Anti-forensics Under Scrutiny Assessing the Effectiveness of Digital Obfuscation in the Cloud

Anti-forensics Under Scrutiny Assessing the Effectiveness of Digital Obfuscation in the Cloud

연구 분야: Strategies

학회: 2024 12th International Symposium on Digital Forensics and Security (ISDFS)

Digital forensics investigations are complicated by anti-forensics techniques that seek to deny or disrupt investigators' ability to process and analyze evidence. Little extant research describes strategies to detect and defeat attempts to evade investigations of cloud resources. Thus, anti-forensics techniques pose a challenge to cloud investigations, which are already complicated by distributed computing systems that offer seemingly limitless ephemeral storage and few, if any, opportunities for physical access by investigators. To spur further research in this field, we offer a data set with virtual machine (VM) images that include anti-forensic techniques. We provisioned VMs using a popular cloud environment; populated them with user activity; and applied various techniques to destroy, disrupt, and obfuscate the activity patterns. We then obtained evidence in a common forensics format. To demonstrate the utility of our data set, we analyzed our images to determine what activity could be reconstructed in spite of anti-forensics efforts. Many anti-forensic techniques make data recovery either highly unlikely or impossible.