Use and detection of anti-forensics techniques
Využití a detekce antiforenzních technik
Authors
Supervisors
Reviewers
Editors
Other contributors
Journal Title
Journal ISSN
Volume Title
Publisher
České vysoké učení technické v Praze
Czech Technical University in Prague
Czech Technical University in Prague
Date of defense
2025-06-18
Abstract
Práce se zabývá úvodem do tématu digitální forenzní analýzy, zejména tech-
nikami, které mají za cíl jí co nejvíce ztížit, a tím, jak se proti nim bránit.
V úvodní části se nachází výčet možných antiforenzních technik spolu s je-
jich dopadem na forenzní analýzu a návrhem možností mitigace. V praktické
části se navazuje vyzkoušením technik USBkill a BUSkill, určených ke ztížení
akvizice dat a jejich vlivem na analýzu a systém, na kterém běží. Výsledek
by se dal interpretovat tak, že v případě správného použití jsou tyto techniky
velmi účinné, avšak správné nastavení mazání RAM je komplikované. A ani to
nezaručuje úplnou ochranu.
The thesis deals with an introduction to digital forensics analysis, but mainly with techniques, whose main goal is its hindering, and how to defend aga- inst them. The theoretical part contains an enumeration of some anti-forensics techniques, their impact on forensics analysis, and some recommendations on how to defend against them. The practical part continues with testing the USBkill and BUSkill tools, which are designated to hinder the acquisition pro- cess. And its impact on the analysis and systems that use them. The summary of the results can be interpreted as that, if set up properly these techniques are highly effective, but correct settings of RAM wiping are complicated and even then it doesnt guarantee full protection.
The thesis deals with an introduction to digital forensics analysis, but mainly with techniques, whose main goal is its hindering, and how to defend aga- inst them. The theoretical part contains an enumeration of some anti-forensics techniques, their impact on forensics analysis, and some recommendations on how to defend against them. The practical part continues with testing the USBkill and BUSkill tools, which are designated to hinder the acquisition pro- cess. And its impact on the analysis and systems that use them. The summary of the results can be interpreted as that, if set up properly these techniques are highly effective, but correct settings of RAM wiping are complicated and even then it doesnt guarantee full protection.
Description
Citation
Underlying research data set URL
Permanent link
Rights/License
Vysokoškolská závěrečná práce je dílo chráněné autorským zákonem. Je možné pořizovat z něj na své náklady a pro svoji osobní potřebu výpisy, opisy a rozmnoženiny. Jeho využití musí být v souladu s autorským zákonem v platném znění.
A university thesis is a work protected by the Copyright Act of the Czech Republic. Extracts, copies and transcripts of the thesis are allowed for personal use only and at one`s own expense. The use of thesis should be in compliance with the Copyright Act.
A university thesis is a work protected by the Copyright Act of the Czech Republic. Extracts, copies and transcripts of the thesis are allowed for personal use only and at one`s own expense. The use of thesis should be in compliance with the Copyright Act.