Abstract
Computer forensic investigators rely on high quality evidence to win a case. Logs, authentication information, date and timestamps, file contents and other electronic data all need to be proven to be reliable in court. But what happens when criminals are actively trying to ruin the evidence? ANTI Forensic techniques are now being used to skew evidence and make it impossible for an examiner to use. According to Brian Sartin at ISACA, ANTI forensics is used in two-thirds of all data compromise investigations carried out by his organization. Examiners need to be on the look out for three methods of distorting evidence: Data Obfuscation, Data Hiding and Zero-footprinting Almost every case will use some form of data obfuscation that involves a hacker erasing his tracks. But Data hiding draws on the power of cryptography to mask data rather than delete it The use of steganography is another data hiding approach. Examiners need to actively search for evidence of the use of ANTI-forensic techniques. Computer Forensics (CF), as we know it, is in a volatile state. Newer and more sophisticated investigative challenges, both existing and on the horizon, are forcing CF to evolve as a practice. As such, the processes, the technologies, and the tools of the trade that characterise the conventional CF approach have changed. Simply put, CF today is not what it used to be and there are some very simple reasons why.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.