Anti-Forensics Hidden Evidence. Road Map Steganography Encryption Data Wiping Metadata spoilage Alternative data streams Index.DAT Thumbs.DB Death of.

Slides:



Advertisements
Similar presentations
Google Picasa Simple Sharing & Photo Editing May 2011Moore Memorial Library Public Computer Center | Greene, NY1.
Advertisements

Sterling Heights Public Library Agenda n We’ll learn how to “clean up” the computers n We’ll review how SLC’s mail system works n We’ll review SpamLion.
Ways to keep your PC running smoothly  Reboot at least once a week  Make sure fan is free of dust and debris  Defragment your PC once a month  Run.
Website Content Management Typo3 CMS. King Websites King College does not have one website, it has more than 90! The old site was more than 7,000 pages.
Ford Library Career Tools Viewing and Downloading Vault Guides: Using Adobe Digital Editions.
Optimizing Windows There are several ways to optimize (perform regular maintenance) Windows to keep it performing smoothly and quickly. Most of these discussed.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Adobe Photoshop CS Design Professional ADOBE PHOTOSHOP CS GETTING STARTED WITH.
Michael Donovan, River Campus Libraries – 12/03 DocuShare Overview and Training.
Microsoft Office Illustrated Using Advanced Features.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation. All.
1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
The sequence of folders to a file or folder is called a(n) ________.
1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
File sharing. Connect the two win 7 systems with LAN card Open the network.
1 of 7 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Operating System & Application Files BACS 371 Computer Forensics.
With Alex Conger – President of Webmajik.com FrontPage 2002 Level I (Intro & Training) FrontPage 2002 Level I (Intro & Training)
OS and Application Files BACS 371 Computer Forensics.
Simple Computer Maintenance. Common Computer Clean up Tasks Disk Clean – up Anti-virus scan Deleting Cookies.
Capturing Computer Evidence Extracting Information.
Designing a Classroom Web Site Using NVU Beginning Level.
Using Scran “Stuff” Storing Organising Sharing Scran Training PowerPoint 2.
Windows XP 101: Using Windows XP Professional in the Classroom.
Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall.
Building and managing class pages on our new Web site School Wires Training.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Chapter 7 Working with Files.
Why Copy , Attachments and other files to CD or DVD? Backup mail & files in case of computer failure or disaster. Archive old messages & files before.
Project 3 File, Document, Folder Management, Windows XP Explorer Windows XP Service Pack 2 Edition Comprehensive Concepts and Techniques.
Windows XP 101: Using Windows XP Professional in the Classroom.
Key features of Windows 7 as used in CIS 121 Introduction to Computer Information Systems 1.
Operating Systems Concepts 1/e Ruth Watson Chapter 4 Chapter 4 Windows Utilities Ruth Watson.
March 2013 LCCU Meeting Judy Grindle will discuss and demonstrate: –How can you securely clean off files and programs from a PC before donating it, or.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.
®® Microsoft Windows 7 Windows Tutorial 5 Protecting Your Computer.
Introduction to Windows7
1 IT Investigative Tools Tools and Services for the Forensic Auditor.
GroupWise 6.5 Junk Mail Handling July 28, Configuring Junk Mail Handling Junk Mail Handling enables you to have actions taken automatically on any.
HTML Comprehensive Concepts and Techniques Second Edition.
Artstor Made Easy: Online Basics Julia Simic University of Oregon VRC OIV 3.0.
OS Troubleshooting Written by: Tim Keyser Georgia CTAE Resource Network 2010.
Features Help (Adding Attachments) (Adding Auto Signatures) (Setting Priorities)
Unit 1 – Improving Productivity Instructions ~ 100 words per box.
Your Digital Technology Briefcase My information…when and where I need it.
Double –Click on the Netscape Icon on your desktop The following are a series of steps to help you get started with Netscape Composer.
IS493 INFORMATION SECURITY TUTORIAL # 1 (S ) ASHRAF YOUSSEF.
Amy Jo Harrell 2006 Making your own web site Yes, I mean you!
Start with loading the picture Locate your camera’s USB cable –it looks something like this:
Know your computer Make a Folder Copy from Word to Composer Format the Font Change the Alignment Format the Background Format the Colors Insert a Picture.
CITRIX REVIEW Presented by Mary Kay Black and Christy Randall.
Click the I Pro and select MANAGE and the PROJECTS. This will allow you to set up a folder that will contain the files for your current project. If you.
Develop Your Web Presence Using WEEBLY TECHNO DRAGON PD | WEEBLY.
COEN 252: Computer Forensics Hard Drive Evidence.
Managing Contacts Adding Contacts in EDesk. Step 1 For Outlook users go to your Outlook Click on “File” and choose “Import/Export”
Searching for Images Improving the quality of your Google Search.
PowerPoint Adding Hyperlinks and Hiding Slides Learn to Link to websites and other slides in the presentation! Adding Hyperlinks and Hiding Slides Learn.
Chapter 2 – Introduction to Windows Operating System II Manipulating Windows GUI 1CMPF112 Computing Skills for Engineers.
Backstage view in word 2010.
Chapter Lessons Start Adobe Photoshop CS
Digital Forensics 2 Lecture 2: Understanding steganography in graphic files Presented by : J.Silaa Lecture: FCI Based on Guide to Computer Forensics and.
Lesson 9 Windows Management
1. Select tools 2. From the dropdown menu choose Internet Options.
Welcome! IE 7 Test Drive Presented by the Office of Information Technology.
Windows XP 101: Using Windows XP Professional in the Classroom
COEN 252: Computer Forensics
Artstor Made Easy: Online Basics Julia Simic University of Oregon VRC
Chapter 7 Searching Your Products
HOW TO ADD SIGNATURE TO MICROSOFT OFFICE OUTLOOK
Presentation transcript:

