anti-forensics: a tom & jerry game · title: anti-forensics: a tom & jerry game author:...
TRANSCRIPT
![Page 1: ANTI-FORENSICS: a TOM & JERRY GAME · Title: ANTI-FORENSICS: a TOM & JERRY GAME Author: musomba1214 Keywords: DADmRtvOpDM,BACtxuLimZI Created Date: 10/2/2019 5:07:49 PM](https://reader030.vdocuments.site/reader030/viewer/2022040121/5ed89bf36714ca7f47683e34/html5/thumbnails/1.jpg)
ANTI-FORENSICSA TOM & JERRY GAME
TECHWEEK 2019
![Page 2: ANTI-FORENSICS: a TOM & JERRY GAME · Title: ANTI-FORENSICS: a TOM & JERRY GAME Author: musomba1214 Keywords: DADmRtvOpDM,BACtxuLimZI Created Date: 10/2/2019 5:07:49 PM](https://reader030.vdocuments.site/reader030/viewer/2022040121/5ed89bf36714ca7f47683e34/html5/thumbnails/2.jpg)
WHOAMIT
EC
HW
EE
K 2
019
Cyber Security Researcher
E-Kraal Innovation Hub
Books | Yoga | Music
@PatriciaMusomba
![Page 3: ANTI-FORENSICS: a TOM & JERRY GAME · Title: ANTI-FORENSICS: a TOM & JERRY GAME Author: musomba1214 Keywords: DADmRtvOpDM,BACtxuLimZI Created Date: 10/2/2019 5:07:49 PM](https://reader030.vdocuments.site/reader030/viewer/2022040121/5ed89bf36714ca7f47683e34/html5/thumbnails/3.jpg)
DIGITAL FORENSICS.
The discipline that studies
techniques & methodologies
used to collect, analyze and
present admissible digital
evidence.
ANTI-FORENSICS.
Any technique, software or
tactic designed to hinder an
investigation. Used to throw
off an investigator or avoid
detection
DEFINITIONS
![Page 4: ANTI-FORENSICS: a TOM & JERRY GAME · Title: ANTI-FORENSICS: a TOM & JERRY GAME Author: musomba1214 Keywords: DADmRtvOpDM,BACtxuLimZI Created Date: 10/2/2019 5:07:49 PM](https://reader030.vdocuments.site/reader030/viewer/2022040121/5ed89bf36714ca7f47683e34/html5/thumbnails/4.jpg)
Why should you care?
REDUCEINVESTIGATION TIME
REDUCEINVESTIGATION COST
IMPROVE YOURINVESTIGATION SKILLS
WIN THE GAME
![Page 5: ANTI-FORENSICS: a TOM & JERRY GAME · Title: ANTI-FORENSICS: a TOM & JERRY GAME Author: musomba1214 Keywords: DADmRtvOpDM,BACtxuLimZI Created Date: 10/2/2019 5:07:49 PM](https://reader030.vdocuments.site/reader030/viewer/2022040121/5ed89bf36714ca7f47683e34/html5/thumbnails/5.jpg)
ANTI-FORENSICTECHNIQUES
![Page 6: ANTI-FORENSICS: a TOM & JERRY GAME · Title: ANTI-FORENSICS: a TOM & JERRY GAME Author: musomba1214 Keywords: DADmRtvOpDM,BACtxuLimZI Created Date: 10/2/2019 5:07:49 PM](https://reader030.vdocuments.site/reader030/viewer/2022040121/5ed89bf36714ca7f47683e34/html5/thumbnails/6.jpg)
How? Unused space in the MBR, Host Protected
Area(HPA), Slack space, Mark usable clusters as bad
How to deal: Learn the file system in use
DATA HIDING
How? Steganography, encryption is an analyst's
worst nightmare
How to deal: Bruteforce, exploit the algorithm's
vulnerabilities
CRYPTOGRAPHY
![Page 7: ANTI-FORENSICS: a TOM & JERRY GAME · Title: ANTI-FORENSICS: a TOM & JERRY GAME Author: musomba1214 Keywords: DADmRtvOpDM,BACtxuLimZI Created Date: 10/2/2019 5:07:49 PM](https://reader030.vdocuments.site/reader030/viewer/2022040121/5ed89bf36714ca7f47683e34/html5/thumbnails/7.jpg)
How? Change file extensions, time stamp scrambling,
dummy log files, disk wiping
DATA FORGERY & DELETION
Prevent a system from creating and generating
useful traces for the investigator eg working from
a memory buffer
ANALYSIS PREVENTION
![Page 8: ANTI-FORENSICS: a TOM & JERRY GAME · Title: ANTI-FORENSICS: a TOM & JERRY GAME Author: musomba1214 Keywords: DADmRtvOpDM,BACtxuLimZI Created Date: 10/2/2019 5:07:49 PM](https://reader030.vdocuments.site/reader030/viewer/2022040121/5ed89bf36714ca7f47683e34/html5/thumbnails/8.jpg)
DEMO