Computer crimes--Investigation, Computer forensics, Evidence tampering, Data encryption (Computer science)
Computer Engineering | Electrical and Computer Engineering | Forensic Science and Technology
Anti-forensic tools, techniques and methods are becoming a formidable obstacle for the digital forensic community. Thus, new research initiatives and strategies must be formulated to address this growing problem. In this work we first collect and categorize 308 antidigital forensic tools to survey the field. We then devise an extended anti-forensic taxonomy to the one proposed by Rogers (2006) in order to create a more comprehensive taxonomy and facilitate linguistic standardization. Our work also takes into consideration anti-forensic activity which utilizes tools that were not originally designed for antiforensic purposes, but can still be used with malicious intent. This category was labeled as Possible indications of anti-forensic activity, as certain software, scenarios, and digital artifacts could indicate anti-forensic activity on a system. We also publicly share our data sets, which includes categorical data on 308 collected anti-forensic tools, as well as 2780 unique hash values related to the installation files of 191 publicly available anti-forensic tools. As part of our analysis, the collected hash set was ran against the National Institute of Standards and Technology's 2016 National Software Reference Library, and only 423 matches were found out of the 2780 hashes. Our findings indicate a need for future endeavors in creating and maintaining exhaustive anti-forensic hash data sets.
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.
Conlan, Kevin; Baggili, Ibrahim; and Breitinger, Frank, "Anti-forensics: Furthering Digital Forensic Science Through a New Extended, Granular Taxonomy" (2016). Electrical & Computer Engineering and Computer Science Faculty Publications. 54.
Conlan, Kevin, Ibrahim Baggili, and Frank Breitinger. "Anti-forensics: Furthering digital forensic science through a new extended, granular taxonomy." Digital Investigation 18 (2016): S66-S75.