01 Jul 07 Antiforensics

Once again, the bad guys are lining their arsenals with new tools to use against you. Computer forensics is an emerging field of study and anti-forensics is certainly developing right alongside.Some say anti-forensics is developing faster. Why? Because what was once only possible for the elite has now washed downstream in the form of automated tools. More or less, anyone can throw trashcans in the path of forensic investigators now that the tools are there to make it all possible.

One of the most well known exploit toolkits on the net is the Metasploit project. Some of the MetaSploit tools you’ll find in use by the cybercriminal are Slacker, Transmogrify and Timestomp.

Slacker is named after the slack space at the end of files. This tool takes data and breaks it up into thousands of pieces and spreads it across file slack space. To the unassuming forensic investigator, this will appear as nothing more than white noise rather than a database containing millions of credit card numbers.

Transmogrify is most notorious for being the first tool to ever to defeat the file signature capabilities of Encase. The tool allows you to mask and unmask files as any type.

Timestomp simply changes attributes relating to file date stamps, which can disrupt the forensic timeline the investigator is attempting to establish.

more detail article here