Presentation is loading. Please wait.

Presentation is loading. Please wait.

Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem Eric Ly.

Published byΈρις Ταρσούλη Modified over 6 years ago

Similar presentations

Presentation on theme: "Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem Eric Ly."— Presentation transcript:

1 Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem Eric Ly

2 Outline Anti-Forensics? Types of Anti-Forensics How to limit them

3 What is Anti-Forensics?
Currently no unified definition One possible definition: the attempt to “...limit the identification, collection, collation and validation of electronic data…” so that the crime investigation is hindered (Peron and Legary, 2005) Another: ”Attempting to limit the quantity and quality of forensic evidence…”(Grugq, 2005)

4 What is Anti-Forensics? cont.
Combining the two: Any attempts to compromise the availability or usefulness of evidence to the forensics process. Compromise evidence availability Attempts to prevent evidence from existing Hiding existing evidence Manipulating evidence Compromise usefulness Destroying its integrity

5 Types of Anti-Forensics
Destroying evidence Hiding evidence Eliminating evidence sources Counterfeiting evidence

6 Destroying Evidence Dismantling evidence or otherwise making it unusable to the investigative process. Example: Wiping fingerprints off a weapon or pouring bleach in blood to destroy DNA

7 Hiding Evidence Act of removing evidence from view so that it is less likely to be incorporated into the forensic process Example: Throwing a knife into the river. Renaming files to throw off investigators

8 Eliminating Evidence Sources
Neutralizing evidentiary sources No need to destroy evidence since it is never created Example: Wearing gloves to commit a crime

9 Counterfeiting Evidence
Act of creating a fake version of the evidence which is designed to appear to be something else Example: A murder that is engineered to look like a suicide or a legitimate accident

10

11 Limiting the Effectiveness of Anti-Forensics
For anti-forensics to work, they rely on inherent problems with forensics. Makes use of attacks on investigators Take advantage of dependency on specific tools or processes If the problems are targeted one by one, then effects of anti-forensics can be limited Human element Tool dependence Physical/logical limitations

12 The Human Element Most difficult problem to solve
The alertness of the investigator, educational level, real world experience and willingness to think in new directions could all affect the detection of anti- forensics

13 Dependence of Tools The problem with relying on tools is that the tools are not immune to attack. An approach to reduce this is to use a variety of tools Another is to have the tools be more accurate and efficient as applied to anti- forensics

14 Physical/Logical Limitations
Ex: Hardware connectors and protocols as well as media storage formats - physical Ex: Storage space limitations and time and money factors - logical To reduce some of the limitations, they could abide by the principle of the latest and greatest and the oldest and grayest. Investigators should be familiar with new and old technology Use multiple ways to present information Statistical analysis Process info quicker Massive indexing Better wade through the information

15

16 Conclusion Need to agree on a definition and ways of evaluating anti-forensic methods before we can determine how to respond.

17 Reference Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem

Download ppt "Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem Eric Ly."

Similar presentations

Computer Forensics.

Computer Forensics.
Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.

Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.
Fundamentals of Computer Forensics Fundamentals of Computer Forensics by Jim Bates,published Feb 1997, International Journal of Forensic Computing “…This.

Fundamentals of Computer Forensics Fundamentals of Computer Forensics by Jim Bates,published Feb 1997, International Journal of Forensic Computing “…This.
Fibers and Textiles Mr. Chapman – Forensics 30.

Fibers and Textiles Mr. Chapman – Forensics 30.
Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
1 Introduction to Database Management Systems Lila Rao Graham.

1 Introduction to Database Management Systems Lila Rao Graham.
PROCESSING EVIDENCE.

PROCESSING EVIDENCE.
Auditing 81.3550 Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.

Auditing Auditing & Automated Systems Chapter 22 Auditing & Automated Systems Chapter 22.
A Career In Forensic Chemistry Bethany Pompy Department of Chemistry and Chemical Engineering, South Dakota School of Mines and Technology Rapid City,

A Career In Forensic Chemistry Bethany Pompy Department of Chemistry and Chemical Engineering, South Dakota School of Mines and Technology Rapid City,
By Drudeisha Madhub Data Protection Commissioner Date: 12.08.14.

By Drudeisha Madhub Data Protection Commissioner Date:
Essential Question  Do shows like CSI have a negative influence on peoples’ interpretation of the criminal justice system?  Conclusion: Yes, viewers.

Essential Question  Do shows like CSI have a negative influence on peoples’ interpretation of the criminal justice system?  Conclusion: Yes, viewers.
Phases of Computer Forensics 1 Computer Forensics BACS 371 1 Management Information Systems for the Information Age 5e, Haag, Cummings, McCubbrey, 2005,

Phases of Computer Forensics 1 Computer Forensics BACS Management Information Systems for the Information Age 5e, Haag, Cummings, McCubbrey, 2005,
General Science 1 Spring ‘08 Adapted from T. Trimpe 2006

General Science 1 Spring ‘08 Adapted from T. Trimpe 2006
Experiments and Observational Studies. Observational Studies In an observational study, researchers don’t assign choices; they simply observe them. look.

Experiments and Observational Studies. Observational Studies In an observational study, researchers don’t assign choices; they simply observe them. look.
Defining Digital Forensic Examination & Analysis Tools Brian Carrier.

Defining Digital Forensic Examination & Analysis Tools Brian Carrier.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Computer Forensics Iram Qureshi, Prajakta Lokhande.

Computer Forensics Iram Qureshi, Prajakta Lokhande.
Data Recovery Techniques Florida State University CIS 4360 – Computer Security Fall 2006 December 6, 2006 Matthew Alberti Horacesio Carmichael.

Data Recovery Techniques Florida State University CIS 4360 – Computer Security Fall 2006 December 6, 2006 Matthew Alberti Horacesio Carmichael.

Similar presentations

Ads by Google