A New Anti-Forensic Tool Based on a Simple Data Encryption Scheme

In this paper, we discuss a simple encryption scheme in which a secret file is encrypted twice: one by a common encryption algorithm like AES and another by XOR. Despite the first key is revealed by guessing or dictionary-based attack, the attacker can not reconstruct the original secret until knows the files used to derive the second key block according to our scheme. We also give an explanation about the tool in which the proposed scheme is implemented. It consists of 1 main module and 5 sub-modules: main routine, command parser, file 10, buffer manager, cipher, and time handler. The design goals of the tool include encrypting a file with or without the second encryption and modifying times tamp values such as MAC time information. In addition, the second key can be derived from 3 files at most which are selected and specified as input arguments by a user.