Formal Digital Investigation of Anti-forensic Attacks
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Active In SP

Posts: 1,124
Joined: Jun 2010
09-10-2010, 03:24 PM

.pdf   Formal Digital Investigation of Anti-forensic Attacks.pdf (Size: 265.48 KB / Downloads: 58)
This article is presented by:
xxxxSlim Rekhis and Noureddine Boudriga
Communication Networks and Security Research Lab. University of the 7th November at Carthage, Tunisia

Formal Digital Investigation of Anti-forensic Attacks

One of the major interest perceived by research in digital forensic investigation is the development of theoretical and scientifically proven methods of incident analysis. However, two main problems, which remain unsolved by the literature, could lead the formal incident analysis to be inconclusive. The former is related to the absence of techniques to cope with anti-forensic attacks and reconstruction of scenarios when evidences are compromised by these attacks. The latter is related to lack of theoretical techniques, usable during the system preparation (a phase which precedes the occurrence of an incident) to assess whether the evidence to be generated would be sufficient to prove relevant events that occurred on the compromised system in the presence of anti-forensic attacks. The aim of this research is to develop a theoretical technique of digital investigation which copes with anti-forensic attacks. After developing a formal logic-based model which allows to describe complex investigated systems and generated evidences under different levels of abstractions, we extend the concept of Visibility to characterize situations where anti-forensic attacks would be provable and traces regarding actions hidden by these attacks would become identified. A methodology showing the use of Visibility properties during investigation of anti-forensic attacks is described, and a case study, which exemplifies the proposal, is provided.
As security attacks are continuously growing in sophistication, severity, and speed of compromise, research in information security has taken interest over the past few years to digital forensic investigation. The latter aims to conduct a post-incident analysis on compromised systems and make inquiries about past events. To do so, digital information stored, generated, processed, or transmitted by networking systems are used as a source of evidence. The evidences are therefore analyzed to reconstruct information about past events which happened during the incident. Many problems could lead a security incident to remain unsolved, allowing attackers to evade responsibility due to lack of evidences to convict them. A first predominant problem is related to anti-forensic attacks which may happen during the incident to alter traces regarding occurred events. Once an attacker has succeeded in compromising a system, it executes an anti-forensic attack to reduce the quantity and quality of evidential data available after the incident. To do so, it tries to alter the evidence already generated by the deployed security solutions in order to mislead investigation, evade detection, and prevent the accurate reconstruction of provable attack scenarios. Another important problem, which makes digital investigation inconclusive, is related to preparation. While security administrator are motivated by deploying a large set of security mechanisms which support evidence collection, they do not take into consideration the need for assessing and verifying (before the incident occurrence) whether the evidences to be generated would be sufficient to: a) prove relevant events that had occurred on the compromised system; b) detect and demonstrate the occurrence of anti-forensic attacks; and c) mitigate the effect of these attacks on compromised evidences. A major interest perceived by research in digital forensic investigation is the development of theoretical and scientifically proven methods which validate the correctness of the techniques used to process and analyze evidences, provide a formal meaning to event reconstruction, and prove the conclusive descriptions regarding the hackers activities. In this context, some important frameworks have been proposed to base the process of digital investigation on formal theory. They can be categorized, based on the formalism they use to reason about attack scenarios, into: expert systems based modeling , finite state Machine (FSM)-based modeling , colored petri nets-based modeling, model checking-based modeling, state-based logic-based modeling, and Incident Response Probabilistic Cognitive Maps based modeling . However, none of these methods is able to cope with the two problems described in the last paragraph, i.e., they do not allow to prove occurred events if the conducted scenarios included anti-forensic attacks, not they allow characterizing provable events to mitigate the effect of these attacks.

Important Note..!

If you are not satisfied with above reply ,..Please


So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page

Quick Reply
Type your reply to this message here.

Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  digital ic tester using microcontroller jaseelati 0 239 03-02-2015, 12:45 PM
Last Post: jaseelati
  analog digital hybrid modulation ppt presentation jaseelati 0 154 15-01-2015, 02:40 PM
Last Post: jaseelati
  digital multimeter block diagram explanation jaseelati 0 260 11-12-2014, 03:02 PM
Last Post: jaseelati
  Digital Watermarking computer science crazy 3 2,775 27-07-2014, 05:55 PM
Last Post: joyhancj
  Digital Hubbub computer science crazy 3 2,785 24-02-2014, 12:18 PM
Last Post: JamzRex
  Digital Media Processing Report seminar projects maker 0 528 28-09-2013, 02:30 PM
Last Post: seminar projects maker
  To verify the characteristics of Basic Digital Gates seminar projects maker 0 504 26-09-2013, 03:46 PM
Last Post: seminar projects maker
  DEFENDING WIRELESS NETWORKS FROM RADIO INTERFERENCE ATTACKS pdf seminar projects maker 0 432 25-09-2013, 02:12 PM
Last Post: seminar projects maker
  INVESTIGATION OF STEADY STATE OF TCSC FACTS CONTROLLER ppt seminar projects maker 0 495 24-09-2013, 03:57 PM
Last Post: seminar projects maker
  Implementing IIR Digital Filters pdf seminar projects maker 0 426 24-09-2013, 02:41 PM
Last Post: seminar projects maker