Trail Obfuscation
The purpose of trail obfuscation is to confuse, disorientate and divert the forensic examination process. Trail obfuscation covers a variety of techniques and tools that include “log cleaners, spoofing, misinformation, backbone hopping, zombied accounts, trojan commands.”
One of the more widely known trail obfuscation tools is Timestomp (part of the Metasploit Framework). Timestomp gives the user the ability to modify file metadata pertaining to access, creation and modification times/dates. By using programs such as Timestomp, a user can render any number of files useless in a legal setting by directly calling in to question the files' credibility.
Another well known trail-obfuscation program is Transmogrify (also part of the Metasploit Framework). In most file types the header of the file contains identifying information. A (.jpg) would have header information that identifies it as a (.jpg), a (.doc) would have information that identifies it as (.doc) and so on. Transmogrify allows the user to change the header information of a file, so a (.jpg) header could be changed to a (.doc) header. If a forensic examination program or operating system were to conduct a search for images on a machine, it would simply see a (.doc) file and skip over it.
Read more about this topic: Anti-computer Forensics
Famous quotes containing the word trail:
“And Change with hurried hand has swept these scenes:
The woods have fallen, across the meadow-lot
The hunter’s trail and trap-path is forgot,
And fire has drunk the swamps of evergreens;
Yet for a moment let my fancy plant
These autumn hills again: the wild dove’s haunt,
The wild deer’s walk: in golden umbrage shut,”
—Frederick Goddard Tuckerman (1821–1873)