Follow us on Twitter!
Things are more like they are now than they have ever been before. - Dwight D. Eisenhower
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 20
Guests Online: 19
Members Online: 1

Registered Members: 82889
Newest Member: Geriztul
Latest Articles

Anti-Forensics

Arrow Image This little guide will help you protect yourself from data recovery.



Computer Anti-forensics
By Bl4ckC4t

Disclaimer: I am not responsible for your stupidity, whether you damage your computer, or do something illegal and get caught. This is for educational purposes only.

In the field of Computer Forensics, the hacker's computer can be his own enemy. Someone can be as careful as they want, delete all logs and even put "impossible" passwords, but even this may not be enough to save you. Forensics goes into extensive detail, with some of the most elite tools. Even these tools can have faults, after all, its a program, right? In essence, it is not really very hard to foil the tools used to run a forensic analysis on your computer. It just takes a little bit of common sense.

Lets start by explaining forensics fromt he view of the forensics analysist. He is there to recover the data you deleted, also known as logs, cookies, hacking tools, anything that could be potential evidence. Note: Just emptying recycle bin does not remove it from the hard drive. The Forensicist is using a government issued restoration program, this program analyzes the electromagnetic waves stored on your hard drives' cylinders. Even if you break these up and possibly burn some of them, these magnetic waves are still there, only in more pieces. The data is still recoverable. We need to completely remove the data from our hard drive. "But how is that possible?" you ask. It is quite simple really. Just download "Eraser" from the link at the bottom of this article. Eraser is a very useful program, it securely deletes all data that has been deleted on your hard drive and has several different ways that it uses. My favorite methods are "US DoD 5220 22-M (8-306. /E, C and E) with 7 passes" and "Pseudorandom Data with 1 pass."

The United States Department of Defence uses some of the most advanced data deletion in the world. The standards that they use are far less likely to be recovered than any ordinary deletion. Eraser takes full advantage of this and makes sure your data is erased.

We know how to delete our data securely, but how do we know if its really unrecoverable? Thats where our next program comes in, it is called Restoration and it recovers deleted files. Restoration is a simple tool, not nearly as advanced as the government issued tools listed before. The government has many different tools attached with their restoration programs. Essentially, these tools are specialized in data recovery and analysis.

Restoration makes our job easier to know exactly what can be recovered, as well as its second function that allows you to clear the 'deleted' files from your hard drive. This makes for a second line of defense against data restoration. I added it as another tool at the bottom of this article.

Index.dat makes for a nasty problem. This evil file is VERY hard to delete, because 1) there are so many of them 2) they are system files, so you have to go into safe mode to delete them
I found a program that allows you to clean these evil files and clean your history. It is Called Privacy Mantra. A link is provided at the bottom for download. I recommend that whoever reads this run these whenever possible to get full effect.

Hope you enjoyed these useful tips to help prevent data recovery. All the tools listed are free AND legal to have, I highly doubt the new laws in Germany will consider these hacking tools.


Eraser: http://sourceforge.net/projects/eraser/
Restoration: http://www.snapfiles.com/get/restoration.html
Privacy Mantra: http://www.codeode.com/privacymantra/

Comments

DigitalFireon August 14 2007 - 03:36:11
very interesting, enjoyed it. glad this article is on the site hopefully people will read it. and more importantly use it.
jbjokeron August 14 2007 - 08:39:06
Great article, another thing though. I have some restoration progs and I figured out that if you overwrite the deleted data, it cannot be recovered. As an example, if you were to format your hard drive, and re-install your operating system to hide the files you have deleted, you must also flood your drive with pointless files that take up space. Hence the overwriting of the files you once had. Not good at explaining, but you get the point. Awesome article.
GreyFoxon August 14 2007 - 14:05:32
what about linux Q is it the same Q if so, is there similar tools for linux too Q :ninja:
koolkeith12345on August 14 2007 - 14:24:19
1) there are so many of them and 3) There are alot of them in the index.dat section :right: does that seem a bit weird to anyone elseQ
Phantomchaseron August 14 2007 - 17:16:38
Great article. Definitely worth the read.
jaggedlanceron August 14 2007 - 18:54:45
Great article, i'm deffinatly going to use and recomend this. Thanks Grin
mastergameron August 14 2007 - 20:24:03
moshbat: how are you gonna get your HDD out of your pc, and into the microwave before the police break the door down and bust your ass? Pfft
johnjuan728on August 14 2007 - 22:10:16
you leave the tower open for easy access ^_^ but yea.. a microwave can be your best friend in case of cops.. but it doesn't like your flash drives very much Wink
jaggedlanceron August 14 2007 - 22:45:48
On my laptop i have a little spring inside so i can just push the HDD and it pops out and i have a toaster in my room and a small gap between me and next doors house which isnt accessable so i can just push it, toast it, throw it Pfft
spywareon August 14 2007 - 23:14:41
Toasting it won't make it unrecoverable you !@#$. You need magnets or get the actual cd's from the HDD and destroy them completely. Maybe melt them?
johnjuan728on August 15 2007 - 04:09:54
Thermite FTW!!11oneone1!1!1!1!! :happy:
Uber0non August 15 2007 - 12:48:02
Very good article. I wrote one on almost the same subject a long while ago (http://www.hellbo. . .e-way.html)
Zer0Manon August 21 2007 - 15:53:41
Very informative article - Might be an idea to submit the Eraser, Restoration and Privacy Mantra links to the HBH links pages so they are available if this article can't be accessed. B)
necr0sixon August 23 2007 - 09:56:49
i had heard something about it never being possible to remove data COMPLETELY. this cleared it up for me. but otherwise, good article.
mighti-gon August 27 2007 - 02:22:14
Indeed a good article however the notion that many erasers eliminate data according to DoD Standards is implausible as more often than not it's just an advertising ploy - one of the most secure methods available today is the Gutmann method - passing over data 35 times to ensure as much security as your happy hacking needs, as only the most sophisticated apparatus (magnetic force microscope) could pick up the data - so if you get a eraser that offers the Gutmann method you might be sorted :ninja:
PureEvilon August 29 2007 - 01:55:17
Yeah, these tools and stuff are all great, but at the end of the day, if your being investigated enough for the government to take huge measures to recover your data, they will probably frame you if they cant. My plan if i need it isnt very good if i get a surpirise visit, but if i know its coming id get a new hard drive, the old one can then be thermited, dropped in the sea, whatever.
dex_poeton January 03 2008 - 10:10:20
Something that you didn't mention is that things like your printer or fax can keep logs. And I think this is how groups like the fbi get around the warrentless taps (everything they need is in your computer). The D-bags would probably spend a million dollars to say they caught a "hacker," but they don't have the tools to "recover" your files if your computer is at the bottom of a nice lake. Nice that you posted links to those tools.
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.