research-article

The anti-forensics challenge

Authors:

Bassil MohammadAuthors Info & Claims

ISWSA '11: Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications

Article No.: 14, Pages 1 - 7

https://doi.org/10.1145/1980822.1980836

Published: 18 April 2011 Publication History

Abstract

Computer and Network Forensics has emerged as a new field in IT that is aimed at acquiring and analyzing digital evidence for the purpose of solving cases that involve the use, or more accurately misuse, of computer systems. Many scientific techniques, procedures, and technological tools have been evolved and effectively applied in this field. On the opposite side, Anti-Forensics has recently surfaced as a field that aims at circumventing the efforts and objectives of the field of computer and network forensics. The purpose of this paper is to highlight the challenges introduced by Anti-Forensics, explore the various Anti-Forensics mechanisms, tools and techniques, provide a coherent classification for them, and discuss thoroughly their effectiveness. Moreover, this paper will highlight the challenges seen in implementing effective countermeasures against these techniques. Finally, a set of recommendations are presented with further seen research opportunities.

References

[1]

Corey Thuen, University of Idaho: "Understanding Counter-Forensics to Ensure a Successful Investigation". DOI=http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.138.2196

[2]

Internet Usage Statistics, "The Internet Big Picture, World Internet Users and Population Stats". DOI= http://www.internetworldstats.com/stats.htm

[3]

Bill Nelson, Amelia Phillips, and Steuart, "Guide to Computer Forensics and Investigations", pp 2--3, 4<sup>th</sup> Edition.

Digital Library

[4]

US-Computer Emergency Readiness Team, CERT, a government organization, "Computer Forensics", 2008.

[5]

Verizon Business, "2009 Data Breach Investigations Report". A study conducted by the Verizon RISK Team in cooperation with the United States Secret Service. DOI=http://www.verizonbusiness.com/about/news/podcasts/1008a1a3-111=129947--Verizon+Business+2009+Data+Breach+Investigations+Report.xml

[6]

Verizon Business, "2010 Data Breach Investigations Report". A study conducted by the Verizon RISK Team in cooperation with the United States Secret Service. DOI=http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf?amp;src=/worldwide/resources/index.xmlamp;id=

[7]

Simson Garfinkel, "Anti-Forensics: Techniques, Detection and Countermeasures", 2<sup>nd</sup> International Conference in i-Warefare and Security, pp 77, 2007

[8]

W. Matthew Hartley, "Current and Future Threats to Digital Forensics", ISSA Journal, August 2007

[9]

Murray Brand, (2007), "Forensics Analysis Avoidance Techniques of Malware", Edith Cowan University, Australia.

[10]

"Security 101: Botnets". DOI=http://www.secureworks.com/research/newsletter/2008/05/

[11]

Common Vulnerabilities and Exposures (CVE) database, http://cve.mitre.org/

[12]

Tim Newsham, Chris Palmer, Alex Stamos, "Breaking Forensics Software: Weaknesses in Critical Evidence Collection", iSEC Partners http://www.isecpartners.com, 2007

[13]

Guidance Software: Computer Forensics Solutions and Digital Investigations (http://www.guidancesoftware.com/)

[14]

S. Srinivasan, "Security and Privacy vs. Computer Forensics Capabilities", ISACA Online Journal, 2007

[15]

Matthew Geiger, Carnegie Mellon University, "Evaluating Commercial Counter-Forensic Tools", Digital Forensic Research Workshop (DFRWS), 2005

[16]

Xiaoyun Wang and Hongbo Yu, Shandong University, China, "How to Break MD5 and Other Hash Functions", EUROCRYPT 2005, pp. 19--35, May, 2005

Digital Library

[17]

How to Change TimeStamp of a File in Windows. DOI= http://www.trickyways.com/2009/08/how-to-change-timestamp-of-a-file-in-windows-file-created-modified-and-accessed/.

[18]

File Signature Table. DOI= http://www.garykessler.net/library/file_sigs.html,

[19]

McLeod S, "SMART Anti-Forensics", DOI= http://www.forensicfocus.com/smart-anti-forensics,.

[20]

Stephen Biggs and Stilianos, "Cloud Computing Storms", International Journal of Intelligent Computing Research (IJICR), Volume 1, Issue 1, MAR, 2010

[21]

U Gurav, R Shaikh, "Virtualization -- A key feature of cloud computing", International Conference and Workshop on Emerging Trends in technology (ICWET 2010), Mumbai, India

Digital Library

[22]

U. S. v. Robert Johnson - Child Pornography Indictment. DOI=http://news.findlaw.com/hdocs/docs/chldprn/usjhnsn62805ind.pdf

[23]

United States of America v. H. Marc Watzman. DOI= http://www.justice.gov/usao/iln/.../2003/watzman.pdf

[24]

Mark Whitteker, "Anti-Forensics: Breaking the Forensics Process", ISSA Journal, November, 2008

[25]

Gary C. Kessler, "Anti-Forensics and the Digital Investigator", Champlain College, USA

[26]

Ryan Harris, "Arriving at an anti-forensics consensus: examining how to define and control the anti-forensics problem", DOI=www.elsevier.com/locate/dinn.

