Anti-Forensics Software

Anti-forensics software and sourcecode

Breaking Forensic Images Booted as a Virtual Machine

By Max on March 7, 2009

I’ve dug around a bit and found some older examples of software that will detect whether or not the current system is being run in a virtual environment. The main purpose here is to trip up the examiners. Make them waste their time, their clients time and everyone elses. Make the costs of a computer forensics examination even more expensive.

Posted in Anti-Forensics Software | Tagged forensic image, liveview, source code, vb.net, virtual machine, vmware | 5 Responses

Modify NTFS Timestamps and Cover Your Tracks With Timestomp.exe

By Max on March 5, 2009

There have been a million articles written on using timestomp.exe. However, the goal of this article is to give some ideas on how to use timestomp and avoid leaving evidence behind that would point to its use.

Posted in Anti-Forensics Software, Hex Editing | Tagged compression, hex editor, packing, timestomp, timestomp.exe, upx, windows xp | 4 Responses

Anti-Forensics Software

Breaking Forensic Images Booted as a Virtual Machine

Modify NTFS Timestamps and Cover Your Tracks With Timestomp.exe

Links

Related Websites

Categories

Tags

Archives

Recent Comments

Writers

Site Pages

Site Links

Anti-Forensics