{"title":"Linux上的反取证交换文件","authors":"E. Jadied","doi":"10.1109/APMEDIACAST.2016.7878175","DOIUrl":null,"url":null,"abstract":"Swap file has potentially interesting and rich source of digital evidences. Password, cryptographic key, private data and sensitive data can be found in the swap file. With a simple technique such as string matching, digital evidences can be easily found and identified. There is minimal research on swap file anti-forensics. We found that most of swap file anti-forensics techniques are still vulnerable to live acquisition. So, we propose 2 swap file anti-forensic technique: inject live swap file and fake swap file. Inject live swap file is created by injecting(flooding) fake data to live swap file using a custom script. Fake swap is created by manipulate swap file header then filling swap file with fake artefacts of our choosing. We perform this technique before user begins his/her usual activities. We able to implement Inject live swap file technique but with disadvantage of private and sensitive data leak. Making fake swap file is relatively easy and without data leak. Although these two approaches do not solve the problem of live acquisition, it could confuse, mislead and wasting examiner's time.","PeriodicalId":177765,"journal":{"name":"2016 Asia Pacific Conference on Multimedia and Broadcasting (APMediaCast)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Swap files Anti-Forensics on Linux\",\"authors\":\"E. Jadied\",\"doi\":\"10.1109/APMEDIACAST.2016.7878175\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Swap file has potentially interesting and rich source of digital evidences. Password, cryptographic key, private data and sensitive data can be found in the swap file. With a simple technique such as string matching, digital evidences can be easily found and identified. There is minimal research on swap file anti-forensics. We found that most of swap file anti-forensics techniques are still vulnerable to live acquisition. So, we propose 2 swap file anti-forensic technique: inject live swap file and fake swap file. Inject live swap file is created by injecting(flooding) fake data to live swap file using a custom script. Fake swap is created by manipulate swap file header then filling swap file with fake artefacts of our choosing. We perform this technique before user begins his/her usual activities. We able to implement Inject live swap file technique but with disadvantage of private and sensitive data leak. Making fake swap file is relatively easy and without data leak. Although these two approaches do not solve the problem of live acquisition, it could confuse, mislead and wasting examiner's time.\",\"PeriodicalId\":177765,\"journal\":{\"name\":\"2016 Asia Pacific Conference on Multimedia and Broadcasting (APMediaCast)\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 Asia Pacific Conference on Multimedia and Broadcasting (APMediaCast)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/APMEDIACAST.2016.7878175\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 Asia Pacific Conference on Multimedia and Broadcasting (APMediaCast)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APMEDIACAST.2016.7878175","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Swap file has potentially interesting and rich source of digital evidences. Password, cryptographic key, private data and sensitive data can be found in the swap file. With a simple technique such as string matching, digital evidences can be easily found and identified. There is minimal research on swap file anti-forensics. We found that most of swap file anti-forensics techniques are still vulnerable to live acquisition. So, we propose 2 swap file anti-forensic technique: inject live swap file and fake swap file. Inject live swap file is created by injecting(flooding) fake data to live swap file using a custom script. Fake swap is created by manipulate swap file header then filling swap file with fake artefacts of our choosing. We perform this technique before user begins his/her usual activities. We able to implement Inject live swap file technique but with disadvantage of private and sensitive data leak. Making fake swap file is relatively easy and without data leak. Although these two approaches do not solve the problem of live acquisition, it could confuse, mislead and wasting examiner's time.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
