±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 36561
New Yesterday: 0 Visitors: 202

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Rise Of AntiForensics Tools - Article & Member Feedback

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2 

Have you encountered the use AntiForensics Tools in investigations?



Total Votes: 6



Re: Rise Of AntiForensics Tools - Article & Member Feedback

Post Posted: Jul 24, 07 03:42

- Dawson
I've run into it only a handful of times over the past several years. Most cases the system wipe programs don't catch everything so you may not have it all but you have enough. I only had one case where the hard drive was completely wiped. In that case I was able to send it the a lab in Dallas where they took it apart, realigned the heads, and presto, most of the data was restored. In short, these wipe programs may make things a little more difficult but they don't stop us completely. I'm more concerned about encryption advances than these data eliminator ones.



Can you please share the name of the lab in Dallas that you sent the hard drive to?

Thank you.  


Re: Rise Of AntiForensics Tools - Article & Member Feedback

Post Posted: Jul 24, 07 13:12

I don't know whether it's bad luck on my part, but recently I've been running into a fair few cases of suspects having used/installed wiping utilities and/or encryption utilities on their machines.

Thankfully, not every suspect who has these programs manages to use them efficiently, so I often find interesting nuggets of information to get an idea of what these programs were used for. It's also handy when they use some of the freeware wiping utilities that leave log files by default Wink

I haven't, to the best of my knowledge, encountered Timestomp in a case, but I do try to keep an eye out for any anti-forensics related evidence during a case (registry entries, cached web pages/searches etc).  

Senior Member

Re: Rise Of AntiForensics Tools - Article & Member Feedback

Post Posted: Jul 24, 07 17:25

many thanks for your comments & insight, much appreciated. Harlan thanks for your detailed answers. Was trying to gauge if what I am seeing here in my region tallies up with what other are seeing too, and how accurately the CSO article represents what's happening worldwide.

Thanks & Regards,
#include <std.disclaimer.H> 

Page 2 of 2
Page Previous  1, 2