15. Fighting Antiforensics
One problem the archaeologist rarely deals with is having the civilization under study deliberately hiding evidence of their existence. That is something the digital investigator faces on a regular basis. People who operate computers with malicious intent frequently understand that their activities can be traced and will go to great lengths to cover their tracks. Common roadblocks to the investigator include secure deletion of data, hiding of data, and booby traps that destroy data or systems when certain events are triggered. If the intent of an action or procedure is to hamper the efforts of a computer investigation, it can be considered antiforensics. Kessler (2007) lists four categories of antiforensic behavior: ...
Get Digital Archaeology: The Art and Science of Digital Forensics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
