WiDeS: Wiping Detection using System-calls - An Anti-Forensic Resistant Approach

Anti-forensics attempts to prevent the forensic investigator from analyzing the evidence by tampering with it. Artifact wiping is one of the prominently used anti-forensic approaches. In artifact wiping, the adversaries use wiping tools to wipe the traces of their activity left behind as a part of t...

Full description

Saved in:
Bibliographic Details
Main Authors: Sanda, Pranitha, Pawar, Digambar, Vedala, Radha
Format: Conference Proceeding
Language:English
Subjects:
anti-forensics
digital forensics
Entropy
Forensics
Government
Measurement
Privacy
Reliability theory
Resistance
system calls
wiper attacks
wiping
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Anti-forensics attempts to prevent the forensic investigator from analyzing the evidence by tampering with it. Artifact wiping is one of the prominently used anti-forensic approaches. In artifact wiping, the adversaries use wiping tools to wipe the traces of their activity left behind as a part of their execution. Thereby leading to the investigation of incomplete and unreliable evidential artifacts. On the other hand, a wiper attack is one of the most destructive cyberattacks as it causes permanent damage to the data by overwriting the original content. It has serious consequences on national and international security. These attacks have targeted government organizations, financial institutions, and energy sectors in recent years, causing loss of sensitive data, significant downtime, financial losses, and reputation damage. In both scenarios, detecting wiping to mitigate its effect becomes crucial. In this paper, we detect wiper attacks using the Sequence of System-calls (SoS) and information theory metrics and analyze the behavior of the benign and wiping process. Finally, we demonstrate the application of the proposed model by simulating the wiping process on a system and detect wiping. The results show that the proposed model detects wiping accurately.
ISSN:2324-9013
DOI:10.1109/TrustCom60117.2023.00231