Skip to main content
SpringerLink
Log in

An Anti-forensic Method Based on RS Coding and Distributed Storage

  • Conference paper
  • First Online:
Algorithms and Architectures for Parallel Processing (ICA3PP 2021)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 13156))

Abstract

The anti-forensics (AF) technology has become a new field of cybercrime. The problems of existing forensic technologies should be considered from criminals’ perspective, so as to make improvement to existing AF technologies. There are two types of AF methods, namely, data hiding and destruction, where most AF tools are primarily based on data hiding. If the data can be intercepted by investigators during the AF process, the remaining data may be destroyed by the criminal, which would make investigators obtain nothing about data information. To address this issue, this paper proposes an AF scheme with multi-device storage based on Reed-Solomon codes by combining data hiding and data destruction. The data is divided into multiple out-of-order data blocks and parity blocks, where these blocks are stored separately in different devices. This method can reduce the storage cost and protect the privacy of data. Even if the data is destroyed, it allows AF investigators to recover the data. Security analysis showed that this AF method can prevent malicious, erroneous or invalid files while acquired and ensure data security in data stolen. Theoretical analysis indicated that this method was difficult for investigators but easy for AFer in files recovery. Experimental results demonstrated that the proposed method is effective and has practical efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. AccessData. https://accessdata.com/product-download/ftk-tools-7-4-2. Accessed 14 Aug 2021

  2. CAINE Linux. https://www.caine-live.net/. Accessed 15 Aug 2021

  3. east-tec InvisibleSecrets. https://www.east-tec.com/invisiblesecrets/. Accessed 16 Aug 2021

  4. Hex workshop. http://www.hexworkshop.com/. Accessed 14 Aug 2021

  5. Kali Linux. https://www.kali.org/. Accessed 15 Aug 2021

  6. Killdisk User Manual. https://www.killdisk.com/manual/index.html#erase-methods.html. Accessed 15 Aug 2021

  7. Metasploit. https://github.com/rapid7/metasploit-framework/. Accessed 16 Aug 2021

  8. U.S. Air Force System Security Instruction 5020 (September 2000). https://cryptome.org/afssi5020.htm. Accessed 16 Aug 2021

  9. DoD 5220.22-M National Industry Security Program Operating Manual (NISPOM) (May 2016). https://www.esd.whs.mil/portals/54/documents/dd/issuances/dodm/522022m.pdf. Accessed 16 Aug 2021

  10. Andreas, S.: strongSwan. https://github.com/strongswan/strongswan. Accessed 14 Aug 2021

  11. Banakh, R., Piskozub, A.: Attackers’ wi-fi devices metadata interception for their location identification. In: 2018 IEEE 4th International Symposium on Wireless Systems within the International Conferences on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS-SWS), pp. 112–116 (2018). https://doi.org/10.1109/IDAACS-SWS.2018.8525538

  12. Chandramouli, S.P., et al.: Measuring e-mail header injections on the world wide web. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing, SAC 2018, pp. 1647–1656. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3167132.3167308

  13. Conlan, K., Baggili, I., Breitinger, F.: Anti-forensics: furthering digital forensic science through a new extended, granular taxonomy. Digital Invest. 18, S66–S75 (2016). https://doi.org/10.1016/j.diin.2016.04.006

    Article  Google Scholar 

  14. Cristea, M., Groza, B.: Fingerprinting smartphones remotely via ICMP timestamps. IEEE Commun. Lett. 17(6), 1081–1083 (2013). https://doi.org/10.1109/LCOMM.2013.040913.130419

    Article  Google Scholar 

  15. Garber, L.: Computer Forensics: high-tech law enforcement. Computer 34(01), 22–27 (2001). https://doi.org/10.1109/MC.2001.10008

    Article  Google Scholar 

  16. Göbel, T., Baier, H.: Anti-forensic capacity and detection rating of hidden data in the ext4 filesystem. In: DigitalForensics 2018. IAICT, vol. 532, pp. 87–110. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99277-8_6

    Chapter  Google Scholar 

  17. Göbel, T., Baier, H.: Anti-forensics in ext4: on secrecy and usability of timestamp-based data hiding. Digital Invest. 24, S111–S120 (2018). https://doi.org/10.1016/j.diin.2018.01.014

    Article  Google Scholar 

  18. Grugq, T.: Defeating forensic analysis on unix. Phrack Mag. 11(58) (2002). http://phrack.org/issues/59/6.html

  19. Gutmann, P.: Secure deletion of data from magnetic and solid-state memory. In: 6th USENIX Security Symposium (USENIX Security 96). USENIX Association, San Jose, CA (July 1996)

    Google Scholar 

  20. Hitefield, S.D., Fowler, M., Clancy, T.C.: Exploiting buffer overflow vulnerabilities in software defined radios. In: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 1921–1927 (2018). https://doi.org/10.1109/Cybermatics_2018.2018.00318

  21. Jeitner, P., Shulman, H.: Injection attacks reloaded: tunnelling malicious payloads over DNS. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 3165–3182. USENIX Association (August 2021)

    Google Scholar 

  22. Kakde, Y., Gonnade, P., Dahiwale, P.: Audio-video steganography. In: 2015 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS), pp. 1–6 (2015). https://doi.org/10.1109/ICIIECS.2015.7192885

  23. Karagiannis, C., Vergidis, K.: Digital evidence and cloud forensics: contemporary legal challenges and the power of disposal. Information 12(5), 181 (2021)

    Article  Google Scholar 

  24. Kessler, G.C.: GCK’S File Signatures Table (June 2021). https://www.garykessler.net/library/file_sigs.html. Accessed 15 Aug 2021

