Windows 7 Antiforensics: A Review and a Novel Approach |
| |
| Authors: | Brett Eterovic‐Soric MS Kim‐Kwang Raymond Choo PhD Sameera Mubarak PhD Helen Ashman PhD |
| |
| Affiliation: | 1. School of Information Technology & Mathematical Sciences, University of South Australia, Adelaide, SA, Australia;2. Department of Information Systems and Cyber Security, The University of Texas at San Antonio, San Antonio, TX, USA |
| |
| Abstract: | In this paper, we review literature on antiforensics published between 2010 and 2016 and reveal the surprising lack of up‐to‐date research on this topic. This research aims to contribute to this knowledge gap by investigating different antiforensic techniques for devices running Windows 7, one of the most popular operating systems. An approach which allows for removal or obfuscation of most forensic evidence is then presented. Using the Trojan software DarkComet RAT as a case study, we demonstrate the utility of our approach and that a Trojan Horse infection may be a legitimate possibility, even if there is no evidence of an infection on a seized computer's hard drive. Up‐to‐date information regarding how forensic artifacts can be compromised will allow relevant stakeholders to make informed decisions when deciding the outcome of legal cases involving digital evidence. |
| |
| Keywords: | forensic science digital forensics Windows 7 antiforensics DarkComet RAT Trojan Horse Defence |
|
|
