In a nutshell, anti-forensics in the realm of digital forensics or computer forensics involves the hiding, destroying, and disguising of data and meta-data. One major goal of anti-forensics is to make analysis and examination of digital evidence as difficult and as confusing as possible. Today, thwarting an investigation has never been easier. There are many public methods, software and scripts that the average computer user can use with ease.
Many anti-forensics tools and methods can be employed to protect privacy and the confidentiality of data as well. This is especially true with disk encryption as well as disk wiping software. Using software to securely delete or wipe data is a method used by criminals, businesses, government agencies and just regular individuals alike. Criminal use of wiping software may involve wiping file meta-data such as timestamps. This can throw off investigators and prevent any sort of legible time line creation. Others may use it to delete evidence completely such as incriminating photos or documents.
There are plenty of legitimate uses of anti-forensics software as well. Such as a government agency using disk wiping software to securely delete classified information to prevent it from falling into the wrong hands. Businesses may use it when upgrading their computer systems so that when old equipment is thrown out it will no longer contain company secrets.
The most used anti-forensics techniques are:
- Data Deletion and Evidence Wiping
- Data and Network Protocol Encryption
- Physical Destruction of Storage Media
- Anonymity
Recent Comments