A tour through the realm of anti-forensics
2007; Elsevier BV; Volume: 2007; Issue: 6 Linguagem: Inglês
10.1016/s1361-3723(07)70079-9
ISSN1873-7056
Autores Tópico(s)Cybercrime and Law Enforcement Studies
ResumoMonthly columnists Dario Forte and Richard Power look at the traits, potentials and limitations of an often underestimated or merely rumoured category of malicious software. Anti-forensic behaviour is by no means something new on the information security scene: all attackers attempt to erase or disguise the traces of their intrusion and try to make the investigator's work as difficult as possible. Techniques used to elude computer forensics operations range from the simple deletion of log files to the installation of advanced and nearly invisible rootkits at the system level. The nature and degree of the difficulties faced by an investigator depend on the specific case, but there is no question that the task is becoming generally more difficult as time goes on. According to many experts, anti-forensic actions accompany two out of three attacks. This is a worrisome percentage, especially considering the exponential increase in attacks seen in recent years directed both towards public/governmental targets, and towards the business sector, where most of the resources are. The main objective of anti-forensic actions is to eliminate digital evidence or at least render such evidence unusable for legal purposes. Another objective is to throw investigators off track by modifying the evidence so that it leads to the wrong conclusions. An investigator always has to consider and examine every aspect of the situation in order to avoid falling into traps. This is the first in a series of three articles where we take a look at the traits, potentials and limitations of an often underestimated or merely rumoured category of malicious software.
Referência(s)