Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Anti-Forensics tools

  1. #1
    Junior Member
    Join Date
    Mar 2006

    Anti-Forensics tools

    I'm writing a paper over anti-forensics and i was wondering if anybody had any particular anti-forensic tools that they liked or have read about.

    Anti-forensics being tools that try to prevent digital forensics and gaining of digital evidence.

    So this is more of a personal opinion post than advice.

  2. #2
    Elite Hacker
    Join Date
    Mar 2003
    I've never even heard of anti-forensics. And just because I haven't heard of that, among other reasons, I'd be interested in seeing the final result of your paper if you're willing to share it. Sorry I can't help you with your paper though.

  3. #3
    Senior Member
    Join Date
    Jan 2004
    I'm not sure if this is an antiforensics tool, but I've used various hard drive whiping utilities that go further than a simple format. I've heard of drive washing, but I have this other boot disk at work that I've used exclusively. I can't remember the name. If you really want to know, message me and I'll tell you tomorrow. I usually use it before we return any leased systems or do any type of donations. The only problem with it, it takes a hell of a long time to format.

    As far as other tools I use to discourage digital evidence or access to important critical information, I have a media destroyer/paper shredder. Before I throw CDs/DVDs away, I make sure I destroy them. NOt sure if this is considered antiforensics, but I can see how it would be a barrier against people trying to steal any type of data.

  4. #4
    Senior Member
    Join Date
    May 2004
    hi all,
    for antiforensics you have to look into http://metasploit.com/projects/antiforensics/. They hava a very good presentation on this topic http://metasploit.com/confs/toorcon2...innie_2005.ppt

    another good read on the topic http://www.informit.com/guides/conte...eqNum=108&rl=1

    Talisker anti forensic tools
    Excuse me, is there an airport nearby large enough for a private jet to land?

  5. #5
    Senior Member
    Join Date
    Jan 2003
    Hey Hey,

    As far as "anti-forensics" go... I think a pretty popular app is Darik's Boot and Nuke disk (DBAN)

    Price and Usage Restrictions
    Price per computer: yes FREE
    Price per user: yes FREE
    Number of wipes: yes UNLIMITED
    Open source code: yes YES
    User Rights: yes GPL PROTECTED
    Wipe Methods
    Quick Erase yes YES
    Canadian RCMP TSSIT OPS-II Standard Wipe yes YES
    American DoD 5220-22.M Standard Wipe yes YES
    Gutmann Wipe yes YES
    PRNG Stream Wipe yes YES
    8/33/137 gigabyte disk size BIOS limit fix: yes YES
    Fast PRNG (Mersenne Twister) yes YES
    Entropy Seeding yes YES
    Verification yes YES
    Logging yes YES
    Hardware Drivers
    Controllers: XT, IDE, PATA, SATA, SCSI yes ALL
    Consoles: Serial, HGA, VGA yes ALL
    Buses: ISA, MCA, PCI yes ALL
    Platform Support

    * Hardware
    o DBAN has all available drivers for SCSI disks.
    o DBAN has all available drivers for IDE, PATA, and SATA disks.
    o DBAN runs on all 32-bit x86-class computers (Athlon, Pentium, and others) with at least 8 megs of memory. If you find an incompatible machine, then please report it.
    * Software
    o DBAN supports all Microsoft platforms and securely destroys FAT, VFAT, and NTFS filesytems.
    + MS-DOS, Windows 3.1
    + Windows 95, Windows 98, Windows ME
    + Windows NT 3.0, Windows NT 3.1, Windows NT 3.5, Windows NT 4.0
    + Windows 2000, Windows XP
    o DBAN supports all unix platforms and securely destroys ReiserFS, EXT, and UFS filesystems.
    + FreeBSD, NetBSD, OpenBSD
    + Linux
    + BeOS
    + QNX
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    Hi VAIO can we get the "rules of engagement" sorted out first?

    There are two concepts here:

    1. I have a working computer which I use, then delete evidence of what I did.
    2. I want to wipe everything off a hard drive and that retained in the RAM sticks.

    I think that your question is about #1................so you still have a working computer, but it retains no trace that can be discovered by using computer applications, and leaving the device fully functional?

    For example, tools like Darik's Boot and Nuke will clean a machine for redistribution, but you will trash everything in the process. You would need to install an operating system etc. to get it to work afterwards.

    If you need a more subtle solution, you first need to find where program accessible data are stored?

    Your definition of the scope of your paper would be helpful.

  7. #7
    Frustrated Mad Scientist
    Join Date
    Dec 2004

    Anything that will disrupt the validity of the data will work as anti forensics.

    Encryption, secure deletion, anonamisers.

    I think you need to be more specific.

  8. #8
    Junior Member
    Join Date
    Mar 2006
    Originally posted here by Aspman

    Anything that will disrupt the validity of the data will work as anti forensics.

    Encryption, secure deletion, anonamisers.

    I think you need to be more specific.
    I ask you guys for your opinion on a broad open topic and you still want more specific details. lol. Encryption, secure deletion, anonamisers, these all are great. And i might even throw the sledge hammer into my paper.

    My paper covers specific information about what anti-forensics is, how it can be used, and specific anti-forensics tools. I am working with a partner for this paper who is supposed to cover the first two things, and i am just supposed to write about tools. So you have a broad spectrum of opportunity to explore your favorites list, any books your might have read, and even your common knowledge to provide input to the discussion. No Parameters! As long as it's something anti-forensics.

    Disk wiping to the point of no return, encryption, scripts, booby traps such as the Alias command in linux to have "ls" really delete something. Whatever.

  9. #9
    Frustrated Mad Scientist
    Join Date
    Dec 2004
    Do these have to be demonstrated and/or documented methods of preventing investigation?

    I can think of things like, booby trapped USPs that trip a disk wipe when power goes off.
    Badly trained police is a wide shot but it definitely affect the quality of forensic evidence.

    Virtual machines? What if someone carried out their illegal acts from within a VMWare virtual computer?

    Most forensics data is discredited in court not through the data itself but through the handling of the evidence by the investigating organisation.

  10. #10
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    I have a practical question. Since most people wanting to hide evidence
    may not have a lot of time to act, what attention has been paid to the idea of
    destroying the evidence while the cops are beating the door down?
    You know, like in old gangster movies, bookies working in the back room
    of the pool hall using paper that will instantly burn when touched with
    a lighted cigarette?
    I came in to the world with nothing. I still have most of it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts