Software Reverse Engineering Techniques for Evaluating Anti-Forensic Encryption Tools: A Framework Development and Analysis
Keywords:
Digital forensic, anti-forensic, encryption, software reverse engineering, VeraCryptAbstract
The digitalization of the world has led to increased cybercrimes, resulting in the growth of digital forensic tools. To counter, anti-forensic tools have also been developed to hinder their effectiveness and digital evidence recovery. Software reverse engineering is assumed to be a potential technique to be able to assess anti-forensic tools. Software reverse engineering is the process of analyzing a computer program or software application in order to understand its functionality, design, and behavior. This article explores software reverse engineering techniques to evaluate anti-forensic encryption tools, specifically focusing on the VeraCrypt. VeraCrypt is free, open-source disk encryption software that provides strong on-the-fly encryption for various storage devices. Moreover, a novel framework is proposed for assessing such tools, emphasizing practical applicability, data driven analysis, and comparative assessment. The proposed framework works in multiple phases to assess/examine the VeraCrypt and is able to take different decisions conditionally. Extensive experiments are performed to evaluate the proposed framework and the obtained results reinforce the proposal.
Downloads
References
M. K. Rogers and K. Seigfried, “The future of computer forensics: A needs analysis survey,” Comput. Secur., vol. 23, no. 1, pp. 12–16, 2004, doi: 10.1016/j.cose.2004.01.003.
M. A. Wani, A. AlZahrani, and W. A. Bhat, “File system anti-forensics – types, techniques and tools,” Comput. Fraud Secur., vol. 2020, no. 3, pp. 14–19, Mar. 2020, doi: 10.1016/S1361-3723(20)30030-0.
J. P. A. Yaacoub, H. N. Noura, O. Salman, and A. Chehab, “Advanced digital forensics and anti-digital forensics for IoT systems: Techniques, limitations and recommendations,” Internet of Things, vol. 19, p. 100544, Aug. 2022, doi: 10.1016/J.IOT.2022.100544.
N. Goel and D. Ganotra, “An approach for anti-forensic contrast enhancement detection using grey level co-occurrence matrix and Zernike moments,” Int. J. Inf. Technol., vol. 15, no. 3, pp. 1625–1636, 2023, doi: 10.1007/s41870-023-01191-0.
P. Nerurkar, M. Chandane, and S. Bhirud, “Understanding structure and behavior of systems: a network perspective,” Int. J. Inf. Technol., vol. 14, no. 2, pp. 1145–1159, 2019, doi: 10.1007/s41870-019-003542.
H. Majed, H. N. Noura, and A. Chehab, “Overview of digital forensics and anti-forensics Techniques,” in 8th International Symposium on Digital Forensics and Security, ISDFS 2020, 2020, no. June. doi: 10.1109/ISDFS49300.2020.9116399.
P. Minetola, L. Iuliano, and F. Calignano, “A customer-oriented methodology for reverse engineering software selection in the computer aided inspection scenario,” Comput. Ind., vol. 67, pp. 54–71, Feb. 2015, doi: 10.1016/J.COMPIND.2014.11.002.
M. Gül and E. Kugu, “A survey on anti-forensics techniques,” in IDAP 2017 - International Artificial Intelligence and Data Processing Symposium, 2017, no. September 2017. doi: 10.1109/IDAP.2017.8090341.
M. A. Qureshi and E. S. M. El-Alfy, “Bibliography of digital image anti-forensics and anti-antiforensics techniques,” IET Image Process., vol. 13, no. 11, pp. 1811–1823, 2019, doi: 10.1049/ietipr.2018.6587.
K. Conlan, I. Baggili, and F. Breitinger, “Anti-forensics: Furthering digital forensic science through a new extended, granular taxonomy,” Digit. Investig., vol. 18, pp. S66–S75, 2016, doi: 10.1016/j.diin.2016.04.006.
K. Saleh and A. Boujarwah, “Communications software reverse engineering: a semi-automatic approach,” Inf. Softw. Technol., vol. 38, no. 6, pp. 379–390, Jun. 1996, doi: 10.1016/09505849(95)01061-0.
W. A. Bhat, A. AlZahrani, and M. A. Wani, “Can computer forensic tools be trusted in digital investigations,” Sci. &Justice, vol. 61, no. 2, pp. 198–203, 2020, doi: 10.1016/j.scijus.2020.10.002.
G. C. Kessler, “Anti-forensics and the digital investigator,” in Proceedings of the 5th Australian Digital Forensics Conference, 2007, pp. 1–7.
“GitHub - veracrypt/VeraCrypt: Disk encryption with strong security based on TrueCrypt.” https://github.com/veracrypt/VeraCrypt (accessed Aug. 18, 2023).
“TrueCrypt.” https://truecrypt.sourceforge.net/ (accessed Aug. 18, 2023).
A. Tomlinson and R. Holloway, “Detecting the use of TrueCrypt Forensic investigations : Detecting evidence of the use of TrueCrypt,” R. Hollow. Inf. Secur. Thesis Ser. | Detect. use TrueCrypt Forensic, 2018.
A. R. Mothukur, A. Balla, D. H. Taylor, S. Teja Sirimalla, and K. Elleithy, “Investigation of countermeasures to anti-forensic methods,” in 2019 IEEE Long Island Systems, Applications and Technology Conference, LISAT 2019, 2019, pp. 1–6. doi: 10.1109/LISAT.2019.8816826.
A. K. Mandal, C. Parakash, and A. Tiwari, “Performance evaluation of cryptographic algorithms: DES and AES,” in 2012 IEEE Students’ Conference on Electrical, Electronics and Computer Science: Innovation for Humanity, SCEECS 2012, 2012. doi: 10.1109/SCEECS.2012.6184991.
