 |
 |
|
|
||||||||||||||
|
As the word suggests, anti-forensics prevents any retrieval or discovery of evidential information during an investigation. Any techniques, software or gadgets used to hamper a computer investigation is known as anti-forensics. Here are some of the common Anti-forensics methods: Data hiding as the name suggests is hiding data so that it is not accessible to the unintended user. Some common forms of data hiding are encryption and steganography. Data hiding methods can obstruct the examiner’s investigation and a combination of these methods can sometimes mean impossible evidence discovery. Encryption is the process of using an algorithm to transform a file to something unreadable. To make the file readable again, one has to possess the “key” to reverse the process or “decrypting” it. This is one of the commonly used techniques. Due to modern encryption algorithm and techniques used in encryption programs, cracking it is almost impossible without a designated key to unlock the file contents. The type of encryption used can be categorised under:
Private Key algorithms This type of encryption is fast, easy to use and is commonly used for file encryptions. It is also known as symmetric algorithm because it uses a key and algorithm to encrypt and decryption is just a simple reversal of the encrypt function. One problem is the management of encryption key. As you just need the single key to decrypt the file, you have to make sure that the key is delivered to the recipient in a secure manner without being intercepted (e.g. eavesdropping) by any unintended recipients. Some of the common symmetric algorithm used:
Public key algorithms This type of encryption is known as the asymmetric algorithm because the decrypt process is different from the encrypt process. The encryption software will generate two keys, one private and one public key using the passcode that you provided. You have to keep the private key secret but you can distribute the public key to anyone. Therefore, the resulting process is you have the private key to encrypt the file and the other person has the public key to decrypt it. This allows you to verify that the file or message originates from that specific person. Example, if you have john’s public key to decrypt, then john has the private key to encrypt it. However, this doesn’t provide much value if your purpose is just to encrypt the file. Steganography is the art of hiding messages in a form that only the intended recipient knows that there is a hidden message. Another way of saying is that the message is hidden in a larger message. An example will be adding messages in image or audio file in the least significant bits which makes people difficult to see any small variations in the image or audio file. More > what kind of files are you looking for? > Hidden data When files are deleted from the computer, it is simply been “marked” deleted. Files can still be retrieved using software recovery tools. When we mean by wiping of data, it is a method of safe deletion. Wipe opens a file and overwrites several times with pseudo random contents and unlinks them from “inode” and “directory entries”. This in turn makes the recovery of files much more difficult. A hard drive that is being degaussed means that a revered magnetic field is being applied. This method wipes off data completely and effectively. However, this method was seldom used by anti-forensics due to the high cost of degaussing machines which was not affordable to the average users. Trail obfuscation misled investigator into the wrong data or evidence. For instance, the suspect may want to hide an image of a .jpg extension. A .jpg file would have (.jpg) header information. Using anti-forensic tools, the suspect can change the header information from .jpg to probably .doc header information. If the forensic program is looking for images, it will just skip off the .doc extension files. Other trail obfuscation techniques also include spoofing, log cleaners, Trojan Command etc… |
© 2009 Disclaimer | Privacy Policy |
 |
Knowledge Articles | Books Database | Legal Cases | Forensic Dictionary | Web Resources | Frequently Asked Questions |
||||||