13
Jul
2009
Anti-Computer Forensics
By IPSECS Admin. Posted in Exploitation, Forensics | No Comments »DEFINITION
Anti-forensics has only recently been recognized as a legitimate field of study. Within this field of study, numerous definitions of anti-forensics abound. One of the more widely known and accepted definitions comes from Dr. Marc Rogers of Purdue University. Dr. Rogers uses a more traditional “crime scene†approach when defining anti-forensics. “Attempts to negatively affect the existence, amount and/or quality of evidence from a crime scene, or make the analysis and examination of evidence difficult or impossible to conductâ€.
A more abbreviated definition is given by Scott Berinato in his article entitled, The Rise of Anti-Forensics. “Anti-forensics is more than technology. It is an approach to criminal hacking that can be summed up like this: Make it hard for them to find you and impossible for them to prove they found you.†Interestingly, neither author takes into account using anti-forensics methods to ensure the privacy of one’s personal data.
Sub-Categories Read more »
Anti-forensics methods are often broken down into several sub-categories to make classification of the various tools and techniques simpler. One of the more widely accepted subcategory breakdowns was developed by Dr. Marcus Rogers. He has proposed the following sub-categories, data hiding, artifact wiping, trail obfuscation and attacks against the CF (computer forensics) process/tools.