introducing COMPUTER ANTI FORENSIC TECHNIQUES

Similar documents
SecureDoc Disk Encryption Cryptographic Engine

Data Recovery Building A Safety Net

How to create a portable encrypted USB Key using TrueCrypt

Encrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010

Encrypting stored data. Tuomas Aura T Information security technology

Disk Encryption. Aaron Howard IT Security Office

Hands-On How-To Computer Forensics Training

Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media?

DOCUMENTATION SHADOWPROTECT - MICROSOFT WINDOWS SYSTEM BACKUP AND RESTORE OPERATIONS

Quick Start Guide. Version R91. English

Introduction to BitLocker FVE

How to Encrypt your Windows 7 SDS Machine with Bitlocker

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

Technical Proposal on ATA Secure Erase Gordon Hughes+ and Tom Coughlin* +CMRR, University of California San Diego *Coughlin Associates

Hard drives dumped; information isn't DON'T BE SMUG IN THINKING PERSONAL DATA HAS BEEN ERASED By Larry Magid Special to the Mercury News

Industrial Flash Storage Trends in Software and Security

SystemTech AntiSpyware Manual

Virtual Hard Disk Forensics Using EnCase

Determining VHD s in Windows 7 Dustin Hurlbut

Installing a Second Operating System

How to enable Disk Encryption on a laptop

Secure Storage. Lost Laptops

VOICE IMPROVEMENT PROCESSOR (VIP) BACKUP AND RECOVERY PROCEDURES - Draft Version 1.0

Guidelines on use of encryption to protect person identifiable and sensitive information

Avira System Speedup Release Information

Forensically Determining the Presence and Use of Virtual Machines in Windows 7

Mobile Device Security and Encryption Standard and Guidelines

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation

Course Title: Computer Forensic Specialist: Data and Image Files

TPM. (Trusted Platform Module) Installation Guide V for Windows Vista

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Crystal Practice Management Encrypting the Database

Auslogics BoostSpeed 5 Manual

Lecture 6: Operating Systems and Utility Programs

OdysseyTM. removable hard disk storage system. secure. fast. expandable.

Symantec File Share Encryption Quick Start Guide Version 10.3

How to Restore a Windows System to Bare Metal

PENN. Social Sciences Computing a division of SAS Computing. SAS Computing SSC. File Security. John Marcotte Director of SSC.

EaseUS Partition Master

Full Drive Encryption Security Problem Definition - Encryption Engine

Comodo Disk Encryption

Acronis True Image 2015 REVIEWERS GUIDE

Office Equipment Disposal Policy

Encrypting a USB Drive Using TrueCrypt

Acronis Backup & Recovery 11

PGP Whole Disk Encryption Quick Start Guide Version 9.8

SecureAge SecureDs Data Breach Prevention Solution

TPM. (Trusted Platform Module) Installation Guide V2.1

Disk encryption... (not only) in Linux. Milan Brož

User Manual. Copyright Rogev LTD

LTFS for Microsoft Windows User Guide

User Guide. Laplink Software, Inc. Laplink DiskImage 7 Professional. User Guide. UG-DiskImagePro-EN-7 (REV. 5/2013)

The virtual safe: A user-focused approach to data encryption

Avira System Speedup. HowTo

Cloud Backup Express

Chapter 5: Fundamental Operating Systems

WinClon 6 User Guide. With Screenshots. A Windows Embedded Partner

Click to view Web Link, click Chapter 8, Click Web Link from left navigation, then click BIOS below Chapter 8 p. 395 Fig. 8-4.

IT Essentials v4.1 LI Upgrade and configure storage devices and hard drives. IT Essentials v4.1 LI Windows OS directory structures

Course overview. CompTIA A+ Certification (Exam ) Official Study Guide (G188eng verdraft)

RecoverIt Frequently Asked Questions

ACER ProShield. Table of Contents

Computer Anti-forensics Methods and Their Impact on Computer Forensic Investigation

Microsoft Diagnostics and Recovery Toolset Overview

Acronis Backup & Recovery 11

Acronis Backup & Recovery 10 Server for Windows. Installation Guide

Business Virtualization

FAQ for USB Flash Drive

Backup & Recovery. 10 Suite PARAGON. Data Sheet. Automatization Features

DATA SECURITY DATA RECOVERY DATA ERASING COMPUTER FORENSICS

IBM Rapid Restore PC powered by Xpoint - v2.02 (build 6015a)

Best Practices for Responsible Disposal of Tape Media

File System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1

Fall. Forensic Examination of Encrypted Systems Matthew Postinger COSC 374

User Guide Win7Zilla

UltraBac Documentation. UBDR Gold. Administrator Guide UBDR Gold v8.0

Installing and Upgrading to Windows XP

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

PGP Desktop Quick Start Guide version 9.6

Storage, backup, transfer, encryption of data

Kaseya 2. User Guide. Version 7.0. English

Trusted Platform Module (TPM) Quick Reference Guide

Chapter 8 Objectives. Chapter 8 Operating Systems and Utility Programs. Operating Systems. Operating Systems. Operating Systems.

