Variety of important anti-forensic techniques

Anti-forensic techniques are the act ions and anti-forensic techniques that hinder the forensic investigation method therefore on shield the attackers and perpetrators. These techniques act against the investigation technique like discover particle, collect particle, and analysis is of proof files and sidetrack the incident responders.

Anti-forensic techniques that embody deletion and over writing processes, to boot facilitate to substantiate the confidentiality of knowledge by reducing the flexibility to browse it. Attackers use these techniques to defend themselves against revelation of their act ions throughout criminal activities. Deceitful employees may use anti-forensic tools for the destruction of knowledge, which might cause huge losses to the organization.

Also Read:- Life Cycle of forensics information in the system

Following are variety of the very important anti-forensic techniques:

– Golden ticket
– Data/File Deletion
– word defend particle
– Stenography
– Buffer Overflow against rhetorical Tools
– Program Packers
– Virtual Mack and Sandbox realize particle
– Object Wiping
– Memory Residents
– Alternate data Stream Anti-Forensics Techniques

1. Golden ticket

In this technique, the attackers having access to a lively Directory domain manipulate the Kerberos price tag to impersonate any user within the domain. Golden ticket refers to the cast Kerberos authentication token for the KRBTGT account that enables the attackers to move around within the network.

Attackers will produce a Kerberos-generating ticket with a life time of ten years or additional, till the domain administrator resets the key wont to generate the price tag. This ticket helps attackers to assume identity of any user gift within the cluster together with the extremely privileged users to perform malicious tasks. As attackers use credentials of different users, it helps them to cover their identity and stop detection.

To use a golden price ticket, attacker must:

. Discover how into the network
. Infect the target system with the malware that enables the attacker to induce access to user account or network resources
. Use the domain controller access to urge access to AN account w it h privileges
. Create a golden price tag, by work into domain controller and dump the secret hash of KRBTGT account using tools like Mimi katz
. Access something on the network by loading the Kerberos ta ken into any session for any user

2. Anti-Forensic Techniques: Data/File Deletion

Intruders will be a lot of concerned about covering the tracks of their prohibited activities across a network or system and try to delete the information contained within the disc as a part of their effort to avert detection. They conjointly attempt to delete foot prints of the files exploitation specialized tools. the method includes elimination of supply files, logs, traces of information from places on the disk drive, and entries on the disc drive (HDD), that embody attributes, orphan files, and dynamic link library DLL files. Intruders may also firmly delete information or write it to mask the first information.

3. Anti-Forensic Techniques: password Protection

A parole refers to gather particle of words, letters, numbers, and/or special characters used for security processes like user authentication or to grant access to a resource. Incident responders will usually come upon the parole protected systems or files throughout the investigation method. The parole ensures that unauthorized users don’t access the pc, network resources, or different secured data. In add it particle, information files and programs could need a parole.

Password shield particle shields data, protects networks, applications, files, documents, so on from unauthorized users. several organizations and people, United Nations agency don’t wish others to access their information, resources and different merchandise, use passwords and powerful crypto logical algorithms as security measures.

Related Product:-EC-Council Certified Incident Handler | ECIH v2

4. Anti-Forensic Techniques: Stenography

Steganography, the art of hidden writing, has been in use for hundreds of years. It involves embedding a hidden message in some transport or carrier medium and mathematicians, military personnel, and scientists are victimization it. they all interact in dynamic the common language and transferring it through secret and hidden communication.

The history of stenography dates to the Egyptian civilization. Today, with the emergence of the net and transmission, the use of stenography is usually digital in nature.

5. Anti-Forensics Techniques: Program Packers

Packer is a program used to compress or encrypt the feasible programs. Program packers are one in all the anti-forensic techniques attackers use to cover their information. The technique is analogous to cryptography. The packers compress the files exploitation varied ways known as algorithms. There are many alternative algorithms and unless the incident responders recognize the one wont to pack and have a tool to take it, they’re going to not be able to access the file.

