Anti-forensics

Anti-forensic tools, techniques and methods are becoming a formidable obstacle for the digital forensic community. Thus, new research initiatives and strategies must be formulated to address this growing problem. In this work we first collect and categorize 308 anti-digital forensic tools to survey the field. We then devise an extended anti-forensic taxonomy to the one proposed by Rogers (2006) in order to create a more comprehensive taxonomy and facilitate linguistic standardization. Our work also takes into consideration anti-forensic activity which utilizes tools that were not originally designed for anti-forensic purposes, but can still be used with malicious intent. This category was labeled as Possible indications of anti-forensic activity, as certain software, scenarios, and digital artifacts could indicate anti-forensic activity on a system. We also publicly share our data sets, which includes categorical data on 308 collected anti-forensic tools, as well as 2780 unique hash values related to the installation files of 191 publicly available anti-forensic tools. As part of our analysis, the collected hash set was ran against the National Institute of Standards and Technology's 2016 National Software Reference Library, and only 423 matches were found out of the 2780 hashes. Our findings indicate a need for future endeavors in creating and maintaining exhaustive anti-forensic hash data sets.

[1]  Rainer Böhme,et al.  Counter-Forensics: Attacking Image Forensics , 2013 .

[2]  Principal Investigator,et al.  Anti-Forensics: The Rootkit Connection , 2009 .

[3]  Matthew Geiger,et al.  Evaluating Commercial Counter-Forensic Tools , 2005, DFRWS.

[4]  Aaron Smith,et al.  Describing and Categorizing Disk-Avoiding Anti-Forensics Tools , 2007, J. Digit. Forensic Pract..

[5]  Simson L. Garfinkel,et al.  Anti-Forensics: Techniques, Detection and Countermeasures , 2007 .

[6]  Gary C. Kessler,et al.  Anti-Forensics and the Digital Investigator , 2007 .

[7]  Oliver Popov,et al.  Testing Framework for Mobile Device Forensics Tools , 2014, J. Digit. Forensics Secur. Law.

[8]  Felix C. Freiling,et al.  Anti-forensics: The Next Step in Digital Forensics Tool Testing , 2013, 2013 Seventh International Conference on IT Security Incident Management and IT Forensics.

[9]  Ibrahim M. Baggili,et al.  Research Trends in Digital Forensic Science: An Empirical Analysis of Published Research , 2012, ICDF2C.

[10]  Giuseppe Cattaneo,et al.  A Novel Anti-forensics Technique for the Android OS , 2011, 2011 International Conference on Broadband and Wireless Computing, Communication and Applications.

[11]  Kamal Dahbur,et al.  Toward Understanding the Challenges and Countermeasures in Computer Anti-Forensics , 2011, Int. J. Cloud Appl. Comput..

[12]  Ryan Harris,et al.  Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem , 2006, Digit. Investig..

[13]  Noureddine Boudriga,et al.  A System for Formal Digital Forensic Investigation Aware of Anti-Forensic Attacks , 2012, IEEE Transactions on Information Forensics and Security.

[14]  K. J. Ray Liu,et al.  Forensics vs. anti-forensics: A decision and game theoretic framework , 2012, 2012 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[15]  Murray Brand,et al.  Forensic analysis avoidance techniques of malware , 2007 .

[16]  Elias Pimenidis,et al.  Computer Anti-forensics Methods and Their Impact on Computer Forensic Investigation , 2009 .

[17]  H.L. Owen,et al.  TimeKeeper: A Metadata Archiving Method for Honeypot Forensics , 2007, 2007 IEEE SMC Information Assurance and Security Workshop.

[18]  Joseph C. Sremack,et al.  Taxonomy of Anti-Computer Forensics Threats , 2007, IMF.