Abstract
The anti-forensics (AF) technology has become a new field of cybercrime. The problems of existing forensic technologies should be considered from criminals’ perspective, so as to make improvement to existing AF technologies. There are two types of AF methods, namely, data hiding and destruction, where most AF tools are primarily based on data hiding. If the data can be intercepted by investigators during the AF process, the remaining data may be destroyed by the criminal, which would make investigators obtain nothing about data information. To address this issue, this paper proposes an AF scheme with multi-device storage based on Reed-Solomon codes by combining data hiding and data destruction. The data is divided into multiple out-of-order data blocks and parity blocks, where these blocks are stored separately in different devices. This method can reduce the storage cost and protect the privacy of data. Even if the data is destroyed, it allows AF investigators to recover the data. Security analysis showed that this AF method can prevent malicious, erroneous or invalid files while acquired and ensure data security in data stolen. Theoretical analysis indicated that this method was difficult for investigators but easy for AFer in files recovery. Experimental results demonstrated that the proposed method is effective and has practical efficiency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AccessData. https://accessdata.com/product-download/ftk-tools-7-4-2. Accessed 14 Aug 2021
CAINE Linux. https://www.caine-live.net/. Accessed 15 Aug 2021
east-tec InvisibleSecrets. https://www.east-tec.com/invisiblesecrets/. Accessed 16 Aug 2021
Hex workshop. http://www.hexworkshop.com/. Accessed 14 Aug 2021
Kali Linux. https://www.kali.org/. Accessed 15 Aug 2021
Killdisk User Manual. https://www.killdisk.com/manual/index.html#erase-methods.html. Accessed 15 Aug 2021
Metasploit. https://github.com/rapid7/metasploit-framework/. Accessed 16 Aug 2021
U.S. Air Force System Security Instruction 5020 (September 2000). https://cryptome.org/afssi5020.htm. Accessed 16 Aug 2021
DoD 5220.22-M National Industry Security Program Operating Manual (NISPOM) (May 2016). https://www.esd.whs.mil/portals/54/documents/dd/issuances/dodm/522022m.pdf. Accessed 16 Aug 2021
Andreas, S.: strongSwan. https://github.com/strongswan/strongswan. Accessed 14 Aug 2021
Banakh, R., Piskozub, A.: Attackers’ wi-fi devices metadata interception for their location identification. In: 2018 IEEE 4th International Symposium on Wireless Systems within the International Conferences on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS-SWS), pp. 112–116 (2018). https://doi.org/10.1109/IDAACS-SWS.2018.8525538
Chandramouli, S.P., et al.: Measuring e-mail header injections on the world wide web. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing, SAC 2018, pp. 1647–1656. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3167132.3167308
Conlan, K., Baggili, I., Breitinger, F.: Anti-forensics: furthering digital forensic science through a new extended, granular taxonomy. Digital Invest. 18, S66–S75 (2016). https://doi.org/10.1016/j.diin.2016.04.006
Cristea, M., Groza, B.: Fingerprinting smartphones remotely via ICMP timestamps. IEEE Commun. Lett. 17(6), 1081–1083 (2013). https://doi.org/10.1109/LCOMM.2013.040913.130419
Garber, L.: Computer Forensics: high-tech law enforcement. Computer 34(01), 22–27 (2001). https://doi.org/10.1109/MC.2001.10008
Göbel, T., Baier, H.: Anti-forensic capacity and detection rating of hidden data in the ext4 filesystem. In: DigitalForensics 2018. IAICT, vol. 532, pp. 87–110. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99277-8_6
Göbel, T., Baier, H.: Anti-forensics in ext4: on secrecy and usability of timestamp-based data hiding. Digital Invest. 24, S111–S120 (2018). https://doi.org/10.1016/j.diin.2018.01.014
Grugq, T.: Defeating forensic analysis on unix. Phrack Mag. 11(58) (2002). http://phrack.org/issues/59/6.html
Gutmann, P.: Secure deletion of data from magnetic and solid-state memory. In: 6th USENIX Security Symposium (USENIX Security 96). USENIX Association, San Jose, CA (July 1996)
Hitefield, S.D., Fowler, M., Clancy, T.C.: Exploiting buffer overflow vulnerabilities in software defined radios. In: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 1921–1927 (2018). https://doi.org/10.1109/Cybermatics_2018.2018.00318
