Jump to content

Changing File Headers


antonymous
 Share

Recommended Posts

Since more and more DLP solutions are using file header information to perform analysis of data, I was wondering if there are any programs/scripts out there that can easily change file header info.

For example, there might be a security rule preventing a user from emailing Excel spreadsheets, but if you were to alter the file header to look like an mp3, then you could transmit. On the other end, the recipient would need to know what the original header is to reconstruct the file, replacing the mp3 header with the old one (which could be embedded/obfuscated in the file, I suppose).

Seems like there should be something out there, but my google-fu fails me. Any thoughts?

Link to comment
Share on other sites

I was just reading about this somewhere! I think it was on here: http://www.anti-forensics.com/ or IronGeek? . Anyways it was a nice walkthrough on using HxD to modify the headers.

I've spent the whole afternoon yesterday reading articles from that website. After I finished reading, I felt like doing a Computer Forensics course. As a matter of fact, I am considering in taking the course, who knows I might one day work for the police as forensics investigator.

Edited by Infiltrator
Link to comment
Share on other sites

Guest Deleted_Account

Well I found the tool I was thinking of it was Transmogrify by Metasploit Anti-Forensics project though it's not listed any more so I am not sure if it is available or what.

Link to comment
Share on other sites

I've spent the whole afternoon yesterday reading articles from that website. After I finished reading, I felt like doing a Computer Forensics course. As a matter of fact, I am considering in taking the course, who knows I might one day work for the police as forensics investigator.

I'm glad some of the articles have had influence on you. You can get jobs in private sector as well as work for local police departments, FBI, DOD, ICE, Customs, Homeland Security and so on. I would say aim for private sector employment but that's just because I'm biased against the feds.

I have usually seen private firms aim for honesty and integrity, where-as the feds want to convict, convict, convict, destroy evidence, plant evidence, violate civil liberties and so on. Life in private sector forensics where the opposition is usually federal government leaves you paranoid. They will tap lines, data connections, plant bugs and more and make life difficult if they feel threatened.

In the private sector I see jobs at large corporations that are more network incident response style down to where I work which is usually on the defense for child pornography and cybercriminals. So I've worked everything from cp distributors and production, bomb threats, spam, murder, "terrorists", copyright infringement, etc. and would have to say it pretty much fucks your mind up after a while.

If you want to take a job in the computer forensics field you need to prepare yourself for the changes. You can't look and communicate with people as you do now once you've been changed by the job. Usually it will take over a year of forensics work. You will get a bit paranoid, especially working for the defense, as you see all the gross violations of civil liberties and how at times, nothing can be done.

You will be hated and people will want to kill you and you will be loved and praised by others.

This is a good blog post about some of the changes.

http://johnjustinirvine.com/post/339744451

And below is the article you were talking about with hex editing (if it was on anti-forensics.com and not irongeek). I think I used XVI32 hex editor but usually use HxD. In the end I guess it doesn't matter.

http://www.anti-forensics.com/beat-encase-...-windows-system

Also, if anyone is really interested in anti-forensics and would like to share methods. You are encouraged to message me. I get a lot of people who want to but in the end bug out once they get their author account. I am now seeing network security related jobs asking for anti-forensics experience, right in the job description. Which I think is great and hey, what better way to promote yourself.

What was once a taboo subject that got you wiretapped and fired can now be a plus for job hunters!

Edited by Yar
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...