At the end of September at Virus Bulletin 2012 my colleague Eugene Rodionov and I presented the results of our research “Defeating anti-forensics in contemporary complex threats”, dealing with hidden file systems and modern complex threats. Hidden file systems are used by modern complex threats for evading detection by security and forensic software. We have already discussed forensic problems with hidden file systems more than once in our previous blog posts (Bootkit Threat Evolution in 2011) and in this research we have been concentrating on in-depth analysis of the most widely used anti-forensic technique – the implementation of hidden encrypted storage – as used by complex threats currently in-the-wild. Here is a self-explanatory diagram depicting the evolution over time of bootkit threats with hidden file systems:
[…]
