anti-forensic techniques

6 Anti-forensic techniques that every cyber investigator dreads

Reading Time: 4 minutes

Anti-forensic techniques can make a computer investigator’s life difficult. From committing fraud in an organization to stealing crucial data, cybercriminals can perform a wide range of nefarious activities. In some cases, these perpetrators try to cover their tracks by deleting browser history, cache memory, and even cookies. But with an upward trend, it is now much convenient for cyber attackers to use already programmed software and tools to alter their digital footprints. Technically, these tools are designed to hide, remove, and eventually hinder cyber forensic analysis. With the use of anti-forensic techniques, it becomes exhausting to retrieve evidence during a computer investigation.

Cybercriminals use many ways to hide information and their digital footprints. For instance, altering the header of a file can deceive people. Changing the header from .jpg to .mp3 will give the impression of an audio file, but the system will still treat as an image file.

Similarly, an investigator focused on a particular file format can skip over important evidence. Under another method, perpetrators can use slack space, i.e., unused space of a file, to hide sensitive sections of a file. Dividing a file into smaller sections and hiding the information in the slack space, makes the data retrieval and data assembly challenging.

The internet has a vast number of anti-forensic techniques to conceal the digital activities of an individual. Some of these techniques are basic, while some require sound technical knowledge. The advanced techniques are deliberately used by the black hat community to hamper a cyber investigation.

Fascinating Anti-Forensic Techniques to Cover Digital Footprints

1. Encryption

Under encryption, the data is converted into an unreadable format (“encrypted data” or “ciphertext”) using a pair of keys.

The primary motive of encryption is to prevent confidential files or data from unauthorized access. The encrypted data can be deciphered only by using the paired-up key. This is one of the traditional methods to protect data.

Under modern cryptography methods, Data Encryption Standard (DES), Advanced Encryption Standard (AES), are a few of the popular techniques. They use symmetric as well as asymmetric encryption.

Difference between symmetric and asymmetric algorithms?

Symmetric algorithms use a single key to encrypt and decrypt data, while asymmetric algorithms use two separate keys for both the processes.

2. Steganography

Steganography is the act of concealing data in plain sight.

Most often, data is exchanged via an image. In this type of technique, a section of the image is altered so that it is not identifiable easily. The processed file looks ordinary and can go unnoticed. In the modern-day, the message is concealed using microdots and invisible ink. There is another form, linguistic steganography, where the message is hidden in a natural context. Steganography allows messages and even huge files to be hidden in pictures, text, audio, and video files.

It is challenging to identify a steganography-attack, but repetitive patterns can reveal the secret message to the investigator. With that, the professionals can also use advanced tools to spot hidden data.

3. Tunneling

This method uses encapsulation to allow private communications to be exchanged over a public network.

The data packets will flow from public networks, thus generating no suspicion. One of the common ways is to use a Virtual Private Network (VPN), which encrypts the data for security reasons.

To eliminate such attacks, organizations must continuously monitor their encrypted network connections.

4. Onion Routing

The process of sending messages which are encrypted in layers, denoting layers of an onion, is referred to as onion routing.

The data packet goes through several networking nodes where every layer of encryption gets peeled off. With the stripping of the final layer, the message gets closer to reach its destination. The message remains anonymous to the entire message delivery chain except the nodes placed after the source and before the destination.

One of the best practices to fight against onion routing is to use reverse routing. This elimination process is time-consuming but can be used to defeat onion routing.

5. Obfuscation

A technique that makes a message difficult to understand because of its ambiguous language is known as obfuscation.

This method uses jargon and ingroup phrases to communicate. It could be intentional and unintentional. The primary objective of obfuscation is to reduce the risk of exposure. It can be done by altering the signature or fingerprint of malicious code.

Deobfuscation is the same as countering onion routing. Removing layers exposes clean and readable code.

6. Spoofing

The act of disguising communication to gain access to unauthorized systems or data.

Spoofing can be performed through emails, phone calls, and websites. Two most common ways of spoofing are –

  • IP Spoofing – Under IP spoofing, perpetrators use a different IP address to hide their system’s IP address for initiating malicious activities. Generally, this type of spoofing intends to carry out a distributed denial of service (DDoS) It can be performed either manually or by the use of tools.
  • MAC Spoofing – MAC addresses usually cannot be changed, but with technical skills, it is not impossible. With MAC spoofing, cyber attackers use fake MAC addresses. This is one of the difficult spoofing methods to counter.

Other types of spoofing include ARP spoofing, DNS spoofing, email spoofing, and many more.

Forensic investigators have many tools and techniques to identify spoofing, such as examining email headers in the case of email spoofing or investigating wireless access point activities in case of MAC spoofing, and likewise.

Many of these topics are covered under the Computer Hacking Forensic Investigator (C|HFI). The program will give you an in-depth understanding of digital forensics. Being a hands-on program, its virtual labs mimic the real-world challenges, offering the best learning experience. The vast coverage of C|HFI includes database forensics, cloud forensics, operating system forensics, network forensics, mobile forensics, and many others.

get certified from ec-council
Write for Us