USB Portable Storage Device: Security Problem Definition Summary

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Getting Started with Paragon Recovery CD. Quick Guide

DOCUMENTATION MICROSOFT WINDOWS SYSTEM BACKUP AND RESTORE OPERATIONS

How to dual-boot Vista with XP (with XP installed first) - step-by-step guide with screenshots

Incident Response and Forensics

RECOVERING FROM SHAMOON

WARNING!!: Before installing Truecrypt encryption software on your


Windows Server 2008 R2 Essentials

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Transcription:

introducing COMPUTER ANTI FORENSIC TECHNIQUES

COMPUTER FORENSIC DATA RECOVERY TECHNIQUES AND SOLUTIONS WORKSHOP Executive Summary Computer Forensics, a term that precisely identifies the discipline that studies the techniques and methodologies required for collection, analysis and presentation of unequivocal evidences usable in legal proceedings..

COMPUTER FORENSIC DATA RECOVERY TECHNIQUES AND SOLUTIONS WORKSHOP What Anti-Forensics is About anti-forensics aims to make investigations on digital media more difficult and therefore, more expensive. Knowing these steps, generally summarized as Identification, Acquisition, Analysis and Reporting, is the first measure to better understand the benefits and limitations of each antiforensic technique.

COMPUTER FORENSIC DATA RECOVERY TECHNIQUES AND SOLUTIONS WORKSHOP These are the general anti-forensic categories discussed within this document: Data Hiding, Obfuscation and Encryption Data Forgery Data Deletion and Physical Destruction Analysis Prevention Online Anonymity

COMPUTER FORENSIC DATA RECOVERY TECHNIQUES AND SOLUTIONS WORKSHOP Data Hiding, Obfuscation and Encryption The great advantage of hiding data is to maintain the availability of these when there is need. Regardless of the operating system, using the physical disk for data hiding is a widely used technique, but those related to the OS or the file system in use are quite common.

COMPUTER FORENSIC DATA RECOVERY TECHNIQUES AND SOLUTIONS WORKSHOP Unused Space in MBR Most hard drives have, at the beginning, some space reserved for MBR (Master Boot Record). This contains the necessary code to begin loading an OS and also contains the partition tables. The MBR also defines the location and size of each partition, up to a maximum four. The MBR only requires a single sector.

COMPUTER FORENSIC DATA RECOVERY TECHNIQUES AND SOLUTIONS WORKSHOP Unused Space in MBR From this and the first partition, we can find 62 unused sectors (sector n. 63 is to be considered the start of cylinder 1). For a classic DOS-style partition table, the first partition needs to start here. This results in 62 unused sectors where we can hide data. Although the size of data that we can hide in this area is limited, an expert investigator will definitely look at its contents to search for compromising material.

COMPUTER FORENSIC DATA RECOVERY TECHNIQUES AND SOLUTIONS WORKSHOP HPA Area The most common technique to hide data at the hardware level is to use the HPA (Host Protected Area) area of disk. This is generally an area not accessible by the OS and is usually used only for recovery operations. This area is also invisible to certain forensic tools and is therefore ideal for hiding data that we do not want to be found easily. The following image shows a representation of HPA within a physical media

COMPUTER FORENSIC DATA RECOVERY TECHNIQUES AND SOLUTIONS WORKSHOP

DATA HIDING 1 STEGANOGRAPHY 2.ENCRYPTION

What is Data What Is Data Hiding Data hiding is the process of making data difficult to find while also keeping it accessible for future use. Obfuscation and encryption of data give an adversary the ability to limit identification and collection of evidence by investigators while allowing access and use to themselves

Data Recovery Steganography is a technique where information or files are hidden within another file in an attempt to hide data by leaving it in plain sight. Steganography produces dark data that is typically buried within light

Data Recovery Steganography is a technique where information or files are hidden within another file in an attempt to hide data by leaving it in plain sight. Steganography produces dark data that is typically buried within light

Data Recovery Steganography Steganography sometimes is used when encryption is not permitted. Or, more commonly, steganography is used to supplement encryption. An encrypted file may still hide information using steganography, so even if the encrypted file is deciphered, the hidden message is not seen.

Data Recovery Steganography Steganography sometimes is used when encryption is not permitted. Or, more commonly, steganography is used to supplement encryption. An encrypted file may still hide information using steganography, so even if the encrypted file is deciphered, the hidden message is not seen. Special software is needed for steganography

STEGANOGRAPHY INVISIBLE SECRETS 2.1

Data Recovery INVISIBLE SECRETS 2.1

Data Recovery Encryption Encryption is one of the most effective techniques for mitigating forensic analysis. using strong cryptographic algorithms, for example AES256, together with the techniques adds a further fundamental level of anti-forensics security for the data that we want to hide.

Data Recovery Encryption The most widely used tool for antiforensics encryption is certainly TrueCrypt, an open source tool that is able to create and mount virtual encrypted disks for Windows, Linux and OS X systems.

Data Recovery Encryption Generally, in the presence of an encrypted mounted volume, a forensic analyst will try, without doubt, to capture the contents of the same before the volume is un-mounted. if the machine is turned off, the only option for acquiring the content of a dismounted encrypted drive is to do a brute-force password guessing attack. (The Rubber-hose is not covered by this document :>).

Data Recovery Encryption A noteworthy feature of TrueCrypt is that when using it for full disk encryption, it leaves a TrueCrypt Boot Loader string in its boot loader that can help a forensic analyst in the recognition of a TrueCrypt encrypted disk

WIPING 1 DISK CLEANING UTILITIES 2 FILE WIPING UTILITIES 3 DISK DEGAUSSING / DESTRUCTION TECHNIQUES

Data Recovery Artifact wiping or Data erasure Data erasure (also called data clearing or data wiping) is a software-based method of overwriting the data that completely destroys all electronic data residing on a hard disk drive or other digital media.

Data Recovery Data Deletion The first mission of a forensic examiner is to find as much information as possible (files) relating to a current investigation. For this purpose, he will do anything to try to recover as many files as possible from among those deleted or fragmented. However, there are some practices to prevent or hinder this process in a very efficient way..

Data Recovery Wiping If you want to irreversibly delete your data, you should consider the adoption of this technique. When we delete a file in our system, the space it formally occupied is in fact marked only as free. The content of this space, however, remains available, and a forensics analyst could still recover it.

Data Recovery Disk cleaning utilities The technique known as disk wiping overwrites this space with random data or with the same data for each sector of disk, in such a way that the original data is no longer recoverable. Data wiping can be performed at software level, with dedicated programs that are able to perform overwriting of entire disks or based on specific areas in relation to individual files.

Data Recovery

LAB 10 A steganography tool that hides secret data into audio files

LAB

DeepSound overview DeepSound is a steganography tool that hides secret data into audio files - wave and flac. The application also enable you to extract secret files directly from audio CD tracks. DeepSound might be used as a copyright marking software for wave, flac and audio CD. DeepSound also support encrypting secret files using AES- 256(Advanced Encryption Standard) to improve data protection.

LAB 10 Steganography and encryption with StegHide UI

StegHide UI StegHide UI is a GUI interface for Steghide, an open source steganography program to encrypt and hide data inside images (.jpeg,.bmp) and audio files (.wav,.au), it allows users to do everything Stegide can do with a point and click mouse saving you the command line learning curve. There is a tab where you can use this steganography tool in command line mode were you to feel inclined to do so, StegHide UI offers you the best of both worlds, a GUI and command line all in one program.

Wise Disk Cleaner Wise Disk Cleaner is a free disk utility designed to help you keep your disk clean by deleting unnecessary files. Usually, these unnecessary or junk files appear as the results of program incomplete uninstallers or temporary Internet Files. When deleting file, you can choose to erase them forever, or in case you are not sure about them you can delete them to Recycle Bin.

Disk Degaussing / Destruction techniques Degaussing Hard Drives Securely wipe the hard drives that your organization no longer needs. The vulnerability of information stored on a PC hard drive is a recognized security risk. It is simply not enough to delete, reformat or overwrite sensitive information. The only solution that guarantees 100% data erasure is to use hardware called a degausser to securely wipe all the data.

The process of degaussing a hard drive is achieved by passing it through a powerful magnetic field, this rearranges the metallic particles, completely removing any resemblance of the original data. Even if the hard drive is not working, the degaussing process can be used to ensure that data contained is removed completely and cannot be recovered.

DATAGONE - Automatic Pulse Discharge Hard Drive Degausser The DATAGONE is a fully automatic degausser for Hard Drives and Backup tapes. It uses pulse discharge technology and is fully processor controlled which enables the DATAGONE to offer a complete and secure erase. Capable of securely wiping Hard Drives that use both perpendicular and vertical recording techniques. The DATAGONE generates a powerful magnetic field and in less than a second completely erases the complete data from Hard Drives and Backup tapes. Its simple one pass fully automatic operation makes it ideal in businesses where security is of the utmost importance.

V91 Max - Most powerful, manual hard drive degausser The V91 Max is the most powerful manual hard drive degausser, designed to fully and securely wipe computer hard drives and DLT tapes. With an incredible 7000 gauss, this degausser is also capable of degaussing tapes, Audio, DAT, VHS and S- VHS, VHS Digital, 4&8mm, Beta SP/digital, video cassettes, floppy disks. Computer cartridges: DC, TK 50/70/85, DLT 3489/3490/3590

BitLocker BitLocker lets you encrypt the hard drive(s) on your Windows 7 and Vista Enterprise, Windows 7 and Vista Ultimate or Windows Server 2008 and R2. BitLocker will not encrypt hard drives for Windows XP, Windows 2000 or Windows 2003. Only Windows 7, Vista and Server 2008 include BitLocker. BitLocker drives can be encrypted with 128 bit or 256 bit encryption, this is plenty strong to protect your data in the event the computer is lost or stolen

BitLocker BitLocker protects your hard drive from offline attack. This is the type of attack where a malicious user will take the hard drive from your mobile machine and connect it to another machine so they can harvest your data. BitLocker also protects your data if a malicious user boots from an alternate Operating System.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information