Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem Eric Ly.

Slides:



Advertisements
Similar presentations
Computer Forensics.
Advertisements

Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.
Fundamentals of Computer Forensics Fundamentals of Computer Forensics by Jim Bates,published Feb 1997, International Journal of Forensic Computing “…This.
Fibers and Textiles Mr. Chapman – Forensics 30.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.
Guide to Computer Forensics and Investigations Fourth Edition
1 Introduction to Database Management Systems Lila Rao Graham.
PROCESSING EVIDENCE.
Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
A Career In Forensic Chemistry Bethany Pompy Department of Chemistry and Chemical Engineering, South Dakota School of Mines and Technology Rapid City,
By Drudeisha Madhub Data Protection Commissioner Date:
Essential Question  Do shows like CSI have a negative influence on peoples’ interpretation of the criminal justice system?  Conclusion: Yes, viewers.
Phases of Computer Forensics 1 Computer Forensics BACS Management Information Systems for the Information Age 5e, Haag, Cummings, McCubbrey, 2005,
General Science 1 Spring ‘08 Adapted from T. Trimpe 2006
Experiments and Observational Studies. Observational Studies In an observational study, researchers don’t assign choices; they simply observe them. look.
Defining Digital Forensic Examination & Analysis Tools Brian Carrier.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Computer Forensics Iram Qureshi, Prajakta Lokhande.
Data Recovery Techniques Florida State University CIS 4360 – Computer Security Fall 2006 December 6, 2006 Matthew Alberti Horacesio Carmichael.
Ch. 12: The Forensics Laboratory
Computer Forensics Principles and Practices
Forensic Science Introduction to forensics. Learning outcomes Be able to describe a range of forensic methods Describe how SOCO’s avoid contaminating.
Forensic Science Introduction. What is Forensic Science? Basic Definition: Science in the service of the law Basic Definition: Science in the service.
3.2 Notes Crime Scene Reconstruction, Forensic Databases.
QUANTITATIVE RESEARCH Presented by SANIA IQBAL M.Ed Course Instructor SIR RASOOL BUKSH RAISANI.
The dark side of business ownership. How can we find out whodunnit?
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Frameworks for Digital Forensics November 5, 2010.
Csci5233 computer security & integrity 1 An Overview of Computer Security.
1 Measuring Similarity of Large Software System Based on Source Code Correspondence Tetsuo Yamamoto*, Makoto Matsushita**, Toshihiro Kamiya***, Katsuro.
Design Process The design process is a method of planning practical solutions to problems. The design process is never final; there are always multiple.
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Intro to Forensic Science and Crime Laboratories
Forensic Science Introduction. CSI Challenge #1 Penny Challenge February 1 st, 2016 Week 1 - Monday.
Chapter 11 Analysis Methodology Spring Incident Response & Computer Forensics.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
Forensic Science. CRIME SCENE: Any physical location in which a crime has occurred or is suspected of having occurred. PRIMARY CRIME SCENE: The original.
Definition of statistics A branch of mathematics dealing with the collection, analysis, interpretation, and presentation of masses of quantative and qualitative.
SIEM Rotem Mesika System security engineering
Advanced Endpoint Security Data Connectors-Charlotte January 2016
Computer Forensics By: Chris Rozic.
Mystery Vocabulary Alibi: A story by an accused person of not having been at the scene of the crime.   Clue: Something that appears to give information.
Common Methods Used to Commit Computer Crimes
Introduction to Database Management Systems
Locard’s Exchange Principle
Dr. Bhavani Thuraisingham The University of Texas at Dallas
Using the Scientific Method to Solve Crimes
Crime Scene Basics STEM Forensics.
Research Methods & Statistics in Sociology
Regulation of Investigatory Powers Act 2000
FRAUD EXAMINATION ALBRECHT & ALBRECHT
Forgery, Fraud & Handwriting Analysis
The CSI Effect.
CRIME SCENE BASICS Chapter 2.
Steps to Solving a Crime
Steps to Solving a Crime
FRAUD EXAMINATION ALBRECHT, ALBRECHT, & ALBRECHT
12/6/2018 Honeypot ICT Infrastructure Sashan
Chapter 14 Decision Making and Control
Professions in Forensics
Crime Scene Investigation
Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem Computer Forensics By Charles Sammons.
Aim: How is genetics used in law enforcement?
ONLINE SECURE DATA SERVICE
Unit 1 Introduction to Forensics
Computer Literacy BASICS
Dr. Bhavani Thuraisingham The University of Texas at Dallas
Electronic Discovery Sabrina Jones 4/14/2011.
Professions in Forensics
Presentation transcript:

Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem Eric Ly

Outline Anti-Forensics? Types of Anti-Forensics How to limit them

What is Anti-Forensics? Currently no unified definition One possible definition: the attempt to “...limit the identification, collection, collation and validation of electronic data…” so that the crime investigation is hindered (Peron and Legary, 2005) Another: ”Attempting to limit the quantity and quality of forensic evidence…”(Grugq, 2005)

What is Anti-Forensics? cont. Combining the two: Any attempts to compromise the availability or usefulness of evidence to the forensics process. Compromise evidence availability Attempts to prevent evidence from existing Hiding existing evidence Manipulating evidence Compromise usefulness Destroying its integrity

Types of Anti-Forensics Destroying evidence Hiding evidence Eliminating evidence sources Counterfeiting evidence

Destroying Evidence Dismantling evidence or otherwise making it unusable to the investigative process. Example: Wiping fingerprints off a weapon or pouring bleach in blood to destroy DNA

Hiding Evidence Act of removing evidence from view so that it is less likely to be incorporated into the forensic process Example: Throwing a knife into the river. Renaming files to throw off investigators

Eliminating Evidence Sources Neutralizing evidentiary sources No need to destroy evidence since it is never created Example: Wearing gloves to commit a crime

Counterfeiting Evidence Act of creating a fake version of the evidence which is designed to appear to be something else Example: A murder that is engineered to look like a suicide or a legitimate accident

Limiting the Effectiveness of Anti-Forensics For anti-forensics to work, they rely on inherent problems with forensics. Makes use of attacks on investigators Take advantage of dependency on specific tools or processes If the problems are targeted one by one, then effects of anti-forensics can be limited Human element Tool dependence Physical/logical limitations

The Human Element Most difficult problem to solve The alertness of the investigator, educational level, real world experience and willingness to think in new directions could all affect the detection of anti- forensics

Dependence of Tools The problem with relying on tools is that the tools are not immune to attack. An approach to reduce this is to use a variety of tools Another is to have the tools be more accurate and efficient as applied to anti- forensics

Physical/Logical Limitations Ex: Hardware connectors and protocols as well as media storage formats - physical Ex: Storage space limitations and time and money factors - logical To reduce some of the limitations, they could abide by the principle of the latest and greatest and the oldest and grayest. Investigators should be familiar with new and old technology Use multiple ways to present information Statistical analysis Process info quicker Massive indexing Better wade through the information

Conclusion Need to agree on a definition and ways of evaluating anti-forensic methods before we can determine how to respond.

Reference Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem http://dfrws.org/2006/proceedings/6-Harris.pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.