Anti-Forensics

Tags

security

Tools and techniques designed to [see page 8, disrupt] a digital-forensic investigations.

The goals here are to:

• Hide data from an investigator
• Disrupt information collection
• Increase the time required to carry out analysis
• Introduce doubt to the investigation findings
• Subvert the tools used during the investigations
• Leave no evidence of anti-forensics techniques

For example planting data into a file such that when it's loaded into an analysis tool it crashes the tool.

[see page 9, Approaches]

• Data Hiding
• Data Destruction
• Reducing the Footprint

Countermeasures

Ways to avoid or bypass anti-forensics processes [see page 29, include]:

• Secure software development to prevent tools being vulnerable to attacks
• Save log files to prevent contamination and deletion
• Use key loggers to overcome encryption practices (requires a warrant)