Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
The anti-forensics challenge
Dahbur K., Mohammad B.  ISWSA 2011 (Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications, Amman, Jordan, Apr 18-20, 2011)1-7.2011.Type:Proceedings
Date Reviewed: Jan 24 2012

Dahbur and Mohammad introduce this paper as a survey of tools and techniques in the emerging field of anti-forensics, together with their classification. The authors explicitly address only computer anti-forensics (CAF), deferring network anti-forensics aspects to future work.

The authors’ position is similar to that in the field of cryptology--to know better cryptography, one needs to know a bit of cryptanalysis and vice versa. They cite a lack of previous work on comprehensive classification of anti-forensics tools and techniques, as they attempt to lay a foundation for the terminology of the anti- side.

They begin by defining the problem space, as well as the relevant and introductory terminology and literature. The work becomes more useful starting with section 3, specifically with the CAF classification review. The authors mention several sets of classification categories from the surveyed literature based on attack targets, (non-)traditional techniques, functionality, and the distinction between anti-forensics (forensic analysis prevention by data hiding) and counter-forensics (direct attack on forensic tools).

In section 4, the authors arrive at the challenges: the struggle to come up with a more standard definition of anti-forensics and the need to improve on the previous section’s classification schemes. They examine the problem from the point of view of constraints found in computer forensics--temporal, financial, and other resources. They also more deeply explore the challenges posed by CAF to an investigation by describing the evolution of the privacy technologies available to users, encryption, compression bombs, cloud computing, steganography, and so forth. Then, the authors proceed with a set of four general recommendations.

After the conclusion, future work, and references, there is a small table in the appendix with a list of tools the authors located; the list seems to be a fraction of what it could be. The paper is Windows-centric in its mention of several tools--almost entirely missing are tools for MacOS X, Linux, and mobile devices. The authors also overlook standard Unix utilities that can change timestamps, for example, touch. The paper is sometimes repetitive or sloppy in its terminology, and the image reproductions are of rather poor quality. Overall, the paper is a poor attempt to address an important topic.
Reviewer:  Serguei A. Mokhov Review #: CR139793 (1207-0756)
Bookmark and Share
  Reviewer Selected
Featured Reviewer 		 
 
Systems Analysis And Design (K.6.1 ... )
 
 
Semantic Web (H.3.4 ... )
 
 
Systems Development (K.6.1 ... )
 
 
Security and Protection (K.6.5 )
 
Would you recommend this review?
yes
no
Other reviews under "Systems Analysis And Design": Date
Strategic value analysis: a modern approach to systems and data planning
Curtice R., Prentice-Hall, Inc., Upper Saddle River, NJ, 1987. Type: Book (9789780138514525)		 Nov 1 1987
Information systems development research
Avison D., Wood-Harper A. The Computer Journal 34(2): 98-112, 1991. Type: Article		 May 1 1992
Seven ways to develop office systems
Noble F. The Computer Journal 34(2): 113-121, 1991. Type: Article		 Mar 1 1992
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy