Forensics Journal - Stevenson University 2011 | Page 50
STEVENSON UNIVERSITY
access a corrupted NTFS based volume, an indicator of unauthorized
activity on the host system. EnCase® is susceptible to crashing when it
encounters these types of anomalies.
Huebner, E., Bem, D., & Kai Wee, C. (2006, December). Data hiding in
the NTFS file system. Digital Investigation, 3(4), 211-226. doi:10.1016/j.
diin.2006.10.005
These vulnerabilities reinforce the challenges faced by forensic examiners.
Although forensic examiners are able to discover cyber criminal activity,
cyber criminals will continue to devise methods to thwart the detection
of malicious or unauthorized activity on a target system.
Newsham, T., Palmer, C., Stamos, A., & Burns, J. (2007, August 1).
Breaking Forensics Software: Weaknesses in Critical Evidence Collection.
In iSEC Partners.com. Retrieved January 29, 2010, from https://www.
isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.
BH2007.pdf
CONCLUSION
Sartin, B. (2006, May). ANTI-Forensics – distorting the evidence. Computer Fraud & Security, (5), 4-6. doi:10.1016/S1361-3723(06)70354-2
In conclusion, the opposing doctrines of cyber security and cyber crime
are constantly evolving. Emerging threats, technologies, and the development of more advanced intrusion techniques further exacerbate the
challenge associated with the digital forensic premise and desired goals.
Deploying an in-depth, layered approach through use of the proposed
objectives based framework combined with robust forensic tool kits,
and highly capable forensic experts will gain an advantage over the cyber
criminal community and ultimately hamper malicious activities.
Sheetz, M. (2003, December). Reading Between the Lines: A Guide to
Steganography for Police Professionals. Law & Order Magazine, 46-51.
Wang, H., & Wang, S. (2004, October). Cyber warfare: steganography
vs. steganalysis. Communications of ACM, 47(10), 76-81.
Wong, L. W. (n.d.). Forensic Analysis of the Windows Registry. In Forensic Focus. Retrieved January 30, 2010, from http://www.forensicfocus.
com/forensic-analysis-windows-registry
Zax, R., & Adelstein, F. (2009, September). FAUST: Forensic artifacts
of uninstalled steganography tools. Digital Investigation, 6(1-2), 25-38.
doi:10.1016/j.diin.2009.02.002
REFERENCES
Beebe, N. L., & Clark, J. G. (2005). A hierarchical, objectives-based
framework for the digital investigations process. Digital Investigation.
Retrieved from http://faculty.business.utsa.edu/nbeebe/pubs/DIP%20
Framework%20Journal%20Submission%20v4%20-%20FINAL%20
JDI%20author%20copy.pdf
Cheddad, A., Condell, J., Curran, K., & McKevitt, P (2010). Digital
.
image steganography: Survey and analysis of current methods. Signal Processing, 90, 727–752. Retrieved from http://www.infm.ulst.ac.uk/~paul/
pubs/abbassp(survey)paper.pdf
ABOUT THE AUTHOR
Tobias Voegele began his network career in
2003 after training as a Network Operations
Technician in the US Navy. After a promotion
to First Class Petty Officer in 2007, Tobias
Voegele took on the role as an Assistant
Division Manager and managed a large scale
development project comprised of developing virtual network
testing infrastructures, network vulnerability assessments, and
reverse engineering. Upon his departure from the US Navy in
2009, Tobias began, and is still currently working for Booz Allen
Hamilton as a network intelligence analyst, intrusion analyst,
and intrusion detection instructor.
Dunbar, B. (2002, January 18). A Detailed look at Steganographic
Techniques and their use in an Open-Systems Environment. In SANS™
Institute. Retrieved January 24, 2010, from http://www.sans.org/reading_room/whitepapers/covert/detailed-steganographic-techniques-opensystems-environment_677
Forte, D. (2008, June). Volatile data vs. data at rest: the requirements
of digital forensics. Network Security, (6), 13-15. doi:10.1016/S13534858(08)70077-1
Frith, D. (2007, August). Steganography approaches, options, and implications. Network Security, (8), 4-7. doi:10.1016/S1353-4858(07)70071-5
48