/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsLately, a new genre called anti-forensic tools has started gaining
popularity. While forensic tools are meant to trace out data from a stolen
machine, anti-forensic tools do the reverse. They ensure that forensic tools are
not able to find anything. Till now, they were exclusively in the domain of
experts or even hackers to hide their traces,because of their complex nature.
But now they've become so simple that anybody can use them to safeguard their
critical data. So if your laptop or hard drive gets stolen, then it will become
very difficult for anybody to take out data from it using forensic tools. We
said 'almost' because nothing's foolproof.
Let's have a look at three of such tools, all of which are freeware or open
source.
|
TrueCrypt
This is an open source encryption program, which supports 11 encryption
algorithms and is meant for recent versions of Windows and Linux. It creates an
on-the-fly encryption volume in which data is encrypted automatically when it is
stored and is likewise decrypted when accessed. The created volume is also
password protected.
When data is loaded from the TrueCrypt volume, it decrypts it only on RAM
i.e. no decrypted data is stored on the HDD. A user can copy and access any file
on the encrypted volume, without bothering about the encryption process.
Moreover, this tool lets you create a hidden partition within an existing
TrueCrypt encrypted partition and both these partitions are protected with
different passwords. The benefit of the hidden
partition shows up when you are forced to reveal the password of your TrueCrypt
volume. You can get away by giving password of only the encrypted volume and
still protect the information inside the hidden volume as it won't be mounted.
Download this tool from www.truecrypt. org and install it. For creating the
encryption volume select 'Create Volume' option from the main menu. This will
open up the 'TrueCrypt Volume Creation' wizard. In the first step, choose
'Create a hidden TrueCrypt volume,' then select 'Create a TrueCrypt volume and
then a hidden volume within it' option. To save this volume click on the 'Select
File' tab and browse a location to save it. For the outer volume define its
size, encryption and hash algorithms to be used and the password. After this the
outer volume is formatted and you can create a hidden volume. For this you need
to specify the encryption and hash algorithms for the inner volume and also
define its size as well as password. Remember that size of the hidden volume has
to be less than the size of the outer volume, as it is going to reside inside
the outer volume. Lastly the wizard will ask you to select the file system (i.e.
NTFS or FAT) that you want to use for creating the hidden volumes. It will
format the volume and your hidden volume is ready.
To mount the created volume, go to the main menu and under the 'Volume'
submenu, click on the 'Select file' tab, browse to the file that you used to
create your TrueCrypt volume and then click on the 'Mount' tab. Now, provide the
password for the hidden volume in the window that pops up and your hidden volume
will be mounted. Once the volume is mounted, you can access it just like any
other partition from 'My Computer' and simply dismount it through the
TrueCrypt's main console.
/pcq/media/post_attachments/f0ccfc1e51e16b186f16070caec790858599f4a1dff4b37a33a681702e012dc0.jpg) |
| A hidden and a normal prartition being mounted inside Truecry using Twofish and Serpent-AES algorithms |
BlindSide
This is a stegnographic as well as a cryptographic tool. Using stegnography,
a file can be hidden within another file of same or other format. This technique
is frequently used by digital image publishers for attaching a licensed file
with an image and is similarly used to add copyright information to the images
of a website. This tool lets you hide text files inside any provided .bmp file
and lets you encrypt the resultant file with a password. The changes made to the
resultant .bmp file are unnoticeable to the naked eye.
This is a command line tool that can be downloaded from the
www.shortenurl.com/9irgm. You can perform four basic operations with
it-calculate how much data can be stored within a .bmp image file, hide and
restore files from a .bmp image and list the files encrypted in a .bmp image.
Using it is a piece of cake. Just open the command prompt and go to the location
where you have extracted BlindSide files. Now, to check the capacity of a .bmp
image in which you want to hide the files run
BSIDE.exe —C
To hide a file, run the following command
“ BSIDE.exe -A
In the first argument provide name of the .bmp image in which you want to
hide a file and in the second argument provide the name and location of the file
you want to hide inside the image. Password argument is optional, define it, if
you want to encrypt your file with a password. To list files hidden in a .bmp
image run
BSIDE.exe —L
DBAN
DBAN (Darik's Boot and Nuke) is a tool for securely wiping contents of a
hard disk . It provides six methods for wiping that include Quick Erase, RCMP
TSSOT OPS-II, DOD Short, DoD 5220.22-M,Gutmann Wipe, PRNG Stream. Quick Erase
fills the hard drive with zeros, while Gutmann wipe performs 27 random passes
with a specific data pooled with eight passes of random data. DoD Short method
makes 1, 2 and 7 of seven passes recommended in DoD 5220.M standard.
DoD5220-22.M standard fills the Hard disk using random characters and data
streams. The 'PRNG stream' method fills the device with a stream from
pseudorandom number generator(PRNG).This utility comes embedded with two PRNG's
namely Mersenne Twister and ISAAC.
To wipe a Hard disk with DBAN, you need to boot the machine with DBAN media
that can be downloaded from www.dban.sourceforge.net. You can install a DBAN on
a floppy drive, USB drive, CD or a DVD drive. Once you have booted from DBAN
media, it will ask you to select the mode you want to run it in. To
automatically wipe off your HDD without any further prompting, type 'autonuke'
in the boot option and press 'Enter.' To start it in an interactive mode just
press 'Enter,' you would be asked to select the partition you want to wipe.
Press 'M' to
select a method from the list of six available methods for wiping and press 'Enter'.To
start wiping process of the drives press F10. Once DBAN has wiped all the
drives, it will ask you to insert a floppy disk on which it will save the log
files,and then you are done.
/pcq/media/post_attachments/285b98d729a4d5751ace9e506cf79c3f490a8b5e177a445a9105c43f4e42e057.jpg) |
| In DBAB you can choose amongst six wiping methodes for disk using the same method |