Using this method, the aggressor will hide the proof files into containers creating the files arduous to sight. Therefore, throughout forensic investigations, the incident responder’s initial approach ought to be to mount compound files.

6. Anti-Forensics Techniques: Virtual Machine

Advancement in virtualization technology created the attackers to use isolated environments like virtual machines and sandbox to perform attacks. this is often chosen as an honest platform for crimes thanks to its activity nature.

Attackers will utterly wipe the traces if Virtual machine by deleting all the individual files and folders, related to VM from the host machine or uninstall it from virtualization package. Deleting the VM exploitation package merely replaces the files in unallocated area.

7. Anti-Forensics Techniques: object Wiping

Artifact Wiping refers to the process of deleting or destroying the proof files for good using varied tools and techniques, such as disk-cleaning utilities file-wiping utilities and disk discussing/destruction techniques. The attacker for good eliminates particular files or the file systems.

• Disk-cleaning utilities:

The attackers use the tools that may write the info on disks through varied ways. However, these tools are not fully effective as they leave footprints. some of the normally used disk-cleaning utilities embody C Cleaner, BC Wipe Total Wipe Out, Active@ Kill Disk, Cyber Scrub’s cyber Cide, Drive Scrubber, Shred It, and Secure Erase.

• File-wiping utilities:

These utilities delete the individual files from an OS in an exceedingly short span and leave a far smaller signature compared w it h the disk-cleaning utilities. However, some specialists believe that a lot of of those tools aren’t effective, as they are doing not accurately or completely wipe out the info and need user involvement. The ordinarily used file-wiping utilities are BC Wipe, R-Wipe & Clean, Eraser, and Cyber Scrubs Privacy Suite.

• Disk demagnetization and destruction techniques:

demagnetization method could be a technique during which attackers apply a magnetic field to a digital media device to completely clean the previously hold on knowledge. it’s a chic technique and desires specialized equipment. Most attackers ordinarily depend upon physical destruction of the device to destroy the proof. methods embody disintegration, burning, pulverizing, shredding, and melting. Intruders use disk degassing /destruction techniques to form the evidentiary data unavailable to forensics incident responders.

8. Anti-Forensics Techniques: Memory Residents

Memory residents refer to programs that always remain within the internal memory and operational systems have no permission to swap them out to external storage. Attackers try to cash in of those programs or system calls by victimization the following methods:

• Syscallproxying

Rather than uploading the complete exploit program, the attacker will transfer a system call proxy to accept the remote procedure calls from the attacker’s machine. The victim’s machine executes the requested system call and sends the result back to the wrongdoer. By doing thus, the attacker needn’t transfer the tools to the compromised machine. However, this will increase the number of network traffic between the compromised machine and also the attacker, thereby making latency. this method helps in capitalizing the code inject ion vulnerabilities on a system.

• User land Execve Technique

The “UserlandExecve” technique permits a UNIX system method load Associate in Nursing execute an ELF binary image from a memory buffer. This lets programs on the victim figure r to load, run while not victimization the UNIX system execve() kernel decision, thereby belongings the wrongdoer to beat kernel-based security systems which may deny access to execve().

9. Anti-Forensics Techniques: Alternate information Stream

Alternate information stream (ADS) could be a feature of Windows New Technology file system (NTFS) that contains data for locating a file by author or t it LE. A file or folder in NTFS consists of the many information streams: one is the primary data stream, that consists of the data that we tend to expect from the file. The second stream is that the alternate data stream which will hide the presence of another file.

Attackers manipulate the ADS data by inserting malicious codes or programs into them and executing it at can. This makes a valuable place for attackers to cover rootkits, worms, virus, and so on. as an example, windows show a file, say “read .txt”, data of this file may contain the data for “EvilVirus.exe”.

Questions related to this topic

What is anti forensics in cyber security?
What techniques are used in forensic science?
Which of the following is the definition of anti forensics?
What data hiding techniques?

Top Incident Handling Knowledge

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

https://g.co/kgs/ttqPpZ