Abstract
Individuals who wish to avoid leaving evidence on computers and networks often use programs that conceal data from conventional digital forensic tools. This paper discusses the application of passive file system analysis techniques to detect trace evidence left by data concealment programs. In addition, it describes the design and operation of Seraph, a tool that determines whether certain encryption, steganography and erasing programs were used to hide or destroy data.
Chapter PDF
References
Access Data, Password Recovery Toolkit (PRTK) (www.accessdata.com/products/prtk).
AKS-Labs, Find password protected files (www.aks-labs.com/solu tions/find-password-protected.htm).
C. Brown, Detecting and collecting whole disk encryption media, presented at the Department of Defense Cyber Crime Conference, Palm Harbor, Florida, 2006.
P. Burke and P. Craiger, Assessing trace evidence left by secure deletion programs, in Advances in Digital Forensics II, M. Olivier and S. Shenoi (Eds.), Springer, New York, pp. 185–195, 2006.
K. Curran and K. Bailey, An evaluation of image-based steganography methods, International Journal of Digital Evidence vol. 2(2), 2003.
Cypherix, Cryptainer LE (www.cypherix.com/cryptainerle).
Defense Security Service, National Industrial Security Program Operating Manual (NISPOM), DoD 5220.22-M, U.S. Department of Defense (www.dss.mil/isec/nispom_0195.pdf), 1995.
Free Downloads Center, Encrypted Files Search 1.2 (www.freedown loadscenter.com/Utilities/Misc_Encryption_Utilities/Encrypted_Fi les_Search.html).
Giant Internet, Internet Eraser Pro (www.interneteraser.net).
InstallShield, Creating registry keys (helpnet.installshield.com/robo /projects/helplibdevstudio9/IHelpRegistryKeys.htm).
J. Jackson, G. Gunsch, G. Lamont and R. Claypoole, Blind steganography detection using a computational immune system: A work in progress, International Journal of Digital Evidence, vol. 1(4), 2003.
G. Kessler, An overview of steganography for the computer forensics examiner, Forensic Science Communications, vol. 6(3), 2004.
Kryptel, Kryptel Encryption Suite (www.kryptel.com/products/ kryptel).
K. Mandia, C. Prosise and M. Pepe, Incident Response and Computer Forensics, McGraw-Hill/Osborne, Emeryville, California, 2003.
National Institute of Standards and Technology (NIST), National Software Reference Library (NSEL), Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, Maryland (www.nsrl.nist.gov).
B. Nelson, A. Phillips, F. Enfinger and C. Steuart, Guide to Computer Forensics and Investigations, Thompson Course Technology, Boston, Massachusetts, 2004.
NewSoftwares.net, Folder Lock (www.newsoftwares.net/folderlock).
Robin Hood Software, Evidence Eliminator (www.evidence-elimin ator.com/product.d2w).
J. Seigfried, C. Siedsma, B. Countryman and C. Hosmer, Examining the encryption threat, International Journal of Digital Evidence, vol. 2(3), 2004.
J. Sheesley, Use XP’s Prefetch feature to improve system performance, TechRepublic (techrepublic.com.com/5100-1035-11-51657 73.html?tag=e064#), 2004.
Softpedia, Bestcrypt 7.20.2 (www.softpedia.com/get/Security/Encr ypting/BestCrypt.shtml), 2005.
U.S. District Court (Southern District of New York), United States of America v. Robert Johnson (files.findlaw.com/news.findlaw.com /hdocs/docs/chldprn/usjhnsn62805ind.pdf), June 28, 2005.
U.S. Immigration and Customs Enforcement, U.S. charges ex CEO with using the Internet for child pornography and with obstruction of justice (www.ice.gov/graphics/news/newsreleases/arti cles/050628newyork.htm), June 28, 2005.
P. Wayner, Disappearing Cryptography: Information Hiding, Steganography and Watermarking, Morgan Kauffman, San Francisco, California, 2002.
WetStone Technologies, Stego Suite (www.wetstonetech.com).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 IFIP Internatonal Federation for Information Processing
About this paper
Cite this paper
Davis, M., Kennedy, R., Pyles, K., Strickler, A., Shenoi, S. (2006). Detecting Data Concealment Programs Using Passive File System Analysis. In: Olivier, M.S., Shenoi, S. (eds) Advances in Digital Forensics II. DigitalForensics 2006. IFIP Advances in Information and Communication, vol 222. Springer, Boston, MA. https://doi.org/10.1007/0-387-36891-4_14
Download citation
DOI: https://doi.org/10.1007/0-387-36891-4_14
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-36890-0
Online ISBN: 978-0-387-36891-7
eBook Packages: Computer ScienceComputer Science (R0)