Abstract
The role of a digital forensic professional is to collect and analyze digital evidence. However, anti-forensic techniques can reduce the availability or usefulness of the evidence. They threaten the digital forensic examination process and may compromise its conclusions. This chapter proposes the use of threat modeling to manage the risks associated with anti-forensic threats. Risk management is introduced in the early stages of the digital forensic process to assist a digital forensic professional in determining the resources to be invested in detecting and mitigating the risk. The proposed threat model complements the incident response and digital forensic processes by providing a means for assessing the impact and likelihood of anti-forensic threats, evaluating the cost of risk mitigation and selecting tools and techniques that can be used as countermeasures. This renders the digital forensic process more robust and less susceptible to the consequences of anti-forensic actions.
Chapter PDF
Similar content being viewed by others
References
Beebe, N., Clark, J.: A hierarchical, objectives-based framework for the digital investigation process. Digital Investigation 2(2), 147–167 (2005)
Burns, S.: Threat Modeling: A Process to Ensure Application Security, InfoSec Reading Room. SANS Institute, Bethesda (2005)
Casey, E. (ed.): Handbook of Digital Forensics and Investigation. Elsevier Academic Press, Burlington (2010)
Chandran, R., Yan, W.: A comprehensive survey of anti-forensics for network security. In: Thampi, S., Bhargava, B., Atrey, P. (eds.) Managing Trust in Cyberspace, pp. 419–447. CRC Press, Boca Raton (2013)
de Beer, R., Stander, A., Van Belle, J.: Anti-forensic tool use and their impact on digital forensic investigations: a South African perspective. In: Proceedings of the International Conference on Information Security and Digital Forensics, pp. 7–20 (2014)
Harris, R.: Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem. Digital Investigation 3(S), S44–S49 (2006)
Meier, J., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R., Murukan, A.: Improving Web Application Security: Threats and Countermeasures. Microsoft, Redmond (2003)
Myagmar, S., Lee, A., Yurcik, W.: Threat modeling as a basis for security requirements. In: Proceedings of the Symposium on Requirements Engineering for Information Security (2005)
Open Web Application Security Project, Application Threat Modeling, Columbia, Maryland (2015). www.owasp.org/index.php/Application_Threat_Modeling
Sachowski, J.: Implementing Digital Forensic Readiness: From Reactive to Proactive Process. Elsevier, Cambridge (2016)
Shostack, A.: Threat Modeling: Designing for Security. John Wiley and Sons, Indianapolis (2014)
Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems, Special Publication 800–30. National Institute of Standards and Technology, Gaithersburg (2002)
Vidalis, S., Jones, A.: Analyzing threat agents and their attributes. In: Proceedings of the Fourth European Conference on Information Warfare and Security, pp. 369–380 (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 IFIP International Federation for Information Processing
About this paper
Cite this paper
Hoelz, B., Maues, M. (2017). Anti-Forensic Threat Modeling. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XIII. DigitalForensics 2017. IFIP Advances in Information and Communication Technology, vol 511. Springer, Cham. https://doi.org/10.1007/978-3-319-67208-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-67208-3_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67207-6
Online ISBN: 978-3-319-67208-3
eBook Packages: Computer ScienceComputer Science (R0)