ANTI-FORENSICSA TOM & JERRY GAME

TECHWEEK 2019

WHOAMIT

EC

HW

EE

K 2

019

Cyber Security Researcher

E-Kraal Innovation Hub

Books | Yoga | Music

@PatriciaMusomba

DIGITAL FORENSICS.

The discipline that studies

techniques & methodologies

used to collect, analyze and

present admissible digital

evidence.

ANTI-FORENSICS.

Any technique, software or

tactic designed to hinder an

investigation. Used to throw

off an investigator or avoid

detection

DEFINITIONS

Why should you care?

REDUCEINVESTIGATION TIME

REDUCEINVESTIGATION COST

IMPROVE YOURINVESTIGATION SKILLS

WIN THE GAME

ANTI-FORENSICTECHNIQUES

How? Unused space in the MBR, Host Protected

Area(HPA), Slack space, Mark usable clusters as bad

How to deal: Learn the file system in use

DATA HIDING

How? Steganography, encryption is an analyst's

worst nightmare

How to deal: Bruteforce, exploit the algorithm's

vulnerabilities

CRYPTOGRAPHY

How? Change file extensions, time stamp scrambling,

dummy log files, disk wiping

DATA FORGERY & DELETION

Prevent a system from creating and generating

useful traces for the investigator eg working from

a memory buffer

ANALYSIS PREVENTION

DEMO