The Art of Defiling: Defeating Forensic Analysis on Unix File Systems

No ratings

Presented at BlackHatAsia 2003 by

The rise in prominence of incident response and digital forensic analysis has prompted a reaction from the underground community. Increasingly, attacks against forensic tools and methodologies are being used in the wild to hamper investigations. This talk will: familiarize the audience with Unix file system structures; examine the forensic tools commonly used, and explore the theories behind file system anti-forensic attacks. In addition, several implementations of new anti-forensic techniques will be released during the talk. Anti-forensics has cost the speaker one job. This material has never been presented in the North American continent because anti-forensics scares the feds. Find out why. The grugq has been researching anti-forensics for almost 5 years. Grugq has worked to secure the networks and hosts of global corporations, and hes also worked for security consultanting companies. His work as a security consultant was cut short by the publication of an article on anti-forensics. Currently, he slaves for a start-up, designing and writing IPS software.