Anti-Forensics

Computers have become an important part of our lives and as such are involved in almost everything we do from paying bills to booking vacations. However, computer systems have also become the mainstay of criminal activity.

Computer crimes have increased in frequency, and their degree of sophistication has also advanced. An example of such sophistication is the use of anti-forensics methods as in Zeus Botnet Crimeware toolkit that can sometimes counter-act digital forensic investigations through its obfuscation levels. Moreover, volatility and dynamicity of the information flow in such a toolkit require some type of a proactive investigation method or system. The term anti-forensics refers to methods that prevent forensic tools, investigations, and investigators from achieving their goals. Two examples of anti-forensics methods are data overwriting and data hiding. From a digital investigation perspective, anti-forensics can do the following:

• Prevent evidence collection.

• Increase the investigation time.

• Provide misleading evidence that can jeopardize the whole investigation.

• Prevent detection of digital crime.

To investigate crimes that rely on anti-forensics methods, more digital forensics investigation techniques and tools need to be developed, tested, and automated. Such techniques and tools are called proactive forensics processes. And when the individuals involved are brought before the courts, innocence or guilt is basically decided by testimonies and evidence. Of the two areas, evidence is probably the area most key. And when it comes to “evidence” it is the accuracy of that evidence which may be the difference in determining the outcome of the trail. Relying more and more on the evidence extracted from computer systems to bring about convictions has forged a new means of scientific investigation. The term used to coin this area of investigation is “computer forensics.” It is an area of science that has come under the scrutiny of law enforcement, federal, state, and local government officials. And the reason for the scrutiny revolves around the “cleanliness” of the data being presented.