Anti-Forensics
Anti-Forensics
Computer Anti-forensics By Bl4ckC4t
Disclaimer: I am not responsible for your stupidity, whether you damage your computer, or do something illegal and get caught. This is for educational purposes only.
In the field of Computer Forensics, the hacker's computer can be his own enemy. Someone can be as careful as they want, delete all logs and even put "impossible" passwords, but even this may not be enough to save you. Forensics goes into extensive detail, with some of the most elite tools. Even these tools can have faults, after all, its a program, right? In essence, it is not really very hard to foil the tools used to run a forensic analysis on your computer. It just takes a little bit of common sense.
Lets start by explaining forensics fromt he view of the forensics analysist. He is there to recover the data you deleted, also known as logs, cookies, hacking tools, anything that could be potential evidence. Note: Just emptying recycle bin does not remove it from the hard drive. The Forensicist is using a government issued restoration program, this program analyzes the electromagnetic waves stored on your hard drives' cylinders. Even if you break these up and possibly burn some of them, these magnetic waves are still there, only in more pieces. The data is still recoverable. We need to completely remove the data from our hard drive. "But how is that possible?" you ask. It is quite simple really. Just download "Eraser" from the link at the bottom of this article. Eraser is a very useful program, it securely deletes all data that has been deleted on your hard drive and has several different ways that it uses. My favorite methods are "US DoD 5220 22-M (8-306. /E, C and E) with 7 passes" and "Pseudorandom Data with 1 pass."
The United States Department of Defence uses some of the most advanced data deletion in the world. The standards that they use are far less likely to be recovered than any ordinary deletion. Eraser takes full advantage of this and makes sure your data is erased.
We know how to delete our data securely, but how do we know if its really unrecoverable? Thats where our next program comes in, it is called Restoration and it recovers deleted files. Restoration is a simple tool, not nearly as advanced as the government issued tools listed before. The government has many different tools attached with their restoration programs. Essentially, these tools are specialized in data recovery and analysis.
Restoration makes our job easier to know exactly what can be recovered, as well as its second function that allows you to clear the 'deleted' files from your hard drive. This makes for a second line of defense against data restoration. I added it as another tool at the bottom of this article.
Index.dat makes for a nasty problem. This evil file is VERY hard to delete, because 1) there are so many of them 2) they are system files, so you have to go into safe mode to delete them
I found a program that allows you to clean these evil files and clean your history. It is Called Privacy Mantra. A link is provided at the bottom for download. I recommend that whoever reads this run these whenever possible to get full effect.
Hope you enjoyed these useful tips to help prevent data recovery. All the tools listed are free AND legal to have, I highly doubt the new laws in Germany will consider these hacking tools.
Eraser: http://sourceforge.net/projects/eraser/ Restoration: http://www.snapfiles.com/get/restoration.html Privacy Mantra: http://www.codeode.com/privacymantra/
ghost 17 years ago
very interesting, enjoyed it. glad this article is on the site hopefully people will read it. and more importantly use it.
ghost 17 years ago
Great article, another thing though. I have some restoration progs and I figured out that if you overwrite the deleted data, it cannot be recovered. As an example, if you were to format your hard drive, and re-install your operating system to hide the files you have deleted, you must also flood your drive with pointless files that take up space. Hence the overwriting of the files you once had. Not good at explaining, but you get the point. Awesome article.
ghost 17 years ago
what about linux Q is it the same Q if so, is there similar tools for linux too Q :ninja:
ghost 17 years ago
1) there are so many of them and 3) There are alot of them in the index.dat section :right: does that seem a bit weird to anyone elseQ
ghost 17 years ago
moshbat: how are you gonna get your HDD out of your pc, and into the microwave before the police break the door down and bust your ass? :p
ghost 17 years ago
you leave the tower open for easy access ^_^ but yea.. a microwave can be your best friend in case of cops.. but it doesn't like your flash drives very much ;)
jaggedlancer 17 years ago
On my laptop i have a little spring inside so i can just push the HDD and it pops out and i have a toaster in my room and a small gap between me and next doors house which isnt accessable so i can just push it, toast it, throw it :p
spyware 17 years ago
Toasting it won't make it unrecoverable you !@#$. You need magnets or get the actual cd's from the HDD and destroy them completely. Maybe melt them?
Uber0n 17 years ago
Very good article. I wrote one on almost the same subject a long while ago (http://www.hellboundhackers.org/articles/513-Erasing-files-the-safe-way.html)
Zer0Man 17 years ago
Very informative article - Might be an idea to submit the Eraser, Restoration and Privacy Mantra links to the HBH links pages so they are available if this article can't be accessed. B)
ghost 17 years ago
i had heard something about it never being possible to remove data COMPLETELY. this cleared it up for me. but otherwise, good article.
ghost 17 years ago
Indeed a good article however the notion that many erasers eliminate data according to DoD Standards is implausible as more often than not it's just an advertising ploy - one of the most secure methods available today is the Gutmann method - passing over data 35 times to ensure as much security as your happy hacking needs, as only the most sophisticated apparatus (magnetic force microscope) could pick up the data - so if you get a eraser that offers the Gutmann method you might be sorted :ninja:
ghost 17 years ago
Yeah, these tools and stuff are all great, but at the end of the day, if your being investigated enough for the government to take huge measures to recover your data, they will probably frame you if they cant.
My plan if i need it isnt very good if i get a surpirise visit, but if i know its coming id get a new hard drive, the old one can then be thermited, dropped in the sea, whatever.
ghost 16 years ago
Something that you didn't mention is that things like your printer or fax can keep logs. And I think this is how groups like the fbi get around the warrentless taps (everything they need is in your computer). The D-bags would probably spend a million dollars to say they caught a "hacker," but they don't have the tools to "recover" your files if your computer is at the bottom of a nice lake. Nice that you posted links to those tools.