Explore the vast range of titles available.

The main purpose of anti-forensic computer techniques, in the broadest sense, is to hinder the investigation of a computer attack by eliminating traces and preventing the collection of data contained in a computer system. Nowadays, cyber-attacks are becoming more and more frequent and sophisticated, so it is necessary to understand the techniques used by hackers to be able to carry out a correct forensic analysis leading to the identification of the perpetrators. Despite its importance, this is a poorly represented area in the scientific literature. The disparity of the existing works, together with the small number of articles, makes it challenging to find one’s way around the vast world of computer forensics. This article presents a comprehensive review of the existing scientific literature on anti-forensic techniques, mainly DFIR (digital forensics incident response), organizing the studies according to their subject matter and orientation. It also presents key ideas that contribute to the understanding of this field of forensic science and details the shortcomings identified after reviewing the state of the art.

Cloud computing is becoming a prominent service model of computing platforms offering resources to all categories of users on-demand. On the other side, cloud environment is vulnerable to many criminal activities too. Investigating the cloud crimes is the need of the hour. Anti-forensic attack in cloud is an attack which specifically aims to scuttle the cloud forensic process. Though many researchers proposed various cloud forensic approaches, detecting cloud anti-forensic attack still remains a challenge as it hinders every step of forensic process. In this paper, we propose a three stage system for the detection of cloud anti-forensic attack with a well defined sequence of tasks in which the process of identifying the suspicious packets plays the major part. Every packet affected with any kind of cloud attack is labeled as suspicious packet and such packets are marked to traceback anti-forensic attack. The main focus of this paper is to deploy such a mechanism to identify the suspicious packets in cloud environment. To categorize the type of attack that affected the packet, both signature analysis and anomaly detection at cloud layers are applied in our proposed approach. The proposed anomaly detection approach is tested on NSL-KDD dataset. The experimental results show that the accuracy of the proposed approach is high compared to the existing approaches.

The origin information of an image is important in image forensic area. One of the most effective methods to link an image to its source camera is the sensor-based camera source identification (CSI). However, recent studies show that the signature that CSI based on can be easily removed or substituted, which questioned the credibility of the CSI results. To rebuild the credibility of the CSI method, in this paper, we introduce a simple yet effective countermeasure against potential attacks based on noise level estimation. Experimental results show the ability of the proposed method to capture the traces left by anti-forensic methods. Take into account the low complexity, the proposed method is very suitable to be a patch on the traditional CSI method.

Digital videos are one of the most widespread forms of multimedia in day to day life. These are widely transferred over social networking websites such as Facebook, Instagram, WhatsApp, YouTube, etc. through the Internet. Availability of modern and easy to use editing tools have facilitated the modification of the contents of the digital videos. Therefore, it has become an essential concern for the legitimacy, trustworthiness, and authenticity of these digital videos. Digital video forgery detection aims to identify the manipulations in the video and to check its authenticity. These techniques can be divided into active and passive techniques. In this paper, a comprehensive survey on video forgery detection using passive techniques have been presented. The primary goal of this survey is to study and analyze the existing passive video forgery detection techniques. Firstly, the preliminary information required for understanding video forgery detection is presented. Later, a brief survey of existing passive video forgery detection techniques based on the features, forgery identified, datasets used, and performance parameters detail along with their limitations are reviewed. Then, anti-forensics strategy and deepfake detection in the video are discussed. After that, standard benchmark video forgery datasets and the generalized architecture for passive video forgery detection techniques are discussed. Finally, few open challenges in the field of passive video forgery detection are also described.

Thousands of videos are posted on websites and social media every day, including Twitter, Facebook, WhatsApp, Instagram, and YouTube. Newspapers, law enforcement publications, criminal investigations, surveillance systems, Banking, the museum, the military, imaging in medicine, insurance claims, and consumer photography are just a few examples of places where important visual data may be obtained. Thus, the emergence of powerful processing tools that can be easily made available online poses a huge threat to the authenticity of videos. Therefore, it’s vital to distinguish between true and fake data. Digital video forgery detection techniques are used to validate and check the realness of digital video content. Deep learning algorithms lately sparked a lot of interest in the field of digital forensics, such as Recurrent Neural Networks (RNN), Deep Convolutional Neural Networks (DCNN), and Adaptive Neural Networks (ANN). In this paper, we give a soft taxonomy as well as a thorough overview of recent research on multimedia falsification detection systems. First, the basic knowledge needed to comprehend video forgery is provided. Then, a summary of active and passive video manipulation detection approaches is provided. Anti-forensics, compression video methods, datasets required for video forensics, and challenges of video detection approaches are also addressed. Following that, we presented an overview of deepfake, and the datasets required for detection were also provided. Also, helpful software packages and forensics tools for video detection are covered. In addition, this paper provides an overview of video analysis tools that are used in video forensic applications. Finally, we highlight research difficulties as well as interesting research avenues. In short, this survey provides detailed information and a broader investigation to extract data and detect fraud video contents under one umbrella.

