Anti-forensic digital investigation for unauthorized intrusion on a wireless network
In the last decade, the digital forensic methodologies and techniques have advanced rapidly. They have many variations such as computer forensics, network forensics and in this thesis project, wireless forensics. Similarly, computer criminals have become aware of current investigation procedures and, in turn, have developed their own techniques and tools in an attempt to manipulate and/or remove digital evidence. Such techniques are known as anti-forensics. In this project, the researcher was motivated by the potential difficulties facing investigators in the wireless environment when anti-forensics is deliberately used. Thus, the research is to set up a wireless intrusion investigation with anti-forensic elements inserted into the environment.
The main goal of this research is to create a solution to overcome the impact or thwarting created by anti-forensic techniques and tools during the wireless investigation processes. Therefore two problem areas are identified, the wireless forensic investigation and the wireless forensic investigation with anti-forensics. The relevant problems such as the acquiring of evidence from a wireless network, the detection and analysis of anti-forensic affects, and the impact of anti-forensics on investigation processes are addressed. Three phases of research testing were conducted. The research Phase One was to gather the testing data then to be used as a benchmark to evaluate the effects of applied anti-forensic tools on the investigation processes. The collected evidence included the captured wireless network traffic and the initial evidence image file. The second phase applied the anti-forensic tools on the host in order to cover the evidence trail. The investigation process was repeated until consistency. The outcomes were processed and presented in the findings table. The Phase Three was a review step. The findings from Phase One and Phase Two were analysed and compared. The anti-forensic effects on the host system were identified. Subsequently, the current data recovery technology used to restore or mitigate the damage caused by anti-forensic tools was tested. The findings from the third phase determined the anti-forensic effects on the investigation process of a wireless intrusion incident. In summary, the results of this research show that the applied anti-forensic tools caused irrecoverable damages for the Internet artefacts. The reconstruction of the wireless intrusion incident involving anti-forensic effects could be mostly accomplished by combining the information extracted from the captured wireless traffic and the evidence findings from the recovered evidence image file. The lack of intrusion activities on the host system could be explained by the applied anti-forensic tools themselves.