This article is based on Anti-Forensics Countermeasures & Anti-Forensics Challenges Anti-Forensics Tools: Privacy Eraser, Anti-Forensics Tools: Azazel Rootkit, Anti-Forensics Tools: QuickCrypto etc…
Anti-Forensics Countermeasures
Anti-Forensics Countermeasures this topic is explained in his article with the help of their tools like Privacy Eraser, Azazel Rootkit, QuickCrypto etc.
Investigators can overcome the anti-forensic techniques discussed in this module through improved monitoring of systems or by fixing bugs in the current generation of computer forensic tools.
- Replace weak file identification techniques with stronger ones.
- Investigators can overcome compression bombs with more intelligent decompression libraries.
- Validate the examination results with multiple tools for accuracy.
- Restrict the illegal usage of anti-forensic tools,
- Investigators should riot completely depend on specific tools, as the tools themselves are not immune to attack.
Anti-Forensics Challenges
Computer and Network Forensics has arisen as a new field in IT, aimed at acquiring and analyzing digital evidence to solving cases that involve the use, or more accurately, misuse of computer systems.
Various scientific techniques, procedures, and technological tools have been developed and effectively applied in this field. However, anti-forensics has newly risen as a field that aims at bypassing the efforts and objectives of the field of computer and network forensics.
- Decrypting a strong encryption
- Obtaining obscured information
- Steganography in Social Networks
- Encrypting cryptographic choices for MAC and Windows
However, anti-forensics is a relatively new field and is largely unexplored. As a result there is no proper official framework or standards, and it is highly dependent on the available loopholes in any particular situation.
Anti-Forensics Tools: Privacy Eraser
Privacy Eraser is an anti-forensic solution to protect the privacy of the user by deleting the browsing history and other computer activities. This tool supports multiple web browsers such as Internet Explorer, Microsoft Edge, Firefox, Google Chrome, Safari, and Opera.
Privacy Eraser erases all digital footprints; web browser cache, cookies, browsing history, address bar history, typed URLs, autocomplete form history, saved passwords, index.dat files, Windows’ run history, search history, open/save history, recent documents, temporary files, recycle bin, clipboard, DNS cache, log files, error reporting, etc.
Privacy Eraser supports plugins to extend the software’s cleaning features. It supports programs such as ACDSee, Adobe Reader, Microsoft Office, WinZip, WinRAR, Windows Media Player, VLC Player, BitTorrent, and Google Toolbar. It works with Windows 10/8.x/7/Vista/2012/2008 (32/64-bit), and also supports Windows FAT16/FAT32/exFAT/NTFS file systems. The software implements and exceeds the US Department of Defense and NSA clearing and sanitizing standards, giving you the confidence that once erased, your file data is gone forever and can never be recovered.
Anti-Forensics Tools: Azazel Rootkit
Azazel is a userland rootkit written in C based off of the original LD_PRELOAD technique from _lynx rootkit. It is more robust and has additional features and focuses heavily around anti-debugging and anti-detection.
Features:
- Anti-debugging
- Avoids unhide, ISOF, PS, LDD detection
- Hides files and directories
- Hides remote connections
- Hides processes
- Hides logins
- PAP hooks avoid local sniffing
- Two accept backdoors with full PTY shells
- Crypthook encrypted accept() backdoor
- Plaintext accept() backdoor
- PAM backdoor for local and remote entry
Anti-Forensics Tools: QuickCrypto
QuickCrypto is advanced Windows-based privacy and encryption software. It is a program that will hide and encrypt files, emails, and passwords. It uses the most powerful algorithms and techniques to ensure your email communication, passwords, all confidential files, and information are kept completely secure.
Features:
- File and folder encryption using super-strong encryption algorithms
- Easily encrypt emails and email attachments
- Allows you to recover accidentally deleted files
- Protects business information
- Generates and stores secure passwords
- Encrypts USB memory sticks
- Keeps files private through encryption and also hides these files (remove from the normal file system)
- Possesses steganography function
- Secure file erasure is achieved with the included file shredder to wipe and destroy files
Questions related to this topic
- What is a forensic countermeasure?
- What is anti forensics in cyber security?
- What are data hiding techniques?
- What is digital forensics used for?
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com