Anti-Forensic implications of Software Bugs in Digital Forensic Tools
  • homewood