M. Panda, “Performance Evaluation of Symmetric Encryption Algorithms for Information Security,” Int. J. Adv. Res. Trends Eng. Technol., vol. 4, no. 11, pp. 37–41, 2017.
K. Patel, “Performance analysis of AES, DES and Blowfish cryptographic algorithms on small and large data files,” Int. J. Inf. Technol., vol. 11, no. 4, pp. 813–819, 2019, doi: 10.1007/s41870-018-0271-4.
D. Gligoroski, “Cryptographic hash functions,” A Multidiscip. Introd. to Inf. Secur., no. May, pp. 49–72, 2011, doi: 10.1587/essfr.4.57.
H. Evkan et al., “Security evaluation of VeraCrypt,” 2018.
B. A. Ekanem and J. Meye, “Application of reverse engineering technique in software forensic analysis to detect infringements,” in World Congress on Engineering, 2021, pp. 191–194.
Ramandeep Singh, “A Review of Reverse Engineering Theories and Tools,” Int. J. Eng. Sci. Invent., vol. 2, no. 1, pp. 1–4, 2013.
H. A. Müller and H. M. Kienle, “A Small Primer on Software Reverse Engineering A Small Primer on Software Reverse Engineering,” Reverse Eng., no. March, 2009.
T. Göbel and H. Baier, “Anti-forensic capacity and detection rating of hidden data in the ext4 filesystem,” IFIP Adv. Inf. Commun. Technol., vol. 532, no. August 2018, pp. 87–110, 2018, doi: 10.1007/978-3-319-99277-8_6.
R. Stoykova, R. Nordvik, M. Ahmed, K. Franke, S. Axelsson, and F. Toolan, “Legal and technical questions of file system reverse engineering,” Comput. Law Secur. Rev., vol. 46, 2022, doi: 10.1016/j.clsr.2022.105725.
Adedayo M and Shoa Ying, “Privacy Impacts of Data Encryption on the Efficiency of Digital Forensics Technology,” Int. J. Adv. Comput. Sci. Appl., vol. 4, no. 5, pp. 36–40, 2013, doi:
14569/ijacsa.2013.040506.
M. Tajammul and R. Parveen, “Auto encryption algorithm for uploading data on cloud storage,” Int. J. Inf. Technol., vol. 12, no. 3, pp. 831–837, 2020, doi: 10.1007/s41870-020-00441-9.
A. Al-Dhaqm et al., “Digital forensics subdomains: the state of the art and future directions,” IEEE Access, vol. 9, pp. 152476–152502, 2021, doi: 10.1109/ACCESS.2021.3124262.
Dilbag Singh and Alit Singh “An Effective Technique for Data Security in Modern Cryptosystem,” Int. J. Inf. Technol., vol. 2, no. 1, pp. 189–194, 2010.
T. Sharma et al., “A Survey on Machine Learning Techniques for Source Code Analysis,” vol. 0, no. 0, 2021.
Christnatalis, A. M. Husein, M. Harahap, A. Dharma, and A. M. Simarmata, “Hybrid-AES-Blowfish algorithm: key exchange using neural network,” in International Conference of Computer Science and Information Technology, ICoSNIKOM 2019, 2019, pp. 4–7. doi: 10.1109/ICoSNIKOM48755.2019.9111500.
M. Ahmad, M. Z. Alam, Z. Umayya, S. Khan, and F. Ahmad, “An image encryption approach using particle swarm optimization and chaotic map,” Int. J. Inf. Technol., vol. 10, no. 3, pp. 247–255, 2018, doi: 10.1007/s41870-018-0099-y.
Kumar, S.K.Muttoo and Sushil, “Data Hiding in JPEG Images,” Int. J. Inf. Technol., vol. 1, no. 1, pp. 13–16, 2009.
H. A. MÜLLER, K. WONG, and S. R. TILLEY, “Understanding Software Systems Using Reverse Engineering Technology,” Object-Oriented Technol. Database Softw. Syst., pp. 240–252, 2000, doi:10.1142/9789812831163_0016.
D. Binkley, “Source code analysis: A road map,” FoSE 2007 Futur. Softw. Eng., pp. 104–119, 2007, doi: 10.1109/FOSE.2007.27.
P. Tonella, M. Torchiano, B. Du Bois, and T. Systä, “Empirical studies in reverse engineering: state of the art and future trends,” Empir. Softw. Eng., vol. 12, no. 5, pp. 551–571, 2007, doi: 10.1007/s10664007-9037-5.
E. J. Chikofsky and J. H. Cross, “Reverse engineering and design recovery: a taxonomy,” IEEE Softw., vol. 7, no. 1, pp. 13–17, 1990.
“Hex Rays - State-of-the-art binary code analysis solutions.” https://hex-rays.com/ida-pro/ (accessed Aug. 19, 2023).
Paul Garcia, Ian Martin, Laura López, Sigurðsson Ólafur, Matti Virtanen. Deep Learning Models for Intelligent Tutoring Systems. Kuwait Journal of Machine Learning, 2(1). Retrieved from http://kuwaitjournals.com/index.php/kjml/article/view/167
Khem, D. ., Panchal, S. ., & Bhatt, C. . (2023). An Overview of Context Capturing Techniques in NLP. International Journal on Recent and Innovation Trends in Computing and Communication, 11(4s), 193–198. https://doi.org/10.17762/ijritcc.v11i4s.6440
Sherje, N. P., Agrawal, S. A., Umbarkar, A. M., Dharme, A. M., & Dhabliya, D. (2021). Experimental evaluation of mechatronics based cushioning performance in hydraulic cylinder. Materials Today: Proceedings, doi:10.1016/j.matpr.2020.12.1021
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.