Journal ArticleDOI
Windows 7 Antiforensics: A Review and a Novel Approach
Brett Eterovic-Soric,Kim-Kwang Raymond Choo,Kim-Kwang Raymond Choo,Sameera Mubarak,Helen Ashman +4 more
TLDR
An approach which allows for removal or obfuscation of most forensic evidence is presented and it is demonstrated that a Trojan Horse infection may be a legitimate possibility, even if there is no evidence of an infection on a seized computer's hard drive.Abstract:
In this paper, we review literature on antiforensics published between 2010 and 2016 and reveal the surprising lack of up-to-date research on this topic. This research aims to contribute to this knowledge gap by investigating different antiforensic techniques for devices running Windows 7, one of the most popular operating systems. An approach which allows for removal or obfuscation of most forensic evidence is then presented. Using the Trojan software DarkComet RAT as a case study, we demonstrate the utility of our approach and that a Trojan Horse infection may be a legitimate possibility, even if there is no evidence of an infection on a seized computer's hard drive. Up-to-date information regarding how forensic artifacts can be compromised will allow relevant stakeholders to make informed decisions when deciding the outcome of legal cases involving digital evidence.read more
Citations
More filters
Journal ArticleDOI
A survey on forensic investigation of operating system logs
TL;DR: A comprehensive literature survey of the forensic analysis on operating system logs is presented and a taxonomy of various techniques used in this area is presented, which suggests potential future directions on the topic of operating system log forensics.
Journal ArticleDOI
Program execution analysis in Windows: A study of data sources, their format and comparison of forensic capability
Bhupendra Singh,Upasna Singh +1 more
TL;DR: This study considers eleven sources of program executions and investigates the effects of running various types of applications on these artifacts in a Windows 10 Pro client system, and examines the forensic significance of examining the considered program execution artifacts.
Journal ArticleDOI
A novel file carving algorithm for National Marine Electronics Association (NMEA) logs in GPS forensics
TL;DR: A novel framework to efficiently recover National Marine Electronics Association (NMEA) logs and reconstruct GPS trajectories is proposed, which is designed based on the file carving technique without relying on system metadata.
Proceedings ArticleDOI
Program Execution Analysis using UserAssist Key in Modern Windows.
Bhupendra Singh,Upasna Singh +1 more
TL;DR: The paper highlights the forensic capability of UserAssist key and compares it with that from similar sources, such as IconCache.db, SRUDB.dat, Prefetch, Amcache.hve and Shortcut (.lnk) files, in order to summarize what information can and cannot be determined.
Book ChapterDOI
Identification of Forensic Artifacts in VMWare Virtualized Computing
TL;DR: This research verified the processes required to gather digital evidence from a virtual machine disk (VMDK) file, creation of a forensic image, and mounting of evidence into these forensic tools.
References
More filters
Journal ArticleDOI
Lest we remember: cold-boot attacks on encryption keys
J. Alex Halderman,Seth D. Schoen,Nadia Heninger,William Clarkson,William Paul,Joseph A. Calandrino,Ariel J. Feldman,Jacob Appelbaum,Edward W. Felten +8 more
TL;DR: It is shown that dynamic RAM, the main memory in most modern computers, retains its contents for several seconds after power is lost, even at room temperature and even if removed from a motherboard, and this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access to a machine.
Proceedings ArticleDOI
Reliably erasing data from flash-based solid state drives
TL;DR: It is found that reliable SSD sanitization requires built-in, verifiable sanitize operations, and flash translation layer extensions that exploit the details of flash memory's behavior to efficiently support file sanitizing are developed.
Proceedings ArticleDOI
Anti-forensics of JPEG compression
TL;DR: It is shown how the proper addition of noise to an image's discrete cosine transform coefficients can sufficiently remove quantization artifacts which act as indicators of JPEG compression while introducing an acceptable level of distortion.
ReportDOI
Guidelines for Media Sanitization
TL;DR: This guide will assist organizations and system owners in making practical sanitization decisions based on the categorization of confidentiality of their information.
BookDOI
Multidisciplinary Research and Practice for Information Systems
TL;DR: The structuring possibilities of ontologies are utilized to make the relations between publications, knowledge objects, and knowledge areas explicit, and the ontology and its relations are implemented based on the Semantic MediaWiki+ platform.
Related Papers (5)
Forensic Vulnerabilities: Dealing with forensic software vulnerabilities: is anti-forensics a real danger?
Recent Trends in Collection of Software Forensics Artifacts: Issues and Challenges
Deepak Gupta,Babu M. Mehtre +1 more