Hello everyone,
I am building an anti-forensics distro Ubuntu-based (thesis university, not terrorism ).
Currently I have implemented
[Wiping] Secure-delete (I created an interface to simplify use)
[Encryption] True-crypt
[Virtualization] Virtual-box
[Network Security] Tor / firefox
[Steganography] Steg-Hide / SteGUI
To implement (such as software can I use?)
[Data Hiding] Filesystem Insertion?
[Create false evidence] Modified Timestamp file?
[Create false evidence] md5 collision?
[Network Anonymity] Attacks on wireless networks (air-crack?)
[Mail Encryption] NewPGP / Thunderbird? (Is a good choise?)
[Firewall] IPtable changes (how?)
[Antivirus] Really needed?
The aim of this project is not primarily a live, but a system installed, to test the effectiveness of forensic tools (CAINE) against my antiforensics distro(AFUBUNTU).
The anonymity software is to complete the work of a antiforensics distro, but isn't the main goal.
other suggestions for this project?
Thanks to all those who want to help me
Looks great
You might want to have a look at the back track distros, something that would crack sam tables would probably be useful but you may find it difficult fitting any useful rainbow tables on the disk. If I were going to add a SAM cracker to a distro I would add a link that would forward the LM table hash to the ophrack website (link inserted below). PS Don't forget to give creditaions to those who have helped you in the acknowlegment wink
http//
Thanks for the reply, but I think you don't help me.
AFubuntu is a distro antiforenssic and SAM Cracker is a forensic tool, which frankly I do not care.
You might want to have a look at the back track distros, something that would crack sam tables would probably be useful but you may find it difficult fitting any useful rainbow tables on the disk. If I were going to add a SAM cracker to a distro I would add a link that would forward the LM table hash to the ophrack website (link inserted below). PS Don't forget to give creditaions to those who have helped you in the acknowlegment wink
http//
www.objectif-securite.ch/products.php
I think this community is the wrong for you. I can only speak for me myself, but I think many others of this forum think the same
We are happy to have some forensic knowledge, some tricks where we still can find evidence even the suspect has tried to cover his tracks.
Also we already have enough possibilities to verify our work and to test our forensic tools.
So at least I am not interested in publishing an Anti-Forensic-CD! This knowldege should not be sprided in a CD and so easy to get!
Of course, the Anti-Forensic-knowledge is public, too, but I think suspects who try to hide their tracks should do at least do their own researches on the internet and should not be given a ready solution from professional forensic specialists!
Chris
Hello everyone,
I am building an anti-forensics distro Ubuntu-based (thesis university, not terrorism ).
Currently I have implemented
[Wiping] Secure-delete (I created an interface to simplify use)
[Encryption] True-crypt
[Virtualization] Virtual-box
[Network Security] Tor / firefox
[Steganography] Steg-Hide / SteGUITo implement (such as software can I use?)
[Data Hiding] Filesystem Insertion?
[Create false evidence] Modified Timestamp file?
[Create false evidence] md5 collision?
[Network Anonymity] Attacks on wireless networks (air-crack?)
[Mail Encryption] NewPGP / Thunderbird? (Is a good choise?)
[Firewall] IPtable changes (how?)
[Antivirus] Really needed?The aim of this project is not primarily a live, but a system installed, to test the effectiveness of forensic tools (CAINE) against my antiforensics distro(AFUBUNTU).
The anonymity software is to complete the work of a antiforensics distro, but isn't the main goal.
other suggestions for this project?
Thanks to all those who want to help me
This is a great idea. You might add in mac address spoofing (macchanger) for when accessing other networks so that IDS and other devices are logging a mac address not associated with any physical network devices on your system.
Full disk encryption with truecrypt and a secure passphrase is really the deal breaker I think. You're not going to do much forensic-wise against a system like this.
You can also modify the Truecrypt boot loader to take out any mention of "Truecrypt" to make it a bit harder to identify, like here
http//
You might want to check out the "anti-anti-forensics" research for a balanced view.
I think I saw a paper in Blackhat 2009 recently related to work being done on detecting "anti-forensic" kit.
You might want to check out the "anti-anti-forensics" research for a balanced view.
I think I saw a paper in Blackhat 2009 recently related to work being done on detecting "anti-forensic" kit.
thanks for giving me this paper reported D
not a problem…..
let the war begin , anti- forensics VRS anti-anti-anti forensics 😉
Would you be willing to give me a copy?
I ask as I have a project coming and this would be a fantastic this to explore in a Forensic/Security context.