Quote Originally Posted by JeffC View Post
?? How are you relating Anti-forensics to this post ?? I mean, I am interested, but that's not what my work is in.
I went and looked at your website based on your email. That led me to the articles you've written including anti-forensics.

Quote Originally Posted by SteveMetz View Post
OK, what the heck is "anti-forensics"? Is it the same as antidisestablishmentarianism?
There are actually several levels of forensic resistance. At a normal crime scene people clean up using bleach, but Luminol will still fluoresce even after they've cleaned. There are few agents that will clean blood up and not leave trace evidence. This is something called Locards rule which is that everybody leaves trace evidence of their passing.

With computers it is much the same thing. You download your porn, you watch it, and then you delete it. The files and images are still there even if you empty the "trash can". You run a low level wipe on the machine and it becomes more "resistant" but their are some who say you can still get data off the disks.

To tie this in to intelligence the "Al Queda Hard Drives" were forensically analyzed and provided a bunch of information about operations. Though much of the law enforcement effort and money is spent on tools to catch child pornographers there is a small subset looking at "traitor tracing". Usually traitor tracing is done through targeted disinformation or watermarking of media or documents. When you see it replicated you know the channel that was the source of the treason.

I refused to get a PhD in computer technology to spend my days looking through some freaks hard drive at child porn. So, I bent computer forensics to traitor tracing and started looking at methods to create mildly resistant techniques all the way to full blown you can't see or detect anything I've done with any tools currently available. This is so far beyond stegonography (hiding data inside pictures or other files) and email draft drops as to be amazing.

Using the tools and methods I devised a spy could use any computer system, work on the Internet, send messages and emails, and then leave the computer having provided zero evidence of their transgression. Their is no tool signature produced and no data left of the utilization in the computer or on the NETWORK either. So, I wrote the draft of the paper and the question what would happen if I published it in IEEE or ACM? How would it benefit the science? Who would use it? If it became wide spread it would have a direct and dynamic impact on intelligence gathering capability.

See forensics and intelligence are linked (almost).