Anti-computer Forensics - Trail Obfuscation

Trail Obfuscation

The purpose of trail obfuscation is to confuse, disorientate and divert the forensic examination process. Trail obfuscation covers a variety of techniques and tools that include “log cleaners, spoofing, misinformation, backbone hopping, zombied accounts, trojan commands.”

One of the more widely known trail obfuscation tools is Timestomp (part of the Metasploit Framework). Timestomp gives the user the ability to modify file metadata pertaining to access, creation and modification times/dates. By using programs such as Timestomp, a user can render any number of files useless in a legal setting by directly calling in to question the files' credibility.

Another well known trail-obfuscation program is Transmogrify (also part of the Metasploit Framework). In most file types the header of the file contains identifying information. A (.jpg) would have header information that identifies it as a (.jpg), a (.doc) would have information that identifies it as (.doc) and so on. Transmogrify allows the user to change the header information of a file, so a (.jpg) header could be changed to a (.doc) header. If a forensic examination program or operating system were to conduct a search for images on a machine, it would simply see a (.doc) file and skip over it.

Read more about this topic:  Anti-computer Forensics

Famous quotes containing the word trail:

    In one notable instance, where the United States Army and a hundred years of persuasion failed, a highway has succeeded. The Seminole Indians surrendered to the Tamiami Trail. From the Everglades the remnants of this race emerged, soon after the trail was built, to set up their palm-thatched villages along the road and to hoist tribal flags as a lure to passing motorists.
    —For the State of Florida, U.S. public relief program (1935-1943)