Re: The Rise of Anti-Forensics

[coderman <coderman () gmail com>]

On 7/13/07, Rob, grandpa of Ryan, Trevor, Devon & Hannah
<rMslade () shaw ca> wrote:
> ...
> > This is antiforensics. It is more than technology. It is an approach to
> > criminal hacking that can be summed up like this: Make it hard for them to
> > find you and impossible for them to prove they found you.
>
> Sorry, can't get excited about it.  I've seen it: it's been around forever....
> So let the blackhats knock themselves
> out with antiforensics.  Makes the target bigger for us.

here's the crucial difference: forensics and expert testimony requires
evidence and trust.

when a virus/trojan invades, it is still an invader, detectable via
evolving means as you describe.

when anti-forensics replaces evidence with distraction and decoy, you
have almost no recourse to put back what has been reduced to entropy.
the foundation of trust   eroded leaves "e-crime forensics" in a fatal
cloud of doubt.  the sooner this is recognized the better.

i fear "forensics experts" giving flawed testimony under airs of
authority to a court/jury compelled to convict wrongly and without
merit in an attempt to stem the bleeding from anti-forensics via
denial.

"we'll deal with it now" one way or another.  hopefully good old
fashioned detective work, physical evidence, motive, opportunity and
age old criminal stupidity will continue to tip the scales toward
justice.  the "easy short cuts", like a profile and history assumed
from a disk verbatim are not necessary despite the allure; relegate
them to probable cause like other fallible sources, and focus on
investigative skill and reputable evidence.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.