A Report on Digital Forensics: Anti-Forensics Attacks and Mitigation

Verified

Added on 2023/06/05

AI Summary

This report provides an overview of digital forensics, focusing on anti-forensic techniques and strategies for mitigating them, based on Michael Perklin's video, "Anti-Forensics and Anti-Anti-forensics: Attacks and Mitigating Techniques." It highlights the typical workflow of digital investigations, complications that arise during the process, and methods used by bad actors to obfuscate their tracks. The report also discusses mitigation strategies for these attacks, such as using ASCII characters, working from an image, and manually parsing pertinent records. The analysis includes insights into the digital forensic investigator's role, payment structure, and the importance of accurate logging and documentation, emphasizing the need for investigators to be mindful of various attacks during investigations.

Running head: DIGITAL FORENSIC
Digital Forensic
(Student’s Name)
(Professor’s Name)
(Course Title)
(Date of Submission)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

DIGITAL FORENSIC 2
An overview of the video
“Anti-Forensics and Anti-Anti-forensics: Attacks and Mitigating Techniques” is a video
by Michael Perklin. The author of the video takes around 49 minutes and ten seconds to talk
about digital forensics. Three major points have been discussed by Michael, these are a
discussion on digital complications, techniques which can complicate digital-forensic
examinations, and methodologies to mitigate the said techniques.
Lessons learned from the video
To start with Michael Perklin is a digital forensic examiner and computer programmer.
From his tutorial, I have learned some various complications which can arise during digital
investigation (Marshall, 2009). One is the typical workflow during digital investigation process;
the first one is creating a copy, processing data for analysis, then analyzing data for relevance,
preparing a report on findings, and archiving data for future. One of the issues I never knew is
that when preparing a report, one has to include snapshots, snippets or thumbnails. In addition, I
have learned that how investigators are paid; according to Michael, the intermediate investigators
are paid on an hourly basis for 300 US dollars. In addition is the stage number two which is the
process data for analysis; this stage involves hashing, file type identification, and full-text
indexing.
Surprises from the video
One of the things that surprised me is on stage four that is separating the “wheat from the
chaff”; the process takes 16 hours which calculates to $4800. What astonished most is the
payment of the investigators. From the description of all the stages, it seems that digital forensic
investigators reap a lot of money after the overall process. This made me re-think my career. I
thought I would be an information security analyst but according to the figures given by Michael,

DIGITAL FORENSIC 3
I think I might be a digital forensic investigator. Lastly, the statement by Michael surprised me
i.e. “smart investigators never say that this occurred at this time” but they say they say logs show
that it occurred at this time” (Lammle, 2015).
Four different ways that a bad actor may try to obfuscate their tracks
1. Process log files with tools: According to Michael some of these tools use string
matching or regular expressions
2. Circular references: Tools that use Hard-Disk do not bat an eye. Some of the tools that
usually scan folders are usually affected by attacks. Other tools such as “Remote
Analysis” and “Field Triage” methodologies are usually affected
3. Creating restricted files names
4. Broken log files confusion
Mitigation strategies of the attacks
1. Process Log files: To mitigate this issue, the investigator needs to use Ascii characters in
custom messages. In addition, the investigator needs to use eLfL in Windows Event
Logs.
2. Circular references: To mitigate this it is advisable to always work from an image. It is
also very important for the investigator to be mindful of different types of attacks during
any investigation (Sachowski, 2016)
3. Creating restricted files names: To mitigate this issue an investigator should never at one
point export native filenames. It is also very important to specify a different name
4. Broken log files: This can be mitigated by parsing a few pertinent records manually and
then documenting the methodology (Carvey, 2016)

DIGITAL FORENSIC 4
References
Carvey. (2016). Windows Registry Forensics: Advanced digital forensic analysis of Windows
registry. Chicago: Chicago Press.
Lammle, T. (2015). CompTIA Network+ Study Guide. Indianapolis: Sybex.
Marshall, A. M. (2009). Digital Forensics : Digital Evidence in Criminal Investigations. London:
Spring Press.
Sachowski. (2016). Implementing Digital Forensic Readiness: From Reactive to Proactive.
NewYork: Spring Press.