Despite the release of numerous tools intended to make things easier for forensic investigators, there’s also development on the other side of the law. I’ve personally given multiple presentations on the topic of anti-forensics at various conferences and have also attended my fair share as well. No matter where you go, it always seems to be a very polarized discussion.

You have the folks on one side of the room that go to the presentations seemingly just to heckle the speakers. They claim that anti-forensics doesn’t exist, and that it’s a myth propagated by the companies that do investigations. Let’s just say for argument’s sake they’re right. Can anybody out there prove that it’s not happening?

Now let’s look at it from the other side. Do we have cases where we have confirmed that anti-forensics was in use? Yes – and we’re not talking about a meager amount either. Based on just our metrics, we see anti-forensics is involved in more than a third of our caseload. And considering that, by its very nature, it’s designed to never be found, we can reasonably assume that the actual presence of anti-forensics is probably much higher.

On what side of the room are you? Any experiences you wish to share regarding AF?

Tags: Anti-Forensics, Computer Crime, Cybercrime, Data Breach Report, Data Breaches, Data Compromise, forensics, Information Security

This entry was posted on Sunday, May 31st, 2009 at 9:00 pm and is filed under 2009 Data Breach Report. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.