Metasploit Anti-Forensic Investigation Arsenal (MAFIA)

I came across a page on Metasploit's web site that I have not seen yet called the Metasploit Anti-Forensic Investigation Arsenal (MAFIA).  Check out the tools they have available (or will release soon):

Timestomp – First ever tool that allows
you to modify all four NTFS timestamp values: modified, accessed,
created, and entry modified.

Slacker – First ever tool that allows you to
hide files within the slack space of the NTFS file system.

Transmogrify – First ever tool to defeat EnCase's file signaturing
capabilities by allowing you to mask and unmask your files as any file
type. (Coming Soon)

Sam Juicer – A Meterpreter module that dumps the hashes from the SAM,
but does it without ever hitting disk. (Coming Soon)

They have also posted the slide deck from the 2005 BlackHat presentation called Catch Me If You Can.  I wonder what would happen if defense attorneys would to hear about this.


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s