The Art of Defiling: Defeating Forensic Analysis on Unix Filesystems (Conference talk by The Grugq)

January 25, 2010 |  by  |  Linux  | 

The Grugq has contributed greatly to the anti-forensics community during the course of his computer forensic and anti-computer forensic research. The video below is a presentation The Grugq performed at the Hack in the Box 2004 security conference. Apparently, The Grugq has lost a job as a security consultant in the past because of his research and articles dealing with anti-forensics or more specifically, his criticism of some computer forensics software such as The Coroners Toolkit by Dan Farmer and Wietse Venema.

This must watch presentation on anti-forensics will familiarize you on Unix file system structure, common forensic tools (at least in 2004) and some theories behind file system anti-forensic attacks.

The Art of Defiling Presentation – PDF

Related posts:

  1. Meta Anti-Forensics (Conference talk by The Grugq) Another presentation by The Grugq and his knowledge and contributions...
  2. Breaking Forensic Images Booted as a Virtual Machine I've dug around a bit and found some older examples...
  3. Beat EnCase File Signature Analysis on a Windows System Use a hex editor to modify the file signature of...

Leave a Reply

Comment moderation is enabled, no need to resubmit any comments posted.

Related Posts
Meta Anti-Forensics (Conference talk by The Grugq)

Meta Anti-Forensics (Conference talk by The Grugq)

01/26/2010  |  3 Comments

Another presentation by The Grugq and his knowledge and contributions to the anti-forensics community during his computer forensic and anti-forensic...