The goal of this research is to create a methodology that measures the robustness and effectiveness of forensic tools' ability to detect data hiding. First, an extensive search for any existing guidelines testing against data hiding was performed. After finding none, existing guidelines and frameworks in cybersecurity and cyber forensics were reviewed. Next, I created the methodology in this thesis. This methodology includes a set of steps that a user should take to evaluate a forensic tool. The methodology has been designed to be flexible and scalable so as new anti-forensic data hiding methods are discovered and developed, they can easily be added to the framework, and the evaluator using the framework can tailor it to the files they are most focused on. Once a polished draft of the entire methodology was completed, it was reviewed by information technology and security professionals and updated based on their feedback.Two popular forensic tools – Autopsy/Sleuthkit and X-Ways – were evaluated using the methodology developed. Evaluation revealed improvements in the methodology that were updated. I propose that the methodology can be an effective tool to provide insight and evaluate forensic tools.
College and Department
Ira A. Fulton College of Engineering and Technology; Technology
BYU ScholarsArchive Citation
Moses, Samuel Isaiah, "Measuring The Robustness of Forensic Tools' Ability to Detect Data Hiding Techniques" (2017). All Theses and Dissertations. 6464.
forensics, anti-forensics, methodology, security