Cited By

González Arias RBermejo Higuera JRainer Granados JBermejo Higuera JSicilia Montalvo J(2024)Systematic Review: Anti-Forensic Computer TechniquesApplied Sciences10.3390/app1412530214:12(5302)Online publication date: 19-Jun-2024
https://doi.org/10.3390/app14125302
Yadav LAzad STomar D(2023)A Sophisticated Framework for Document ForensicsMachine Learning, Image Processing, Network Security and Data Sciences10.1007/978-3-031-24367-7_33(345-359)Online publication date: 18-Jan-2023
https://doi.org/10.1007/978-3-031-24367-7_33
Wani M(2021)Privacy Preserving Anti-forensic TechniquesMultimedia Security10.1007/978-981-15-8711-5_5(89-108)Online publication date: 12-Jan-2021
https://doi.org/10.1007/978-981-15-8711-5_5
Show More Cited By

Index Terms

The anti-forensics challenge
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime
  2. Professional topics
    1. Management of computing and information systems
      1. Project and people management
        Systems analysis and design
        Systems development

Recommendations

Toward Understanding the Challenges and Countermeasures in Computer Anti-Forensics

The term computer anti-forensics CAF generally refers to a set of tactical and technical measures intended to circumvent the efforts and objectives of the field of computer and network forensics CF. Many scientific techniques, procedures, and ...
IT forensics: 22 years on

This paper examines the progress made in the area of 'digital forensics' and 'cybercrime investigation' since the author's first involvement in the subject in 1986. At that time, hard disk technology was in its relative infancy and examination of ...
Digital Forensics and Crime Investigation: Legal Issues in Prosecution at National Level
SADFE '10: Proceedings of the 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering

Abstract: Revolution in Internet and ease in use of latest technology is significantly increasing the use of latest technology worldwide, day by day. Advancement in digital devices such as computers and cell phones also helped the people to work both ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ISWSA '11: Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications

April 2011

112 pages

ISBN:9781450304740

DOI:10.1145/1980822

Conference Chair:
Ayman Alnsour,
Program Chair:
Shadi Aljawarneh

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

The Isra University

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 April 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ISWSA '11

Sponsor:

ISWSA '11: The 2011 International conference on Intelligent Semantic Web-Services and Applications

April 18 - 20, 2011

Amman, Jordan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
2,986
Total Downloads

Downloads (Last 12 months)44
Downloads (Last 6 weeks)7

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

González Arias RBermejo Higuera JRainer Granados JBermejo Higuera JSicilia Montalvo J(2024)Systematic Review: Anti-Forensic Computer TechniquesApplied Sciences10.3390/app1412530214:12(5302)Online publication date: 19-Jun-2024
https://doi.org/10.3390/app14125302
Yadav LAzad STomar D(2023)A Sophisticated Framework for Document ForensicsMachine Learning, Image Processing, Network Security and Data Sciences10.1007/978-3-031-24367-7_33(345-359)Online publication date: 18-Jan-2023
https://doi.org/10.1007/978-3-031-24367-7_33
Wani M(2021)Privacy Preserving Anti-forensic TechniquesMultimedia Security10.1007/978-981-15-8711-5_5(89-108)Online publication date: 12-Jan-2021
https://doi.org/10.1007/978-981-15-8711-5_5
Adamu BKarabatak MErtam F(2020)A Conceptual Framework for Database Anti-forensics Impact Mitigation2020 8th International Symposium on Digital Forensics and Security (ISDFS)10.1109/ISDFS49300.2020.9116375(1-6)Online publication date: Jun-2020
https://doi.org/10.1109/ISDFS49300.2020.9116375
Bhat WAlZahrani AWani M(2020)Can computer forensic tools be trusted in digital investigations?Science & Justice10.1016/j.scijus.2020.10.002Online publication date: Oct-2020
https://doi.org/10.1016/j.scijus.2020.10.002
Reeva PSiddhesh DPreet GPratik SJain N(2019)Digital Forensics Capability Analyzer: A tool to check forensic capability2019 International Conference on Nascent Technologies in Engineering (ICNTE)10.1109/ICNTE44896.2019.8945960(1-7)Online publication date: Jan-2019
https://doi.org/10.1109/ICNTE44896.2019.8945960
Wani MBhat WDehghantanha A(2018)An analysis of anti-forensic capabilities of B-tree file system (Btrfs)Australian Journal of Forensic Sciences10.1080/00450618.2018.1533038(1-16)Online publication date: 5-Nov-2018
https://doi.org/10.1080/00450618.2018.1533038
McDonald JManikyam RGlisson WAndel TGu Y(2017)Enhanced Operating System Protection to Support Digital Forensic Investigations2017 IEEE Trustcom/BigDataSE/ICESS10.1109/Trustcom/BigDataSE/ICESS.2017.296(650-659)Online publication date: Aug-2017
https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.296
Jadied E(2016)Swap files Anti-Forensics on Linux2016 Asia Pacific Conference on Multimedia and Broadcasting (APMediaCast)10.1109/APMediaCast.2016.7878175(73-79)Online publication date: Nov-2016
https://doi.org/10.1109/APMediaCast.2016.7878175
Botas ARodriguez RVaisanen TZdzichowski P(2015)Counterfeiting and Defending the Digital Forensic Process2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing10.1109/CIT/IUCC/DASC/PICOM.2015.291(1966-1971)Online publication date: Oct-2015
https://doi.org/10.1109/CIT/IUCC/DASC/PICOM.2015.291
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten