Spelling suggestions: "subject:"nonforensic"" "subject:"itforensic""
1 |
IMPACT OF ANTI-FORENSICS TECHNIQUES ON DIGITAL FORENSICS INVESTIGATIONEtow, Tambue Ramine January 2020 (has links)
Computer crimes have become very complex in terms of investigation and prosecution. This is mainly because forensic investigations are based on artifacts left oncomputers and other digital devices. In recent times, perpetrators of computer crimesare getting abreast of the digital forensics dynamics hence, capacitated to use someanti-forensics measures and techniques to obfuscate the investigation processes.Incases where such techniques are employed, it becomes extremely difficult, expensive and time consuming to carry out an effective investigation. This might causea digital forensics expert to abandon the investigation in a pessimistic manner.ThisProject work serves to practically demonstrate how numerous anti-forensics can bedeployed by the criminals to derail the smooth processes of digital forensic investigation with main focus on data hiding and encryption techniques, later a comparativestudy of the effectiveness of some selected digital forensics tools in analyzing andreporting shreds of evidence will be conducted.
|
2 |
Forensic and Anti-Forensic Techniques for OLE2-Formatted DocumentsDaniels, Jason M. 01 December 2008 (has links)
Common office documents provide significant opportunity for forensic and anti-forensic work. The Object Linking and Embedding 2 (OLE2) specification used primarily by Microsoft’s Office Suite contains unused or dead space regions that can be over written to hide covert channels of communication. This thesis describes a technique to detect those covert channels and also describes a different method of encoding that lowers the probability of detection.
The algorithm developed, called OleDetection, is based on the use of kurtosis and byte frequency distribution statistics to accurately identify OLE2 documents with covert channels. OleDetection is able to correctly identify 99.97 percent of documents with covert channel and only a false positive rate 0.65 percent.
The improved encoding scheme encodes the covert channel with patterns found in unmodified dead space regions. This anti-forensic technique allows the covert channel to masquerade as normal data, lowering the ability probability for any detection tool to is able to detect its presence.
|
3 |
Navigating the Shadows : Overcoming Obstacles Posed by Anti-forensic ToolsSvensson, Jonny, Wouters, Samuel January 2024 (has links)
This thesis explores the landscape of Anti-forensics tools (AFTs) and their impact on digital forensic investigations. It begins with a comprehensive review of relevant literature and then delves into the methods employed by AFTs, including data encryption and file manipulation. A survey of popular AFTs, such as GnuPG, AESCrypt, Tails, StegHide, or CCleaner, provides insights into their functionalities and implications for forensic analysis. Results from experimentation and discussions on method validation, hardware benchmarks, and the ethical implications of AFT usage contribute to a comprehensive analysis. Key findings highlight the effectiveness of AFTs in circumventing forensic analysis, raising ethical concerns regarding their valid use. The thesis concludes with reflections on the scope of the study, ethical considerations, and avenues for future research. Through this exploration, the thesis provides valuable insights into the challenges posed by Anti-forensics tools in digital investigations. It underscores the need for continued research and ethical considerations in this evolving field.
|
4 |
Anti-forensik mot minnesforensik : En litteraturstudie om anti-forensiska metoder mot minnesdumpning och minnesanalys / Anti-forensics against memory forensics : A litterature study about anti-forensic methods against memory dumping and memory analysisTagesson, Samuel January 2019 (has links)
IT-forensiker möter många svårigheter i sitt arbete med att inhämta och analysera data. Brottslingar använder mer och mer anti-forensiska metoder för att gömma bevis som kan användas emot dem. En vanligt förekommande anti-forensisk metod är kryptering. För att IT-forensiker skall kunna komma åt den krypterade informationen kan krypteringsnyckeln hittas i minnet på datorn. Vilket gör att datorns minne blir värdefullt att hämta och analysera. Däremot finns det flera anti-forensiska metoder som en förbrytare kan använda för att förhindra att minnet hämtas eller analyseras. Denna studie utför en systematisk litteraturstudie för att identifiera de aktuella anti-forensiska metoder mot minnesanalys och minnesdumpning på Windows system. Flera metoder tas upp där bland annat operativsystemet modifieras eller inbyggda säkerhetsfunktioner på CPUn används för att förhindra att information hämtas eller analyseras från minnet. / IT forensics face many difficulties in their work of obtaining and analyzing data. Criminals are using more and more anti-forensic methods to hide evidence that can be used against them. One common anti-forensic method is encryption. In order for IT forensics to access the encrypted information, the encryption key can be found in the memory of the computer. This makes the computer's memory valuable to retrieved and analyze. However, there are several anti-forensic methods that a criminal can use to prevent the memory from being retrieved or analyzed. This study performs a systematic literature study to identify the current anti-forensic methods against memory analysis and memory dumping on Windows system. Several methods are addressed where, among other things, the operating system is modified or built-in security functions on the CPU are used to prevent information being retrieved or analyzed from memory.
|
Page generated in 0.0631 seconds