15. Fighting Antiforensics

One problem the archaeologist rarely deals with is having the civilization under study deliberately hiding evidence of their existence. That is something the digital investigator faces on a regular basis. People who operate computers with malicious intent frequently understand that their activities can be traced and will go to great lengths to cover their tracks. Common roadblocks to the investigator include secure deletion of data, hiding of data, and booby traps that destroy data or systems when certain events are triggered. If the intent of an action or procedure is to hamper the efforts of a computer investigation, it can be considered antiforensics. Kessler (2007) lists four categories of antiforensic behavior: ...

Get Digital Archaeology: The Art and Science of Digital Forensics now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.