Anti-Forensics Hidden Evidence

Road Map Steganography Encryption Data Wiping Metadata spoilage Alternative data streams Index.DAT Thumbs.DB Death of Digital Forensics Conclusion Questions

Steganography Detection – WetStone Technologies' Gargoyle – Niels Provos' Stegdetect Hiding – StegoMagic – wbStego – HIP (Hide In Picture)

StegoMagic

wbStego

HIP

Encryption File encryption Full disc-encryption

Data Wiping M-Sweep Pro Data Eliminator DBAN DOD M File Shredder Beyond DOD

M-Sweep Pro Data Eliminator

DBAN

File Shredder

Metadata spoilage Metaspolit – TimeStomp – Slack Metachanger

Metasploit

Timestomp

MetaChanger

Alternative data streams Data fork Resource fork old Macintosh Hierarchical File System Impossible to protect your system against ADS. Cannot be disabled No way to limit this capability redirect [>] and colon [:] to fork one file into another. C:\test> type c:\windows\notepad.exe > ads.txt:hidden.exe

Alternate Data Streams scan engine

Index.DAT Contains all of the Web sites Every URL Every Web page All sent or received through Outlook or Outlook Express All internet temp files All pictures viewed

Locations of Index.DAT files VISTA \Users\ \AppData\Roaming\Micr osoft\Windows\Cookies\index.dat \Users\ \AppData\Roaming\Micr osoft\Windows\Cookies\low\index.dat \Users\ \AppData\Local\Microso ft\Windows\Temporary Internet Files\Content.IE5\index.dat C:\Users\ \AppData\Local\Micro soft\Windows\History\Content.IE5\index.dat

Index.DAT Analyzer

Thumbs.DB Pictures opened in Windows OS Filmstrip Thumbnails Thumbs.DB Viewer

To Edit Thumbs.DB 1)Open My Computer 2)Click on Tools 3)Click on Folder Options 4)Click on the View Tab 5)Place a check in the option "Do not cache thumbnails“ 6)Click Ok 7)Close My Computer

Get rid of Thumbs.DB 1)Click on Start 2)Click on Search 3)Click on All Files and Folders 4)Type the following in the section called "all or part of the file name“ thumbs.db 5)In the Look in box, make sure Local Hard Drives is chosen 6)Click Search 7)A long list of thumbs.db files should appear, click on Edit, Select All 8)Click on File, and choose Delete 9)Close the Search Results window

Death of Digital Forensics SSDs are much like memory Smallest part written too is a sector Erases data in a block Anything changes physical placement of data Logical placement stays the same. Black boxes from a system's point of view Property

Conclusion Believe it or not Easy to hide data Need not be a hacker Simple tools Open source Encrypt Erase not delete

Questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.