Forensic Trails Obfuscation and Preservation via Hard Drive Firmware
Name:
Forensic Trails Obfuscation and ...
Size:
389.2Kb
Format:
PDF
Request:
Conference proceeding
Affiliation
University of Chester; University of SalfordPublication Date
2022-06-08
Metadata
Show full item recordAbstract
The hard disk drive stores data the user is creating, modifying, and deleting while a firmware facilitates communication between the drive and the operating system. The firmware tells the device and machine how to communicate with each other and will share useful information such as, disk size and information on any bad sectors. Current research shows that exploits exist that can manipulate these outputs. As an attacker, you can change the size of the disk displayed to the operating system to hide data in, likewise by marking an area of the disk as bad. Users may not be aware of these changes as the operating system will accept the readings from the firmware. However, although the data is not reachable via the operating system this paper looks at the traceability of manipulated data using data recovery software FTK Imager, Recuva, EaseUS and FEX Imager. This report examines the use of malicious techniques to thwart digital forensic procedures by manipulating the firmware. It is shown how this is possible and current forensic techniques or software does not easily detect a change within the firmware. However, with the use of various forensic tools, obfuscated trails are detectable. This report follows a black box testing methodology to show the validation of forensic tools or software against anti-forensic techniques. The analysis of the results showed that most tools can find the firmware changes, however, it requires an analyst to spot the subtle differences between standard and manipulated devices. The use of multiple software tools can help an analyst spot the inconsistencies.Citation
Underhill, P., Oyinloye, T., Speakman, L., & Eze, T. (2022). Forensic trails obfuscation and preservation via hard drive firmware. In T. Eze, N. Khan, & C. Onwubiko (Eds.), The 21st European Conference on Cyber Warfare and Security: 16th-17th June 2022, University of Chester, England (pp. 419-428). Academic Conferences InternationalPublisher
Academic Conferences InternationalAdditional Links
https://papers.academic-conferences.org/index.php/eccwshttps://www.academic-conferences.org/conferences/eccws/
Type
Conference ContributionISBN
9781914587412Collections
The following license files are associated with this item:
- Creative Commons
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivatives 4.0 International