The Grugq has contributed greatly to the anti-forensics community during the course of his computer forensic and anti-computer forensic research. The video below is a presentation The Grugq performed at the Hack in the Box 2004 security conference. Apparently, The Grugq has lost a job as a security consultant in the past because of his research and articles dealing with anti-forensics or more specifically, his criticism of some computer forensics software such as The Coroners Toolkit by Dan Farmer and Wietse Venema.
This must watch presentation on anti-forensics will familiarize you on Unix file system structure, common forensic tools (at least in 2004) and some theories behind file system anti-forensic attacks.
The Art of Defiling Presentation – PDF
Related posts:
- Meta Anti-Forensics (Conference talk by The Grugq) Another presentation by The Grugq and his knowledge and contributions...
- Breaking Forensic Images Booted as a Virtual Machine I've dug around a bit and found some older examples...
- Beat EnCase File Signature Analysis on a Windows System Use a hex editor to modify the file signature of...