Anti-forensic techniques

From Forensics Wiki
Revision as of 08:16, 25 March 2006 by Uwe Hermann (Talk | contribs)

Jump to: navigation, search

Anti-forensic techniques are engaging in behavior designed to frustrate computer forensic techniques. This can include refusing to run when debugging mode is enabled, refusing to run when running inside of a virtual machine, or deliberately overwriting data. Although some anti-forensic tools have legitimate purposes, such as overwriting sensitive data that shouldn't fall into the wrong hands, like any tool they can be abused.

Contents

Secure Data Deletion

Securely deleting data, so that it cannot be restored with forensic methods.

Hiding Data

Hiding data where a forensic investigator would not usually look, e.g. using Steganography or other means.

Encrypted Data

Encrypting data, in order to prevent access to it.

Preventing Data Creation

Precent the creation of certain data in the first place. Data which was never there, obviously cannot be investigated with forensic methods.


See also