Antiforensics

In this article we will look at what is antiforensics, categories of antiforensics, etc.

Antiforensics is the practice of applying different techniques on digital evidence to invalidate them from being submitted for judicial review.

Watch this video to learn about antiforensics:

Four categories of antiforensics are:

• Data destruction
• Data hiding
• Data encryption
• Data contraception

Antiforensics is a combination of people, process and tools. Several commercial antiforensics tools are available in the market. These tools are used to eliminate specific files to overwrite deleted data to thwart recovery and working with system files like registry. Cybercriminals exploit the fact that forensics takes time. Modern OS and applications generate huge amount of data about user activities.

In the modern era, employees are using computers and laptops that are given by the company for their personal use. Sometimes they are even used by the employee’s family members are friends. In such cases sensitive company information might be stolen or deleted. Several tools are available which can eliminate records of computer system use and other sensitive data.

Some of the well known antiforensics tools are:

• Windows washer
• Windows and Internet cleaner
• CyberScrub pro
• Evidence eliminator
• Acronis privacy expert
• Secure Clean

Metasploit antiforensics investigation kit includes tools like timestomp, slacker, transmogrify, and sam juicer. Timestomp can be used to modify the file attributes. Transmogrify can be used to change the file signatures like changing the file extension. Sam juicer is an advanced tool to help attackers to prevent evidence from being created. Slacker can be used to hide file data within the slack space of FAT or NTFS.

Data hiding techniques involves the use of bad sectors. A data hiding tool changes a certain sector from good to bad and then places the data in that sector. Many forensic tools skip the bad sectors while searching for evidence.

Suryateja Pericherla

Suryateja Pericherla, at present is a Research Scholar (full-time Ph.D.) in the Dept. of Computer Science & Systems Engineering at Andhra University, Visakhapatnam. Previously worked as an Associate Professor in the Dept. of CSE at Vishnu Institute of Technology, India.

He has 11+ years of teaching experience and is an individual researcher whose research interests are Cloud Computing, Internet of Things, Computer Security, Network Security and Blockchain.

He is a member of professional societies like IEEE, ACM, CSI and ISCA. He published several research papers which are indexed by SCIE, WoS, Scopus, Springer and others.