-
March 23rd, 2006, 06:01 AM
#1
Junior Member
Anti-Forensics tools
I'm writing a paper over anti-forensics and i was wondering if anybody had any particular anti-forensic tools that they liked or have read about.
Anti-forensics being tools that try to prevent digital forensics and gaining of digital evidence.
So this is more of a personal opinion post than advice.
-
March 23rd, 2006, 06:21 AM
#2
I've never even heard of anti-forensics. And just because I haven't heard of that, among other reasons, I'd be interested in seeing the final result of your paper if you're willing to share it. Sorry I can't help you with your paper though.
-
March 23rd, 2006, 06:38 AM
#3
I'm not sure if this is an antiforensics tool, but I've used various hard drive whiping utilities that go further than a simple format. I've heard of drive washing, but I have this other boot disk at work that I've used exclusively. I can't remember the name. If you really want to know, message me and I'll tell you tomorrow. I usually use it before we return any leased systems or do any type of donations. The only problem with it, it takes a hell of a long time to format.
As far as other tools I use to discourage digital evidence or access to important critical information, I have a media destroyer/paper shredder. Before I throw CDs/DVDs away, I make sure I destroy them. NOt sure if this is considered antiforensics, but I can see how it would be a barrier against people trying to steal any type of data.
-
March 23rd, 2006, 07:11 AM
#4
Excuse me, is there an airport nearby large enough for a private jet to land?
-
March 23rd, 2006, 07:55 AM
#5
Hey Hey,
As far as "anti-forensics" go... I think a pretty popular app is Darik's Boot and Nuke disk (DBAN)
Price and Usage Restrictions
Price per computer: yes FREE
Price per user: yes FREE
Number of wipes: yes UNLIMITED
Open source code: yes YES
User Rights: yes GPL PROTECTED
Wipe Methods
Quick Erase yes YES
Canadian RCMP TSSIT OPS-II Standard Wipe yes YES
American DoD 5220-22.M Standard Wipe yes YES
Gutmann Wipe yes YES
PRNG Stream Wipe yes YES
Enhancements
8/33/137 gigabyte disk size BIOS limit fix: yes YES
Fast PRNG (Mersenne Twister) yes YES
Entropy Seeding yes YES
Verification yes YES
Logging yes YES
Hardware Drivers
Controllers: XT, IDE, PATA, SATA, SCSI yes ALL
Consoles: Serial, HGA, VGA yes ALL
Buses: ISA, MCA, PCI yes ALL
Platform Support
* Hardware
o DBAN has all available drivers for SCSI disks.
o DBAN has all available drivers for IDE, PATA, and SATA disks.
o DBAN runs on all 32-bit x86-class computers (Athlon, Pentium, and others) with at least 8 megs of memory. If you find an incompatible machine, then please report it.
* Software
o DBAN supports all Microsoft platforms and securely destroys FAT, VFAT, and NTFS filesytems.
+ MS-DOS, Windows 3.1
+ Windows 95, Windows 98, Windows ME
+ Windows NT 3.0, Windows NT 3.1, Windows NT 3.5, Windows NT 4.0
+ Windows 2000, Windows XP
o DBAN supports all unix platforms and securely destroys ReiserFS, EXT, and UFS filesystems.
+ FreeBSD, NetBSD, OpenBSD
+ Linux
+ BeOS
+ QNX
Peace,
HT
-
March 23rd, 2006, 01:35 PM
#6
Hi VAIO can we get the "rules of engagement" sorted out first?
There are two concepts here:
1. I have a working computer which I use, then delete evidence of what I did.
2. I want to wipe everything off a hard drive and that retained in the RAM sticks.
I think that your question is about #1................so you still have a working computer, but it retains no trace that can be discovered by using computer applications, and leaving the device fully functional?
For example, tools like Darik's Boot and Nuke will clean a machine for redistribution, but you will trash everything in the process. You would need to install an operating system etc. to get it to work afterwards.
If you need a more subtle solution, you first need to find where program accessible data are stored?
Your definition of the scope of your paper would be helpful.
-
March 23rd, 2006, 03:00 PM
#7
Anything that will disrupt the validity of the data will work as anti forensics.
Encryption, secure deletion, anonamisers.
I think you need to be more specific.
-
March 23rd, 2006, 04:34 PM
#8
Junior Member
Originally posted here by Aspman
Anything that will disrupt the validity of the data will work as anti forensics.
Encryption, secure deletion, anonamisers.
I think you need to be more specific.
I ask you guys for your opinion on a broad open topic and you still want more specific details. lol. Encryption, secure deletion, anonamisers, these all are great. And i might even throw the sledge hammer into my paper.
My paper covers specific information about what anti-forensics is, how it can be used, and specific anti-forensics tools. I am working with a partner for this paper who is supposed to cover the first two things, and i am just supposed to write about tools. So you have a broad spectrum of opportunity to explore your favorites list, any books your might have read, and even your common knowledge to provide input to the discussion. No Parameters! As long as it's something anti-forensics.
Disk wiping to the point of no return, encryption, scripts, booby traps such as the Alias command in linux to have "ls" really delete something. Whatever.
-
March 23rd, 2006, 04:45 PM
#9
Do these have to be demonstrated and/or documented methods of preventing investigation?
I can think of things like, booby trapped USPs that trip a disk wipe when power goes off.
Badly trained police is a wide shot but it definitely affect the quality of forensic evidence.
Virtual machines? What if someone carried out their illegal acts from within a VMWare virtual computer?
Most forensics data is discredited in court not through the data itself but through the handling of the evidence by the investigating organisation.
-
March 23rd, 2006, 08:11 PM
#10
I have a practical question. Since most people wanting to hide evidence
may not have a lot of time to act, what attention has been paid to the idea of
destroying the evidence while the cops are beating the door down?
You know, like in old gangster movies, bookies working in the back room
of the pool hall using paper that will instantly burn when touched with
a lighted cigarette?
I came in to the world with nothing. I still have most of it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|