I've designed a software app that's not yet at the Proof-of-Concept stage, however sufficient research has been done to interest a Prime DOD contractor. It's making the rounds internally with them. So far, so good. The app has commercial applications for certain agencies within the IC, and for Law Enforcement. What I'm looking for is to collect some opinions on whether or not this app offers something of value to your present or former employer. I have a white paper that will walk you through it but for reasons that will become readily apparent when you read it, I'm not able to discuss the details in a public forum, hence my request to SWJ Editors to create a private forum for this purpose.

So if you're presently or formerly employed by an Intelligence or Law Enforcement agency, or if you're working as a contractor at one of those agencies, and you'd like to participate, please PM me for contact information.

You never said you were interested in anti-forensics....

You never said you were interested in anti-forensics....

?? How are you relating Anti-forensics to this post ?? I mean, I am interested, but that's not what my work is in.

You never said you were interested in anti-forensics....

OK, what the heck is "anti-forensics"? Is it the same as antidisestablishmentarianism?

OK, what the heck is "anti-forensics"? Is it the same as antidisestablishmentarianism?

I hope not, 'cause I don't know what the latter is!

Part of the Law Enforcement toolkit in identifying bad guys in cyberspace is the application of computer forensics. Anti-forensics are countermeasures that can be taken to make the work of computer forensic investigators more difficult, or impossible.

?? How are you relating Anti-forensics to this post ?? I mean, I am interested, but that's not what my work is in.

I went and looked at your website based on your email. That led me to the articles you've written including anti-forensics.


OK, what the heck is "anti-forensics"? Is it the same as antidisestablishmentarianism?

There are actually several levels of forensic resistance. At a normal crime scene people clean up using bleach, but Luminol will still fluoresce even after they've cleaned. There are few agents that will clean blood up and not leave trace evidence. This is something called Locards rule which is that everybody leaves trace evidence of their passing.

With computers it is much the same thing. You download your porn, you watch it, and then you delete it. The files and images are still there even if you empty the "trash can". You run a low level wipe on the machine and it becomes more "resistant" but their are some who say you can still get data off the disks.

To tie this in to intelligence the "Al Queda Hard Drives (http://www.npr.org/templates/story/story.php?storyId=3816314)" were forensically analyzed and provided a bunch of information about operations. Though much of the law enforcement effort and money is spent on tools to catch child pornographers there is a small subset looking at "traitor tracing". Usually traitor tracing is done through targeted disinformation or watermarking of media or documents. When you see it replicated you know the channel that was the source of the treason.

I refused to get a PhD in computer technology to spend my days looking through some freaks hard drive at child porn. So, I bent computer forensics to traitor tracing and started looking at methods to create mildly resistant techniques all the way to full blown you can't see or detect anything I've done with any tools currently available. This is so far beyond stegonography (hiding data inside pictures or other files) and email draft drops as to be amazing.

Using the tools and methods I devised a spy could use any computer system, work on the Internet, send messages and emails, and then leave the computer having provided zero evidence of their transgression. Their is no tool signature produced and no data left of the utilization in the computer or on the NETWORK either. So, I wrote the draft of the paper and the question what would happen if I published it in IEEE or ACM? How would it benefit the science? Who would use it? If it became wide spread it would have a direct and dynamic impact on intelligence gathering capability.

See forensics and intelligence are linked (almost).

[QUOTE=selil;33242]I went and looked at your website based on your email. That led me to the articles you've written including anti-forensics. ['QUOTE]

Ah, mystery solved. :-)

PM sent. Now ijust need to fid out what antidisestablishmentarianism means.

PM sent. Now ijust need to fid out what antidisestablishmentarianism means.

http://en.wikipedia.org/wiki/Antidisestablishmentarianism

Thanks. You learn something new everyday, skip a day and it all piles up on you.