JeffBolden.net

The world of forensics has been getting more difficult over the past year or so. There has been a rash of new antiforensic tools that are so easy to use that my 9-year old could run them. And it’s getting worse. Scott Berinato has an excellent article on www.cio.com detailing how the ease of use and increased effectiveness of antiforensic tools is making forensic tools obsolete.

Five years ago, you could count on one hand the number of people who could do a lot of these things,” says one investigator. “Now it’s hobby level.

It’s gotten to the point that hackers are no longer worried about covering their tracks.

Researcher Bryan Sartin of Cybertrust says antiforensic tools have gotten so easy to use that recently he’s noticed the hacks themselves are barely disguised. “I can pick up a network diagram and see where the breach occurred in a second,” says Sartin. “That’s the boring part of my job now. They’ll use FTP and they don’t care if it logs the transfer, because they know I have no idea who they are or how they got there.” Veteran forensic investigator Paul Henry, who works for a vendor called Secure Computing, says, “We’ve got ourselves in a bit of a fix. From a purely forensic standpoint, it’s real ugly out there.” Vincent Liu, partner at Stach & Liu, has developed antiforensic tools. But he stopped because “the evidence exists that we can’t rely on forensic tools anymore. It was no longer necessary to drive the point home. There was no point rubbing salt in the wound,” he says.

As with all things security, it’s always easier for the blackhat to figure out how to get around one weakness then it is for the whitehat to figure out how to cover all the bases, and I don’t see that changing anytime soon.