Abstract

Hiding and obfuscating their identities and digital evidence are now common activities for many malicious hackers. This coupled with anti-forensic and anonymizing techniques, such as encryption and proxy relays, have made the aims of the digital investigator more difficult to achieve. It is simple to make errors which cause vital evidence to remain undetected, or worse having found it go on to contaminate it through poor practice. This chapter suggests best practices to help obtain exhibits and uncover obfuscated evidence while maintaining its integrity for submission in court.