Anti-Forensics

Welcome to Anti-Forensics.com!

Anti-Forensics is a community dedicated to the research and sharing of methods, tools, and information that can be used to frustrate computer forensic investigations and forensic examiners.

Subscribe via RSS or Feedburner RSS (tracked by Google) and stay up to date on the latest issues and news.

Get Started

Follow Anti-Forensics on Twitter
Become an Anti-Forensics Author
Participate on the Anti-Forensics Forum
Browse all articles on the Anti-Forensics Blog

Browse Featured Articles

Just an Anti-Forensics.com Update
Hey guys, hope you are all doing well. I don't normally write a post such as this, but I want to cover a few important topics about personal "maintenance" of data you may store. This data includes email content and attachments, and especially if you are using a common webmail provider...
Hunting Anonymous Pt. 2
To be honest, if I was really worried, I'd wipe all hard drives and re-install because hey, I picked up the newest miley virus and heard that was the only way to get rid of it. I'd then proceed with my normal Internet activities and play the My Little Pony MMORPG. I'd then browse on over to Government Propaganda Online by You're a Slave Media Productions for all of the latest and greatest news and tips on how to turn your neighbor in at the Department of Homeland Security for being different than everyone else. more
Disk Wiping with dcfldd
Did you know that a real ninja was once employed by the Defense Computer Forensics Laboratory or DCFL for short? During Nick's employment at DCFL, he coded "dcfldd", an enhanced version of the "dd" program found in GNU Core Utilities (GNU coreutils). dcfldd is still used quite often when imaging digital evidence.Not only is it used by DCFL and other alphabet soup but by individuals working in the private sector. more
US Senators Target the Silk Road
The Silk Road is an anonymous hidden service that you can access via the Tor network. It allows people to sell mind altering chemicals and plants in a more private and safe marketplace. In light of this coming legislation, you will likely not be targeted by computer forensics initially. This is because of the transaction and network technologies used to make the purchases. Now, this could be different if you use the same Bitcoin address publicly on your beanie-baby website that you do to receive heroin payments. more
Windows Hibernation and hiberfil.sys
Did you know that by putting your computer into "hibernation" mode you are essentially creating a snapshot of the contents of your computers RAM? Learn the risks of using Windows Hibernation mode and how to disable the hiberfil.sys on a Windows system. Learn this anti-forensics technique and more. more
Meta Anti-Forensics (Conference talk by The Grugq)
Another presentation by The Grugq and his knowledge and contributions to the anti-forensics community during his computer forensic and anti-forensic research. The video below is a presentation The Grugq performed at Hack in the Box 2007 security conference. The Grugq covers anti-forensics techniques as well as the HASH or hacker...
Ubuntu Tutorials by KenTheFurry
Various Ubuntu tutorials on encryption by KenTheFurry. more
Disable Thumbnail Caching and Wipe Thumbs.db files on a Windows XP System
The thumbs.db file on a Windows XP system can be a treasure chest of 96 x 96 pixel artifacts. By default, in the standard Windows XP home and professional editions, a thumbs.db file is created in folders viewed in the thumbnail view which contain jpegs, bitmaps, GIFs, PNGs and other files. more
Delete USB Device History from the Windows Registry (USBSTOR key) and the setupapi.log
This article covers the USBSTOR registry key and the setupapi.log file and methods to delete them. These two artifacts can contain data regarding USB devices that have been plugged into a system. There are other things you should be aware of as well which are covered in the article. Sometimes just deleting a registry key or file is not enough. more
Disk Wiping – One Pass is Enough – Part 2 (this time with screenshots)
It seems that there are still many people who do not understand what happens when a hard drive is wiped once with a single pass. There were many comments left about my last article on other websites where people were still spreading the myth that a single pass is insufficient. So I've created yet another article, this time with screenshots. more

Just an Anti-Forensics.com Update

12/14/2011 | No Comments

Hey guys, hope you are all doing well. I don't normally write a post such as this, but I want...

WhisperCore Update and Release of WhisperYAFFS

04/05/2011 | No Comments

Whisper Systems has released an update to WhisperCore and released their source code for WhisperYAFFS. more

Latest Computer Forensics News

OK, so he did it from McDonald's. The trail ends there right? It seems all fine and dandy, but he actually ate at McDonald's while he did this. He used his credit card to buy himself some chicken nurga's five minutes before the incident happened. more

Welcome to Anti-Forensics.com!

Get Started

Browse Featured Articles

Just an Anti-Forensics.com Update

Hunting Anonymous Pt. 2

Disk Wiping with dcfldd

US Senators Target the Silk Road

Windows Hibernation and hiberfil.sys

Meta Anti-Forensics (Conference talk by The Grugq)

Ubuntu Tutorials by KenTheFurry

Disable Thumbnail Caching and Wipe Thumbs.db files on a Windows XP System

Delete USB Device History from the Windows Registry (USBSTOR key) and the setupapi.log

Disk Wiping – One Pass is Enough – Part 2 (this time with screenshots)

Latest Anti-Forensics News

Just an Anti-Forensics.com Update

WhisperCore Update and Release of WhisperYAFFS

Latest Computer Forensics News

Get Sloppy and Get Caught

Archives

Pages

Meta

Authors