Anti-Forensics » Software http://www.anti-forensics.com Rendering computer investigations irrelevant Thu, 15 Dec 2011 07:57:59 +0000 en hourly 1 http://wordpress.org/?v=3.3 EnCase v7 Training Videos http://www.anti-forensics.com/encase-v7-training-videos http://www.anti-forensics.com/encase-v7-training-videos#comments Mon, 01 Aug 2011 05:24:37 +0000 Max http://www.anti-forensics.com/?p=1356
  • Beat EnCase File Signature Analysis on a Windows System Use a hex editor to modify the file signature of...
    • ]]>     http://www.anti-forensics.com/encase-v7-training-videos/feed 2     Beat EnCase File Signature Analysis on a Windows System http://www.anti-forensics.com/beat-encase-file-signature-analysis-on-a-windows-system http://www.anti-forensics.com/beat-encase-file-signature-analysis-on-a-windows-system#comments Mon, 14 Sep 2009 07:28:24 +0000 Max http://www.anti-forensics.com/?p=564
  • Disable Thumbnail Caching and Wipe Thumbs.db files on a Windows XP System The thumbs.db file on a Windows XP system can be...
  • The Art of Defiling: Defeating Forensic Analysis on Unix Filesystems (Conference talk by The Grugq) The Grugq has contributed greatly to the anti-forensics community during...
  • The Rootkit Arsenal Escape and Evasion in the Dark Corners of the System by Bill Blunden The Rootkit Arsenal is primarily focused on rootkits, every aspect...
    • ]]>     http://www.anti-forensics.com/beat-encase-file-signature-analysis-on-a-windows-system/feed 9     Breaking Forensic Images Booted as a Virtual Machine http://www.anti-forensics.com/breaking-forensic-images-booted-as-a-virtual-machine http://www.anti-forensics.com/breaking-forensic-images-booted-as-a-virtual-machine#comments Sat, 07 Mar 2009 08:06:31 +0000 Max http://www.anti-forensics.com/?p=228
  • The Art of Defiling: Defeating Forensic Analysis on Unix Filesystems (Conference talk by The Grugq) The Grugq has contributed greatly to the anti-forensics community during...
    • ]]>     http://www.anti-forensics.com/breaking-forensic-images-booted-as-a-virtual-machine/feed 10     Modify NTFS Timestamps and Cover Your Tracks With Timestomp.exe http://www.anti-forensics.com/modify-ntfs-timestamps-and-cover-your-tracks-with-timestomp http://www.anti-forensics.com/modify-ntfs-timestamps-and-cover-your-tracks-with-timestomp#comments Thu, 05 Mar 2009 22:08:36 +0000 Max http://www.anti-forensics.com/?p=125
  • Modify TrueCrypt Encryption Boot Loader Strings In a previous post I mentioned that TrueCrypt leaves behind...
  • Beat EnCase File Signature Analysis on a Windows System Use a hex editor to modify the file signature of...
    • ]]>     http://www.anti-forensics.com/modify-ntfs-timestamps-and-cover-your-tracks-with-timestomp/feed 7