Anti-Forensics is a community dedicated to the research and sharing of methods, tools, and information that can be used to frustrate computer forensic investigations and forensic examiners.
Subscribe via RSS or Feedburner RSS (tracked by Google) and stay up to date on the latest issues and news.
Hey guys, hope you are all doing well. I don't normally write a post such as this, but I want to cover a few important topics about personal "maintenance" of data you may store. This data includes email content and attachments, and especially if you are using a common webmail provider...
To be honest, if I was really worried, I'd wipe all hard drives and re-install because hey, I picked up the newest miley virus and heard that was the only way to get rid of it. I'd then proceed with my normal Internet activities and play the My Little Pony MMORPG. I'd then browse on over to Government Propaganda Online by You're a Slave Media Productions for all of the latest and greatest news and tips on how to turn your neighbor in at the Department of Homeland Security for being different than everyone else. more
Did you know that a real ninja was once employed by the Defense Computer Forensics Laboratory or DCFL for short? During Nick's employment at DCFL, he coded "dcfldd", an enhanced version of the "dd" program found in GNU Core Utilities (GNU coreutils). dcfldd is still used quite often when imaging digital evidence.Not only is it used by DCFL and other alphabet soup but by individuals working in the private sector. more
The Silk Road is an anonymous hidden service that you can access via the Tor network. It allows people to sell mind altering chemicals and plants in a more private and safe marketplace. In light of this coming legislation, you will likely not be targeted by computer forensics initially. This is because of the transaction and network technologies used to make the purchases. Now, this could be different if you use the same Bitcoin address publicly on your beanie-baby website that you do to receive heroin payments. more
Did you know that by putting your computer into "hibernation" mode you are essentially creating a snapshot of the contents of your computers RAM? Learn the risks of using Windows Hibernation mode and how to disable the hiberfil.sys on a Windows system. Learn this anti-forensics technique and more. more
Another presentation by The Grugq and his knowledge and contributions to the anti-forensics community during his computer forensic and anti-forensic research. The video below is a presentation The Grugq performed at Hack in the Box 2007 security conference. The Grugq covers anti-forensics techniques as well as the HASH or hacker...
The thumbs.db file on a Windows XP system can be a treasure chest of 96 x 96 pixel artifacts. By default, in the standard Windows XP home and professional editions, a thumbs.db file is created in folders viewed in the thumbnail view which contain jpegs, bitmaps, GIFs, PNGs and other files. more
This article covers the USBSTOR registry key and the setupapi.log file and methods to delete them. These two artifacts can contain data regarding USB devices that have been plugged into a system. There are other things you should be aware of as well which are covered in the article. Sometimes just deleting a registry key or file is not enough. more
It seems that there are still many people who do not understand what happens when a hard drive is wiped once with a single pass. There were many comments left about my last article on other websites where people were still spreading the myth that a single pass is insufficient. So I've created yet another article, this time with screenshots. more
Hey guys, hope you are all doing well. I don't normally write a post such as this, but I want...
Whisper Systems has released an update to WhisperCore and released their source code for WhisperYAFFS. more
OK, so he did it from McDonald's. The trail ends there right? It seems all fine and dandy, but he actually ate at McDonald's while he did this. He used his credit card to buy himself some chicken nurga's five minutes before the incident happened. more