View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by St. Cloud State University St. Cloud State University theRepository at St. Cloud State Culminating Projects in Information Assurance Department of Information Systems 4-2020 Taxonomy for Anti-Forensics Techniques & Countermeasures Ziada Katamara [email protected] Follow this and additional works at: https://repository.stcloudstate.edu/msia_etds Recommended Citation Katamara, Ziada, "Taxonomy for Anti-Forensics Techniques & Countermeasures" (2020). Culminating Projects in Information Assurance. 109. https://repository.stcloudstate.edu/msia_etds/109 This Starred Paper is brought to you for free and open access by the Department of Information Systems at theRepository at St. Cloud State. It has been accepted for inclusion in Culminating Projects in Information Assurance by an authorized administrator of theRepository at St. Cloud State. For more information, please contact [email protected]. Taxonomy for Anti-Forensics Techniques and Countermeasures by Ziada Katamara A Starred Paper Submitted to the Graduate Faculty of St Cloud State University in Partial Fulfillment of the Requirements for the Degree Master of Science in Information Assurance June, 2020 Starred Paper Committee: Abdullah Abu Hussein, Chairperson Lynn A Collen Balasubramanian Kasi 2 Abstract Computer Forensic Tools are used by forensics investigators to analyze evidence from the seized devices collected at a crime scene or from a person, in such ways that the results or findings can be used in a court of law. These computer forensic tools are very important and useful as they help the law enforcement personnel to solve crimes. Computer criminals are now aware of the forensics tools used; therefore, they use countermeasure techniques to efficiently obstruct the investigation processes. By doing so, they make it difficult or almost impossible for investigators to uncover the evidence. These techniques, used against the computer forensics processes, are called Anti-forensics. This paper describes some of the many anti-forensics’ method, techniques and tools using a taxonomy. The taxonomy classified anti-forensics into different levels and different categories: WHERE, WHICH, WHAT, and HOW. The WHERE level indicates where anti-forensics can occur during an investigation. The WHICH level indicates which anti-forensics techniques exist. The WHAT level defines the exact method used for each technique. Finally, the HOW level indicates the tools used. Additionally, some countermeasures were proposed. 3 Table of Contents Page List of Tables ...................................................................................................................................5 List of Figures ..................................................................................................................................6 Chapter I. Introduction ..........................................................................................................................7 Introduction ....................................................................................................................7 Problem Statement .........................................................................................................8 Nature and Significance of the Problem ........................................................................9 Objective of the Study ...................................................................................................9 Study Questions/Hypotheses .........................................................................................9 Limitations of the Study.................................................................................................9 Definition of Terms......................................................................................................10 Summary ......................................................................................................................13 II. Background and Review of Literature ...............................................................................14 Introduction ..................................................................................................................14 Background Related to the Problem ............................................................................16 Literature Related to the Problem ................................................................................18 Literature Related to the Methodology ........................................................................24 Summary ......................................................................................................................31 III. Methodology ......................................................................................................................32 Introduction ..................................................................................................................32 4 Chapter Page Design of the Study ......................................................................................................32 Data Collection ............................................................................................................33 Tools and Techniques ..................................................................................................35 Summary ......................................................................................................................36 IV. Data Presentation and Analysis .........................................................................................37 Introduction ..................................................................................................................37 Data Presentation .........................................................................................................37 Data Analysis ...............................................................................................................42 Data ........................................................................................................................42 Forensics Tools ......................................................................................................51 Summary ......................................................................................................................53 V. Results, Conclusion, and Future Work ..............................................................................54 Introduction ..................................................................................................................54 Results ..........................................................................................................................54 Conclusion ...................................................................................................................58 Future Work .................................................................................................................60 References ......................................................................................................................................61 5 List of Tables Table Page 1. Different Anti-Forensics Definitions from Various Authors .............................................15 2. Classification of Common Anti-Forensics Methods .........................................................19 3. Digital Evidence Anti-Forensics Taxonomy .....................................................................23 4. Legal Process Anti-Forensics Taxonomy ..........................................................................24 5. Exploits of the Methods .....................................................................................................26 6. Familiarity with Anti-Forensics Techniques .....................................................................28 7. Familiarity with Anti-Forensics Tools ...............................................................................28 8. Levels of the Taxonomy ....................................................................................................37 6 List of Figures Figure Page 1. Taxonomy ..........................................................................................................................40 2. Level 1 of Taxonomy .........................................................................................................41 3. Level 2 of Taxonomy .........................................................................................................41 4. Level 3 of Taxonomy .........................................................................................................41 5. Level 4 of Taxonomy .........................................................................................................42 7 Chapter I: Introduction Introduction Computers are electronic devices used almost by anyone and everywhere. Computers have become an important part of our everyday life since they can do so many things. They are equipped with many capabilities such as processing information very fast, giving accurate results, storing large amounts of data and information, and so on. However, these capabilities have also allowed criminals to misuse the computer by accessing unauthorized data, destroying or changing stored data, and so on. According to the United States Department of Justice (1989 as cited in Inc., n.d.), Computer crime is defined “as any violations or criminal law