ANTI FORENSICS TECHNIQUES, DETECTION AND COUNTERMEASURES

Dear Readers,

Proudly we want to present you the newest issue of eForensics Magazine with the focus on Anti Forensics Techniques, Detection and Countermeasures.

Anti forensics techniques are what frustrate the most forensics investigators. Tools used by cybercriminals are becoming more and more sophisticated. How the new obstacles look alike? How to detect and how to work against them? All the answers and more you will find in the newest issue. Do not let yourself to be defeated by hackers. Brace yourself.

Check the content: 1. Anti-Forensics by Mark Shelhart

Forensics – from the Latin word Forensis means “scientific tests or techniques used in connection with the detection of crime.” All of us who read this magazine are aware of the many people who have motivation to thwart the forensic process (and the fine work that you do) No matter the reason, the bad guys (and girls) have valid reasons to want to cover their tracks. It may to covet their wrong doing like stealing company documents. Perhaps it’s to maintain their persistence (so they can keep stealing credit cards). Within this article we’re going to discuss ant-forensic methods, easy to hard. We’re not going to just hand you ‘how to” solve them, but work your brain in a way you can solve these ‘problems’ on your own.

2. Optical media data hiding- tips, techniques and issues by Paul Crowley

Data hiding is substantially different from encryption. Encryption puts the “container” with the data front and center in the examiner’s face and is a challenge. A well-executed encryption can be a serious blockade in that without the password being revealed in some manner the encrypted data is inaccessible. Unfortunately for the world of secrets, it turns out that in the face of this sort of challenge there are many, many ways of acquiring the password and gaining access to the data.

3. Example of Manipulating a Graceful Shutdown To Prevent Evidence Recovery by Lance Cleghorn, M.S.

When responding to a computer incident, many technology professionals feel compelled to shut down the computer in question through a graceful shutdown rather than remove power from the system and risk data corruption or loss of volatile data not committed to permanent storage. The operating procedure of completing a graceful shutdown has a myriad of vulnerabilities that could be utilized by the system owner or a third party actor to disrupt or destroy evidence and prevent forensic recovery. Removing the power from the system while running presents a far smaller risk than attempting to gracefully shutdown a system that the incident responder can never fully guarantee is under their control and impervious to sabotage.

4. A General Approach to Anti-Forensic Activity Detection by Joshua I. James, Moon Seong Kim, JaeYoung Choi, Sang Seob Lee, Eunjin Kim

The first challenge with detection of ‘anti-forensic’ techniques and tools, however, is to understand what exactly anti-forensics is. A number of works have proposed definitions of anti-forensics, however, Harris gives one of the most comprehensive discussions on the topic, eventually defining anti-forensics as “any attempts to compromise the availability or usefulness of evidence to the forensics process” (Harris, 2006)⁠. Other definitions were given prior to this, but – as Harris points out – they focused on specific segments of anti-forensics. Harris’ definition may be suitable for a general understanding of anti-forensics, but gets us no closer to understanding different types of anti-forensics and their nuances.

5. WHAT TO EXPECT WHEN YOU’RE ENCRYPTING CRYPTOGRAPHIC CHOICES FOR MAC AND WINDOWS by Eric Vanderburg

Cryptography is an interesting field of study and it forms the basis of much of the communication the average person takes for granted as they use computers, networks and the Internet. Encryption is the process of making a message such as a data file or communication stream unreadable to anyone lacking the appropriate decryption key. Encryption uses mathematical formulas to modify the data in such a way that it would be extremely difficult to put back together without the key. The information is combined along with a different routine of information making it impossible for any user to decrypt unless the key and the routine are available.

6. The Role of Internet Searches in Computer Forensic Examinations by Edward J. Appel, Sr.

Today, most types of investigations are incomplete without including a forensic examination of computers, tablets, cell phones and other devices hosting suspects’ files and online activities Pew’s Internet and American Life research shows that most Americans are online and frequently use the Internet for a variety of communications Criminals use computers and smart phones for efficiency in their nefarious tasks, including conspiratorial messaging, meeting arrangements and record-keeping. Cybercrime is increasing, as many types of illegal acts move online, such as identity theft, fraud, misappropriated copyrighted software, movies and music, child pornography and account takeovers, often involving thousands and even millions of database files stolen or misused for the money.

7. Attribution Beyond the IP Address by Dr. Char Sample & Dr. Andre Karamanian

Attribution with great confidence is very difficult to attain due to proxies and other anonymizing technologies. A new method that allows security experts to gain new insights into the attacker’s plans is needed. One such method would invoke the use of social sciences.in a cross-discipline approach in order to both profile attackers and to anticipate their next steps. This article discusses the results of some early studies that use this cross-discipline approach and how the results may be understood within the context Hofstede’s cultural dimensions framework. Hofstede’s dimensions provide explanations for human behaviors that are influenced by national culture; this in turn may provide valuable insights into attacker’s methods and next steps that can be used for both attribution and countermeasures.

8. Investigating Steganography in Social Networks: A “How-To” for the Average Joe by April L. Tanner, Ph.D.

Are websites and applications making it easier for criminals to hide and share information on the Internet? Investigators would hope that this would not be the case; however, the reality is that it is quite easy to hide, send, and share information on the web. This presents a problem for forensic investigators given that, not only do they have to recover and examine evidential data contained on hard drives and other media, but they must also consider applications and other freely available tools that can compromise investigative attempts to acquire useful evidence in computer investigations.

9. Circumventing Digital Forensics by Alexander R. Tambascia, D.Sc.

This paper is to cover ways to defeat digital forensics capabilities to recover personal identifiable information (PII), confidential information and/or property intellectual property on personal computer and laptop. This paper will look at simple mechanism, encryption; that can be used to defeat common digital forensic tools and forensic investigator abilities to collect stored and deleted information.