Anti-forensic tools

[irongeek at irongeek.com (Adrian Crenshaw)]

Thanks for the suggestions. Here are my comments so far:

1. The binders subject would be great for malware analysis, but I'm not so
sure for a general "cover your tracks" sort of class.

2. I've played with Alternate Data Streams before (
http://www.irongeek.com/i.php?page=security/altds), but it seems like it
only hides things from an investigator that does not know about them. There
are tools to find them, and won't they still show up if you do a data carve?

3. Anything out there better than CCleaner or CleanAfterMe?

Thanks.

Adrian




On Wed, Jul 1, 2009 at 8:13 AM, <d4ncingd4n at gmail.com> wrote:

> Alternate data streams on the filesystem and stego would be interesting
> from an antiforensics standpoint also.
> Sent from my Verizon Wireless BlackBerry
>
> -----Original Message-----
> From: iamnowonmai <iamnowonmai at gmail.com>
>
> Date: Wed, 1 Jul 2009 07:37:30
> To: PaulDotCom Security Weekly Mailing List<pauldotcom at mail.pauldotcom.com
> >
> Subject: Re: [Pauldotcom] Anti-forensic tools
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090701/dd85544b/attachment.htm