  25. Kissel, R., Regenscheid, A., Scholl, M., Stine, K.: NIST Special Publication 800–88 Revision 1: sGuidelines for Media Sanitization (December 2014). https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf. Accessed 16 Aug 2021

  26. Kumar, A., Kansal, A., Singh, K.: An improved anti-forensic technique for jpeg compression. Multimedia Tools Appl. 78(18), 25427–25453 (2019)

    Article  Google Scholar 

  27. Mansfield-Devine, S.: Fighting forensics. Comput. Fraud Secur. 2010(1), 17–20 (2010). https://doi.org/10.1016/S1361-3723(10)70112-3

    Article  Google Scholar 

  28. McDonald, A.D., Kuhn, M.G.: StegFS: a steganographic file system for Linux. In: Pfitzmann, A. (ed.) IH 1999. LNCS, vol. 1768, pp. 463–477. Springer, Heidelberg (2000). https://doi.org/10.1007/10719724_32

    Chapter  Google Scholar 

  29. Neuner, S., Voyiatzis, A.G., Schmiedecker, M., Brunthaler, S., Katzenbeisser, S., Weippl, E.R.: Time is on my side: steganography in filesystem metadata. Digital Invest. 18, S76–S86 (2016). https://doi.org/10.1016/j.diin.2016.04.010

    Article  Google Scholar 

  30. Perez, B., Musolesi, M., Stringhini, G.: You are your metadata: identification and obfuscation of social media users using metadata information. In: Proceedings of the 12th International Conference on Web and Social Media, ICWSM 2018, Stanford, California, USA, 25–28 June 2018. pp. 241–250. AAAI Press (2018)

    Google Scholar 

  31. Piper, S., Davis, M., Manes, G., Shenoi, S.: Detecting hidden data in Ext2/Ext3 file systems. In: Pollitt, M., Shenoi, S. (eds.) DigitalForensics 2005. ITIFIP, vol. 194, pp. 245–256. Springer, Boston, MA (2006). https://doi.org/10.1007/0-387-31163-7_20

    Chapter  Google Scholar 

  32. Reed, I.S., Solomon, G.: Polynomial codes over certain finite fields. J. Soc. Ind. Appl. Math. 8(2), 300–304 (1960)

    Article  MathSciNet  Google Scholar 

  33. Rogers, M.: Anti-forensics (September 2005). https://www.researchgate.net/profile/Marcus-Rogers-2/publication/268290676_Anti-Forensics_Anti-Forensics/links/575969a908aec91374a3656c/Anti-Forensics-Anti-Forensics.pdf

  34. Schneier, B., Kelsey, J.: Secure audit logs to support computer forensics. ACM Trans. Inf. Syst. Secur. 2(2), 159–176 (1999). https://doi.org/10.1145/317087.317089

    Article  Google Scholar 

  35. Walters, A.: Volatility Foundation. https://www.volatilityfoundation.org/. Accessed 14 Aug 2021

  36. Wang, T., Wang, P., Cai, S., Ma, Y., Liu, A., Xie, M.: A unified trustworthy environment establishment based on edge computing in industrial IoT. IEEE Trans. Ind. Inf. 16(9), 6083–6091 (2020). https://doi.org/10.1109/TII.2019.2955152

    Article  Google Scholar 

  37. Wani, M.A., AlZahrani, A., Bhat, W.A.: File system anti-forensics - types, techniques and tools. Comput. Fraud Secur. 2020(3), 14–19 (2020). https://doi.org/10.1016/S1361-3723(20)30030-0

    Article  Google Scholar 

Download references

Acknowledgments

This article is supported in part by the National Key R\( \& \)D Program of China under project 2020YFB1006004, the National Natural Science Foundation of China under projects 61772150, 61862012 and 61962012, the Guangxi Natural Science Foundation under grants 2018GXNSFDA281054, 2019GXNSFFA245015 and 2019GXNSFGA245004, the Guangxi Young Teachers’ Basic Ability Improvement Program 2021KY0214, the Peng Cheng Laboratory Project of Guangdong Province PCL2018KP004, and the open program of Guangxi Key Laboratory of Cryptography and Information Security under grant GCIS201930.

Author information

Authors and Affiliations

  1. Guangxi Key Laboratory of Cryptography and Information Security, School of Computer Science and Information Security, Guilin University of Electronic Technology, Guilin, China

    Xuhang Jiang, Yujue Wang, Yong Ding, Hai Liang & Zhenyu Li

  2. Cyberspace Security Research Center, Pengcheng Laboratory, Shenzhen, China

    Yong Ding

  3. School of Mathematics and Computing Science, Guilin University of Electronic Technology, Guilin, China

    Huiyong Wang

Authors
  1. Xuhang Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yujue Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yong Ding
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hai Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Huiyong Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Zhenyu Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Xiamen University, Xiamen, China

    Yongxuan Lai

  2. Beijing Normal University, Zhuhai, China

    Tian Wang

  3. Xiamen University, Xiamen, China

    Min Jiang

  4. Tianjin University, Tianjin, China

    Guangquan Xu

  5. Hunan University, Changsha, China

    Wei Liang

  6. University of Naples Parthenope, Naples, Italy

    Aniello Castiglione

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jiang, X., Wang, Y., Ding, Y., Liang, H., Wang, H., Li, Z. (2022). An Anti-forensic Method Based on RS Coding and Distributed Storage. In: Lai, Y., Wang, T., Jiang, M., Xu, G., Liang, W., Castiglione, A. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2021. Lecture Notes in Computer Science(), vol 13156. Springer, Cham. https://doi.org/10.1007/978-3-030-95388-1_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-95388-1_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-95387-4

  • Online ISBN: 978-3-030-95388-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation