Presentation is loading. Please wait.

Presentation is loading. Please wait.

Anti-Forensics Hidden Evidence. Road Map Steganography Encryption Data Wiping Metadata spoilage Alternative data streams Index.DAT Thumbs.DB Death of.

Published byJoshua McLaughlin Modified over 8 years ago

Similar presentations

Presentation on theme: "Anti-Forensics Hidden Evidence. Road Map Steganography Encryption Data Wiping Metadata spoilage Alternative data streams Index.DAT Thumbs.DB Death of."— Presentation transcript:

1 Anti-Forensics Hidden Evidence

2 Road Map Steganography Encryption Data Wiping Metadata spoilage Alternative data streams Index.DAT Thumbs.DB Death of Digital Forensics Conclusion Questions

3 Steganography Detection – WetStone Technologies' Gargoyle – Niels Provos' Stegdetect Hiding – StegoMagic – wbStego – HIP (Hide In Picture)

4 StegoMagic

5 wbStego

6 HIP

7 Encryption File encryption Full disc-encryption

8 Data Wiping M-Sweep Pro Data Eliminator DBAN DOD 5220.22M File Shredder Beyond DOD

9 M-Sweep Pro Data Eliminator

10 DBAN

11 File Shredder

12 Metadata spoilage Metaspolit – TimeStomp – Slack Metachanger

13 Metasploit

14 Timestomp

15 MetaChanger

16 Alternative data streams Data fork Resource fork old Macintosh Hierarchical File System Impossible to protect your system against ADS. Cannot be disabled No way to limit this capability redirect [>] and colon [:] to fork one file into another. C:\test> type c:\windows\notepad.exe > ads.txt:hidden.exe

17 Alternate Data Streams scan engine

18 Index.DAT Contains all of the Web sites Every URL Every Web page All email sent or received through Outlook or Outlook Express All internet temp files All pictures viewed

19 Locations of Index.DAT files VISTA \Users\ \AppData\Roaming\Micr osoft\Windows\Cookies\index.dat \Users\ \AppData\Roaming\Micr osoft\Windows\Cookies\low\index.dat \Users\ \AppData\Local\Microso ft\Windows\Temporary Internet Files\Content.IE5\index.dat C:\Users\ \AppData\Local\Micro soft\Windows\History\Content.IE5\index.dat

20 Index.DAT Analyzer

21 Thumbs.DB Pictures opened in Windows OS Filmstrip Thumbnails Thumbs.DB Viewer

22

23 To Edit Thumbs.DB 1)Open My Computer 2)Click on Tools 3)Click on Folder Options 4)Click on the View Tab 5)Place a check in the option "Do not cache thumbnails“ 6)Click Ok 7)Close My Computer

24 Get rid of Thumbs.DB 1)Click on Start 2)Click on Search 3)Click on All Files and Folders 4)Type the following in the section called "all or part of the file name“ thumbs.db 5)In the Look in box, make sure Local Hard Drives is chosen 6)Click Search 7)A long list of thumbs.db files should appear, click on Edit, Select All 8)Click on File, and choose Delete 9)Close the Search Results window

25 Death of Digital Forensics SSDs are much like memory Smallest part written too is a sector Erases data in a block Anything changes physical placement of data Logical placement stays the same. Black boxes from a system's point of view Property

26 Conclusion Believe it or not Easy to hide data Need not be a hacker Simple tools Open source Encrypt Erase not delete

27 Questions

Download ppt "Anti-Forensics Hidden Evidence. Road Map Steganography Encryption Data Wiping Metadata spoilage Alternative data streams Index.DAT Thumbs.DB Death of."

Similar presentations

Google Picasa Simple Sharing & Photo Editing May 2011Moore Memorial Library Public Computer Center | Greene, NY1.

Google Picasa Simple Sharing & Photo Editing May 2011Moore Memorial Library Public Computer Center | Greene, NY1.
Sterling Heights Public Library Agenda n We’ll learn how to “clean up” the computers n We’ll review how SLC’s mail system works n We’ll review SpamLion.

Sterling Heights Public Library Agenda n We’ll learn how to “clean up” the computers n We’ll review how SLC’s mail system works n We’ll review SpamLion.
Ways to keep your PC running smoothly  Reboot at least once a week  Make sure fan is free of dust and debris  Defragment your PC once a month  Run.

Ways to keep your PC running smoothly  Reboot at least once a week  Make sure fan is free of dust and debris  Defragment your PC once a month  Run.
Website Content Management Typo3 CMS. King Websites King College does not have one website, it has more than 90! The old site was more than 7,000 pages.

Website Content Management Typo3 CMS. King Websites King College does not have one website, it has more than 90! The old site was more than 7,000 pages.
Ford Library Career Tools Viewing and Downloading Vault Guides: Using Adobe Digital Editions.

Ford Library Career Tools Viewing and Downloading Vault Guides: Using Adobe Digital Editions.
Optimizing Windows There are several ways to optimize (perform regular maintenance) Windows to keep it performing smoothly and quickly. Most of these discussed.

Optimizing Windows There are several ways to optimize (perform regular maintenance) Windows to keep it performing smoothly and quickly. Most of these discussed.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Adobe Photoshop CS Design Professional ADOBE PHOTOSHOP CS GETTING STARTED WITH.

Adobe Photoshop CS Design Professional ADOBE PHOTOSHOP CS GETTING STARTED WITH.
Michael Donovan, River Campus Libraries – 12/03 DocuShare Overview and Training.

Michael Donovan, River Campus Libraries – 12/03 DocuShare Overview and Training.
Microsoft Office 2007- Illustrated Using Advanced Features.

Microsoft Office Illustrated Using Advanced Features.
This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation. All.

This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation. All.
1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
The sequence of folders to a file or folder is called a(n) ________.

The sequence of folders to a file or folder is called a(n) ________.
1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
File sharing. Connect the two win 7 systems with LAN card Open the network.

File sharing. Connect the two win 7 systems with LAN card Open the network.
1 of 7 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 7 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Operating System & Application Files BACS 371 Computer Forensics.

Operating System & Application Files BACS 371 Computer Forensics.
With Alex Conger – President of Webmajik.com FrontPage 2002 Level I (Intro & Training) FrontPage 2002 Level I (Intro & Training)

With Alex Conger – President of Webmajik.com FrontPage 2002 Level I (Intro & Training) FrontPage 2002 Level I (Intro & Training)
OS and Application Files BACS 371 Computer Forensics.

OS and Application Files BACS 371 Computer Forensics.
Simple Computer Maintenance. Common Computer Clean up Tasks Disk Clean – up Anti-virus scan Deleting Cookies.

Simple Computer Maintenance. Common Computer Clean up Tasks Disk Clean – up Anti-virus scan Deleting Cookies.

Similar presentations

Ads by Google