Image forensics is essential for detecting image manipulation, authenticating images, and identifying sources of images. A forensic analyst can make use of various artifacts to develop a powerful forensic technique. These artifacts include JPEG blocking and quantization artifacts, streaking artifacts and contrast enhancement artifacts, etc. With the introduction of anti-forensics, it has become difficult for forensic experts to identify forged images. There are various anti-forensic methods available that try to eradicate these detection footprints/artifacts to fool the existing forensic detectors. Thus the detection of anti-forensic attacks is very crucial and plays a vital role in forensic analysis. This paper presents a review of various types of anti-forensic attacks, such as JPEG anti-forensics, Contrast enhancement anti-forensics, and Median filtering anti-forensics. Firstly a brief introduction is given about image forgery, JPEG compression, contrast enhancement, and median filtering. Then, anti-forensics is described in detail, and finally, the recent state-of-the-art anti-forensic techniques are summarized in tabular form for better understanding. This may be helpful for the forensic analyst to develop robust methods for forgery detection that can be applied in various applications such as the identification of cybercrimes, identity thefts, etc.

Despite recent remarkable advances in binary code analysis, malware developers still use complex anti-reversing techniques that make analysis difficult. Packers are used to protect malware, which are (commercial) tools that contain diverse anti-reversing techniques, including code encryption, anti-debugging, and code virtualization. In this study, we present UnSafengine64: a Safengine unpacker for 64-bit Windows. UnSafengine64 can correctly unpack packed executables using Safengine, which is considered one of the most complex commercial packers in Windows environments; to the best of our knowledge, there have been no published analysis results. UnSafengine64 was developed as a plug-in for Pin, which is one of the most widely used dynamic analysis tools for Microsoft Windows. In addition, we utilized Detect It Easy (DIE), IDA Pro, x64Dbg, and x64Unpack as auxiliary tools for deep analysis. Using UnSafengine64, we can analyze obfuscated calls for major application programming interface (API) functions or conduct fine-grained analyses at the instruction level. Furthermore, UnSafengine64 detects anti-debugging code chunks, captures a memory dump of the target process, and unpacks packed files. To verify the effectiveness of our scheme, experiments were conducted using Safengine 2.4.0. The experimental results show that UnSafengine64 correctly executes packed executable files and successfully produces an unpacked version. Based on this, we provided detailed analysis results for the obfuscated executable file generated using Safengine 2.4.0.

Histogram based forensic techniques to detect contrast enhancement, after an initial success, became unreliable due to the development of targeted anti-forensic attacks. These attacks eliminate statistical footprints left by enhancement on the histogram, making the image modifications undetectable. Further, these techniques in-spite of being successful in making histograms of the enhanced image appear more natural, they themselves introduce anomalies in the spatial domain. This paper presents a novel algorithm that, for the first time, exploits the statistical anomalies through the Laplace modeling of the derivative histogram to detect the anti-forensic contrast enhancement. Experimental results demonstrate that the proposed algorithm is effective in detecting contrast enhancements executed both by regular as well as anti-forensics techniques.

Fake-quality audio detection is an important branch in the field of digital audio forensics. Resampling and recompression are the two typical operations to achieve fake audio quality, in which an audio with low sampling/bit rate can be converted to one with higher sampling/bit rate pretending to be in high quality. Stereo-faking is another fake-quality operation, with which a mono audio can be converted into a stereo one. To detect the stereo-faking, a few forensic methods have been proposed. Little consideration, however, has been given to the security of these methods themselves. To expose the weakness of these stereo-faking detectors, an anti-forensic framework based on generative adversarial network is proposed. The fake stereo audio is created by generating a new channel audio based on a mono audio. Skip connection is adopted to ensure the quality of the generated audio. Considering that stereo application scenarios are mostly music and film recording, a large number of music and film recordings are downloaded from the Internet as our datasets. Use these datasets to train our model. The anti-forensic samples generated by the model are used to attack the most effective fake stereo audio detectors. Experimental results show that the generated fake stereo audio of music can significantly reduce its detection accuracy from about 99–30%, and the false acceptance rate can increase from 0.08% to about 69%. The fake stereo audio generated from the film recording can significantly reduce its detection accuracy from about 99–1.7%, and the false acceptance rate can increase from 0.02% to about 98%.

Android devices is emerging as a significant force for multimedia big data, which hold an enormous amount of information about the users. The security and privacy concerns have arisen as a salient area of inquiry since malicious attackers can use memory dump to extract privacy or sensitive data from these devices. This paper presents a code protection approach for Android devices which protects certain processes from memory acquisition by process memory relocation. The protected processes are relocated to the special memory area where the kernel is loaded, and thus these processes will be covered when android reboots and attackers can not recognize which protected programs have been performed on the devices. The experiment results show that the proposed approach disables forensics tools like FROST to obtain these processes and has little impact on the normal operation of the protected program. Compared with the similar methods, the proposed method can protect greater data quantity but it occupies no additional storage resources.