Trail Obfuscation
The purpose of trail obfuscation is to confuse, disorientate and divert the forensic examination process. Trail obfuscation covers a variety of techniques and tools that include “log cleaners, spoofing, misinformation, backbone hopping, zombied accounts, trojan commands.”
One of the more widely known trail obfuscation tools is Timestomp (part of the Metasploit Framework). Timestomp gives the user the ability to modify file metadata pertaining to access, creation and modification times/dates. By using programs such as Timestomp, a user can render any number of files useless in a legal setting by directly calling in to question the files' credibility.
Another well known trail-obfuscation program is Transmogrify (also part of the Metasploit Framework). In most file types the header of the file contains identifying information. A (.jpg) would have header information that identifies it as a (.jpg), a (.doc) would have information that identifies it as (.doc) and so on. Transmogrify allows the user to change the header information of a file, so a (.jpg) header could be changed to a (.doc) header. If a forensic examination program or operating system were to conduct a search for images on a machine, it would simply see a (.doc) file and skip over it.
Read more about this topic: Anti-computer Forensics
Famous quotes containing the word trail:
“These, and such as these, must be our antiquities, for lack of human vestiges. The monuments of heroes and the temples of the gods which may once have stood on the banks of this river are now, at any rate, returned to dust and primitive soil. The murmur of unchronicled nations has died away along these shores, and once more Lowell and Manchester are on the trail of the Indian.”
—Henry David Thoreau (1817–1862)