Jeitner, P., Shulman, H.: Injection attacks reloaded: tunnelling malicious payloads over DNS. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 3165–3182. USENIX Association (August 2021)
Kakde, Y., Gonnade, P., Dahiwale, P.: Audio-video steganography. In: 2015 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS), pp. 1–6 (2015). https://doi.org/10.1109/ICIIECS.2015.7192885
Karagiannis, C., Vergidis, K.: Digital evidence and cloud forensics: contemporary legal challenges and the power of disposal. Information 12(5), 181 (2021)
Kessler, G.C.: GCK’S File Signatures Table (June 2021). https://www.garykessler.net/library/file_sigs.html. Accessed 15 Aug 2021
Kissel, R., Regenscheid, A., Scholl, M., Stine, K.: NIST Special Publication 800–88 Revision 1: sGuidelines for Media Sanitization (December 2014). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf. Accessed 16 Aug 2021
Kumar, A., Kansal, A., Singh, K.: An improved anti-forensic technique for jpeg compression. Multimedia Tools Appl. 78(18), 25427–25453 (2019)
Mansfield-Devine, S.: Fighting forensics. Comput. Fraud Secur. 2010(1), 17–20 (2010). https://doi.org/10.1016/S1361-3723(10)70112-3
McDonald, A.D., Kuhn, M.G.: StegFS: a steganographic file system for Linux. In: Pfitzmann, A. (ed.) IH 1999. LNCS, vol. 1768, pp. 463–477. Springer, Heidelberg (2000). https://doi.org/10.1007/10719724_32
Neuner, S., Voyiatzis, A.G., Schmiedecker, M., Brunthaler, S., Katzenbeisser, S., Weippl, E.R.: Time is on my side: steganography in filesystem metadata. Digital Invest. 18, S76–S86 (2016). https://doi.org/10.1016/j.diin.2016.04.010
Perez, B., Musolesi, M., Stringhini, G.: You are your metadata: identification and obfuscation of social media users using metadata information. In: Proceedings of the 12th International Conference on Web and Social Media, ICWSM 2018, Stanford, California, USA, 25–28 June 2018. pp. 241–250. AAAI Press (2018)
Piper, S., Davis, M., Manes, G., Shenoi, S.: Detecting hidden data in Ext2/Ext3 file systems. In: Pollitt, M., Shenoi, S. (eds.) DigitalForensics 2005. ITIFIP, vol. 194, pp. 245–256. Springer, Boston, MA (2006). https://doi.org/10.1007/0-387-31163-7_20
Reed, I.S., Solomon, G.: Polynomial codes over certain finite fields. J. Soc. Ind. Appl. Math. 8(2), 300–304 (1960)
Rogers, M.: Anti-forensics (September 2005). https://www.researchgate.net/profile/Marcus-Rogers-2/publication/268290676_Anti-Forensics_Anti-Forensics/links/575969a908aec91374a3656c/Anti-Forensics-Anti-Forensics.pdf
Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. 2(2), 159–176 (1999). https://doi.org/10.1145/317087.317089
Walters, A.: Volatility Foundation. https://www.volatilityfoundation.org/. Accessed 14 Aug 2021
Wang, T., Wang, P., Cai, S., Ma, Y., Liu, A., Xie, M.: A unified trustworthy environment establishment based on edge computing in industrial IoT. IEEE Trans. Ind. Inf. 16(9), 6083–6091 (2020). https://doi.org/10.1109/TII.2019.2955152
Wani, M.A., AlZahrani, A., Bhat, W.A.: File system anti-forensics - types, techniques and tools. Comput. Fraud Secur. 2020(3), 14–19 (2020). https://doi.org/10.1016/S1361-3723(20)30030-0
Acknowledgments
This article is supported in part by the National Key R\( \& \)D Program of China under project 2020YFB1006004, the National Natural Science Foundation of China under projects 61772150, 61862012 and 61962012, the Guangxi Natural Science Foundation under grants 2018GXNSFDA281054, 2019GXNSFFA245015 and 2019GXNSFGA245004, the Guangxi Young Teachers’ Basic Ability Improvement Program 2021KY0214, the Peng Cheng Laboratory Project of Guangdong Province PCL2018KP004, and the open program of Guangxi Key Laboratory of Cryptography and Information Security under grant GCIS201930.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Jiang, X., Wang, Y., Ding, Y., Liang, H., Wang, H., Li, Z. (2022). An Anti-forensic Method Based on RS Coding and Distributed Storage. In: Lai, Y., Wang, T., Jiang, M., Xu, G., Liang, W., Castiglione, A. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2021. Lecture Notes in Computer Science(), vol 13156. Springer, Cham. https://doi.org/10.1007/978-3-030-95388-1_16
Download citation
DOI: https://doi.org/10.1007/978-3-030-95388-1_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-95387-4
Online ISBN: 978-3-030-95388-1
eBook Packages: Computer ScienceComputer Science (R0)