CHAPTER 5: ANTI-FORENSICS AND ENCRYPTION
As computer forensics becomes better understood, a variety of tools and techniques have been developed to hide evidence, remove artefacts or restrict forensic analysis. Tools, for instance, include the ability to forensically delete Internet histories so that organisations are not able to establish misuse, and the ability to modify timestamps so that establishing a chronology of an incident is impossible. This chapter will introduce the topic of anti-forensics and encryption, and explain to what extent it can hinder a forensic investigation.
The use of cryptography to secure the data is increasing and introduces a significant barrier for the forensic examiner. The nature of the encryption can vary from ...
Get Computer Forensics: A Pocket Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
