What is Anti-Forensics?
Techniques used to prevent, disrupt, or mislead digital forensic investigations by destroying evidence or making analysis difficult.
Anti-forensics aims to make digital evidence unrecoverable or unreliable.
Techniques
- Secure deletion: Overwriting files so they can't be recovered
- Encryption: Making data unreadable without the key
- Steganography: Hiding data within innocent-looking files
- Log manipulation: Altering or deleting system logs
- Timestomping: Changing file timestamps to mislead investigators
- Memory-only malware: Leaves no disk artifacts
Legitimate Uses
- Protecting trade secrets during device disposal
- Ensuring personal data is truly deleted
- Journalists protecting source identities
Tools
- BleachBit: Secure file deletion and system cleaning
- Tails: Leaves no trace on the host computer
- VeraCrypt: Encrypted containers with plausible deniability
Related Terms
Deniable Encryption
An encryption scheme where the existence of encrypted data cannot be proven, or where decryption can produce different plausible plaintexts.
Operational Security
The practice of protecting sensitive information by thinking like an adversary to identify vulnerabilities in your own behavior and communications. OPSEC goes beyond technical tools to address human factors that could expose you.
Tails OS
A portable operating system that routes all traffic through Tor and leaves no trace on the computer it runs on, designed for maximum anonymity.
Have more questions?
Use our guided flow to get the right next privacy step for Anti-Forensics.
Open Guided Flow