Wednesday, May 7, 2014

ORF lectures about anti-forensics

Today we will talk about antiforensic methods and tools, mostly about methods and ideas since tools are changing with time
I'll stress the difference among offensive and defensive methods and the simple ideas how to hide important things among huge pile of files.
Strong encryption is definitely best method since without key it is impossible to get data, it is more defensive method but effective. For protecting active systems or active data in use , more offensive approach have to applied.

One of the most interesting is site https://www.anti-forensics.com/

My all time  favorites is a "Breaking Forensics Software: Weaknesses in Critical Evidence Collection"  article  with video  "Defcon 15 - Breaking Forensics Software: Weaknesses in Critical Evidence Collection"

There are also plenty of presentations and new developments. Very inspiring presentation from Takahiro Haruyama  "Malicious File for Exploiting Forensic Software"  and "One-Byte Modification for Breaking Memory Forensic Analysis",

The other tools and ideas are very well documented stenography, encryption, etc

There is also some rather terminal approach to antiforensics and we have to think about it if we are thinking about serious crimes it is using brute force, explosives, attacks to physically destroy media and evidence both with forensics and forensics lab ..
As an idea think about hard drive which instead of  platters has explosive charge and primer contacted to power line.. this is also antoforensic but a bit out of box in digital sense.

When we are talking about antiforensics and contraforensics measures it is important to understand that context of the situation and value item which are to be protected are actually key element in understanding how this items can be protected and why. The conficker worm is very good example.



No comments:

Post a Comment