Anti-Forensics Detecting

Anti-Forensics Detecting Techniques and Practice -Cyber Security Project

Anti-Forensics Detection & Analysis Lab Purpose: Apply knowledge and skills learned about anti-forensics techniques. Practice detecting

Don't use plagiarized sources. Get Your Custom Essay on
Anti-Forensics Detecting
Just from $13/Page
Order Essay

and overcoming a wide variety of anti-forensic techniques.




  • Obtain the following 512MB USB image files from BlackBoard: o AntiForensics_A.001▪ MD5: 14EA9F129B75747D8319118B123847AE▪ SHA-1: 1B50931A0695D8E525D61C7DEBB4690B71B540EB o AntiForensics_B.001▪ MD5: C55F980DC4A7972A7113D86E55EFBC46▪ SHA-1: 70ADC62977210D70DFF399376DDF63643D92D969 o AntiForensics_C.001▪ MD5: 0C11D069D370851B3D92C884DA413746▪ SHA-1: 4892B9960547BAA5C37D36AC3E7E04A659C3489A o AntiForensics_D.001▪ MD5: 16AB542DF4D76EB2DB0242C1E9D46900▪ SHA-1: 2E7CEF5B9D4B2B2698964BD66CEDD76EF900C817
  • Find all the evidence you can.

o Evidence is anything containing the word ‘EVIDENCE’ or anything containing a picture of your suspect’s dog. Information about your suspect is listed below.

o There are approximately 13 instances of anti-forensics / data obfuscation techniques (depending on how you count an instance).

o You may need to apply skills and knowledge learned in Digital Forensic Analysis I.

  • Report
    o Standard forensic reporting – metadata, discussion of findings, etc.

o Include screenshots of your findings, including tool reports, if available (e.g. for John the Ripper password cracking report, and any other tools you use that has a report or log function).

o Include a brief overview of your analytical strategy, steps taken, tools used, etc. Organize this section of your report by anti-forensics technique.

Rules, Caveats, Hints, etc.:

  • What you initially know about your suspect: Her name is Lily Quinones. She is a Cyber Security major at the University of Texas at San Antonio (UTSA). She is currently a Senior in the College of Business. This is all you know at this point. Perhaps the files on the USB image contain more information…
  • Analyze the UserAssist Registry Key provided to discover traces of programs used by the suspect.
  • Do not use FTK (or any other similarly designed / featured “all-in-one” digital forensics tool) to complete the lab. Such tools tend to do a good job at automatically extracting

Leave a Reply