Scribd Logo
Upload

Welcome to Scribd!

  • Anti Foresnic Notes

    Uploaded by

    Fa
    9 views1 page
    Anti-forensic techniques are methods used by attackers to hinder forensic investigations and protect themselves from legal prosecution. These techniques make it difficult for investigators to detect, collect, and analyze evidence from crime scenes. They work by deleting files, overwriting data, and reducing investigators' ability to access readable data. Attackers and deceitful employees may use these techniques to cover up illegal activities and destroy damaging data within an organization. Specific anti-forensics methods include completely deleting files and data from hard drives as well as overwriting data to mask the original contents, though experienced investigators can sometimes still recover deleted files using data recovery tools depending on the operating system.

    Original Description:

    Talk about Anti forensic techniques

    Original Title

    Anti Foresnic notes

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Anti-forensic techniques are methods used by attackers to hinder forensic investigations and protect themselves from legal prosecution. These techniques make it difficult for investigators to detect, collect, and analyze evidence from crime scenes. They work by deleting files, overwriting data, and reducing investigators' ability to access readable data. Attackers and deceitful employees may use these techniques to cover up illegal activities and destroy damaging data within an organization. Specific anti-forensics methods include completely deleting files and data from hard drives as well as overwriting data to mask the original contents, though experienced investigators can sometimes still recover deleted files using data recovery tools depending on the operating system.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views1 page

    Anti Foresnic Notes

    Uploaded by

    Fa
    Anti-forensic techniques are methods used by attackers to hinder forensic investigations and protect themselves from legal prosecution. These techniques make it difficult for investigators to detect, collect, and analyze evidence from crime scenes. They work by deleting files, overwriting data, and reducing investigators' ability to access readable data. Attackers and deceitful employees may use these techniques to cover up illegal activities and destroy damaging data within an organization. Specific anti-forensics methods include completely deleting files and data from hard drives as well as overwriting data to mask the original contents, though experienced investigators can sometimes still recover deleted files using data recovery tools depending on the operating system.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Anti-forensic techniques are the actions and methods that hinder the forensic investigation

    process in order to protect the attackers and perpetrators from prosecution in a court of law. These
    techniques act against the investigation process such as detection, collection, and analysis of evidence
    files and sidetrack the forensic investigators. These techniques impact the quality and quantity of the
    evidence of a crime scene, thereby making the analysis and investigation difficult. Anti-forensic
    techniques, which include deletion and overwriting processes, also help to ensure the confidentiality of
    data by reducing the ability to read it. Attackers use these techniques in order to defend themselves
    against revelation of their actions during criminal activities. Deceitful employees may use anti-forensic
    tools for the destruction of data, that may cause huge losses to the organization.

    Anti-Forensics Techniques: Data/File Deletion Intruders will be more concerned about covering the
    tracks of their illegal activities across a network or system and try to delete the data contained in the
    hard disk as part of their effort to avert detection. They also try to delete footprints of the files using
    specialized tools. The process includes elimination of source files, logs, traces of data from places on the
    hard drive, and entries on the hard disk drive (HDD), which include attributes, orphan files, and dynamic-
    link library DLL files. Intruders can also securely delete data or overwrite it to mask the original data.
    However, investigators can probably recover the deleted files by using various data recovery tools
    depending on the operating system (OS) the computer is running.

    What Happens When a File is Deleted in Windows?

    When a user deletes a file, the OS does not actually delete the file, but marks the file name in the
    Master File Table (MFT) with a special character. This character represents that the space once occupied
    by the file is ready for use. In the FAT file system, the OS replaces the first letter of a deleted file name
    with a hex byte code, E5h. E5h is a special tag that indicates the deleted file. The FAT file system marks
    the corresponding clusters of that file as unused, though it is not empty. The Windows New Technology
    File (NTFS) uses different approach and marks the index field in the MFT with a special code. The
    computer now looks at the clusters occupied by that file as being empty. Therefore, the space is
    available to store a new file. Users can recover the deleted file if the system has not overwritten the
    space.

    You might also like