Anti-Forensics and the Digital Forensics Investigator

Gary C. Kessler

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Viewed generically, anti-forensics (AF) is that set of tactics and measures taken by someone who wants to thwart the digital investigation process. This paper describes some of the many AF tools and methods, under the broad classifications of data hiding, artefact wiping, trail obfuscation, and attacks on the forensics tools themselves. The concept of AF is neither new nor solely intended to be used by the criminal class; it also has legitimate use by those who wish to protect their privacy. This paper also introduces the concept of time-sensitive anti-forensics, noting that AF procedures might be employed for the sole purpose of delaying rather than totally preventing the discovery of digital information.
Original languageAmerican English
Title of host publicationProceedings of the 5th Australian Digital Forensics Conference
StatePublished - Dec 3 2007
Externally publishedYes

Keywords

  • Anti-forensics
  • data hiding
  • artifact wiping
  • trail obfuscation
  • privacy

Disciplines

  • Other Computer Engineering

Cite this