A survey on anti-forensics techniques

Gül M., Kuğu E.

2017 International Artificial Intelligence and Data Processing Symposium, IDAP 2017, Malatya, Turkey, 16 - 17 September 2017 identifier

  • Publication Type: Conference Paper / Full Text
  • Doi Number: 10.1109/idap.2017.8090341
  • City: Malatya
  • Country: Turkey
  • Keywords: Anti anti-forensics, Anti forensics, Counter forensics, Digital forensics
  • TED University Affiliated: No


© 2017 IEEE.Digital forensics methodologies and tools have become a crucial part for investigation of cybercrimes and collecting digital evidences in a case. Digital forensics experts usually follow a common workflow and use known methodologies and tools while investigating a case. Attackers and cybercriminals also know which methodologies are used in an investigation and how digital forensics tools work. As a consequence, they started to find and implement a new methodology which is called anti-forensics for deceiving investigator or having a case lasts longer than expected. Anti-forensics has been acknowledged as a legitimate field of study recently, therefore it can be considered as an emerging area of interest and there is a lack of knowledge about anti-forensics techniques. This paper aims to make mention of the anti-forensics techniques such as Data Pooling; Non-Standart RAID'ed Disks; Manipulating File Signatures; Restricted Filenames; Manipulating MACE (file Modified, Accessed, Created and Entry) Times; Loop References; Hash Collisions; Dummy HDDs and proposals for mitigating these techniques.