Anti-Forensics Software

Anti-forensics software and sourcecode

Breaking Forensic Images Booted as a Virtual Machine

By Max on March 7, 2009

I’ve dug around a bit and found some older examples of software that will detect whether or not the current system is being run in a virtual environment. The main purpose here is to trip up the examiners. Make them waste their time, their clients time and everyone elses. Make the costs of a computer forensics examination even more expensive.

Posted in Anti-Forensics Software | Tagged forensic image, liveview, source code, vb.net, virtual machine, vmware | 6 Responses

Modify NTFS Timestamps and Cover Your Tracks With Timestomp.exe

By Max on March 5, 2009

There have been a million articles written on using timestomp.exe. However, the goal of this article is to give some ideas on how to use timestomp and avoid leaving evidence behind that would point to its use.

Posted in Anti-Forensics Software, Hex Editing | Tagged compression, hex editor, packing, timestomp, timestomp.exe, upx, windows xp | 5 Responses

Modify TrueCrypt Encryption Boot Loader Strings (16)
- sub: If an expert hacker access my drive whether in person or over the net,...
How to Delete Google History – Clear Google Toolbar History (5)
- Sailesh Thaosen: I would like to ask you to deleat my all google history...
Full Disk Encryption With TrueCrypt on Windows XP (4)
- Jessica: TrueCrypt is especially nice being that it was redesigned and...
Leave No Artifacts Behind – Linux Live CDs (6)
- Olivia Graves: by the way, this Windows boot CD is easy to use and works
Saudi Arabia Bans BlackBerry’s (8)
- Alex Dimitrov: “HOL Y FUCK SHUT UP DON’T YOU BITCHES TALK ABOUT ANYTH...
- rabbit: I hate to ever defend Apple but I don’ t think the iPhone...
- HaPa: I would DIE without my blackberry . I’m an addict.
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System by Bill Blunden (3)
- Jeff: Thanks for the link and the book review. It looks very interestin g and...

Anti-Forensics Software

Breaking Forensic Images Booted as a Virtual Machine

Modify NTFS Timestamps and Cover Your Tracks With Timestomp.exe

Subscribe to Anti-Forensics

Links

Recent Comments

Tags

Archives

Writers

Site Pages

Site Links

Anti-Forensics