Forensics Journal - Stevenson University 2011 | Page 50

STEVENSON UNIVERSITY access a corrupted NTFS based volume, an indicator of unauthorized activity on the host system. EnCase® is susceptible to crashing when it encounters these types of anomalies. Huebner, E., Bem, D., & Kai Wee, C. (2006, December). Data hiding in the NTFS file system. Digital Investigation, 3(4), 211-226. doi:10.1016/j. diin.2006.10.005 These vulnerabilities reinforce the challenges faced by forensic examiners. Although forensic examiners are able to discover cyber criminal activity, cyber criminals will continue to devise methods to thwart the detection of malicious or unauthorized activity on a target system. Newsham, T., Palmer, C., Stamos, A., & Burns, J. (2007, August 1). Breaking Forensics Software: Weaknesses in Critical Evidence Collection. In iSEC Partners.com. Retrieved January 29, 2010, from https://www. isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1. BH2007.pdf CONCLUSION Sartin, B. (2006, May). ANTI-Forensics – distorting the evidence. Computer Fraud & Security, (5), 4-6. doi:10.1016/S1361-3723(06)70354-2 In conclusion, the opposing doctrines of cyber security and cyber crime are constantly evolving. Emerging threats, technologies, and the development of more advanced intrusion techniques further exacerbate the challenge associated with the digital forensic premise and desired goals. Deploying an in-depth, layered approach through use of the proposed objectives based framework combined with robust forensic tool kits, and highly capable forensic experts will gain an advantage over the cyber criminal community and ultimately hamper malicious activities. Sheetz, M. (2003, December). Reading Between the Lines: A Guide to Steganography for Police Professionals. Law & Order Magazine, 46-51. Wang, H., & Wang, S. (2004, October). Cyber warfare: steganography vs. steganalysis. Communications of ACM, 47(10), 76-81. Wong, L. W. (n.d.). Forensic Analysis of the Windows Registry. In Forensic Focus. Retrieved January 30, 2010, from http://www.forensicfocus. com/forensic-analysis-windows-registry Zax, R., & Adelstein, F. (2009, September). FAUST: Forensic artifacts of uninstalled steganography tools. Digital Investigation, 6(1-2), 25-38. doi:10.1016/j.diin.2009.02.002 REFERENCES Beebe, N. L., & Clark, J. G. (2005). A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation. Retrieved from http://faculty.business.utsa.edu/nbeebe/pubs/DIP%20 Framework%20Journal%20Submission%20v4%20-%20FINAL%20 JDI%20author%20copy.pdf Cheddad, A., Condell, J., Curran, K., & McKevitt, P (2010). Digital . image steganography: Survey and analysis of current methods. Signal Processing, 90, 727–752. Retrieved from http://www.infm.ulst.ac.uk/~paul/ pubs/abbassp(survey)paper.pdf ABOUT THE AUTHOR Tobias Voegele began his network career in 2003 after training as a Network Operations Technician in the US Navy. After a promotion to First Class Petty Officer in 2007, Tobias Voegele took on the role as an Assistant Division Manager and managed a large scale development project comprised of developing virtual network testing infrastructures, network vulnerability assessments, and reverse engineering. Upon his departure from the US Navy in 2009, Tobias began, and is still currently working for Booz Allen Hamilton as a network intelligence analyst, intrusion analyst, and intrusion detection instructor. Dunbar, B. (2002, January 18). A Detailed look at Steganographic Techniques and their use in an Open-Systems Environment. In SANS™ Institute. Retrieved January 24, 2010, from http://www.sans.org/reading_room/whitepapers/covert/detailed-steganographic-techniques-opensystems-environment_677 Forte, D. (2008, June). Volatile data vs. data at rest: the requirements of digital forensics. Network Security, (6), 13-15. doi:10.1016/S13534858(08)70077-1 Frith, D. (2007, August). Steganography approaches, options, and implications. Network Security, (8), 4-7. doi:10.1016/S1353-4858(07)70071-5 48