Webinar: Countering Anti-Forensic Efforts

Anti-forensics is a set of precautionary measures a user can perform in order to hide traces of his activity, making investigations on digital media more complicated and time-consuming, and potentially rendering evidence of illegal activities difficult or impossible to obtain. Detecting anti-forensic techniques in use is not always easy and not always possible, as destroying certain types of evidence may leave no traces anywhere in the system. However, since average users have little to average hi-tech knowledge, anti-forensic attempts they perform may be generally ineffective or obviously visible to the expert.

The complexity of LNK files research is that the different shortcuts contains different data. Correspondingly, when you analyze one shortcut type, the contents and amount of data may be different than when analyzing another shortcut type. Besides, in Windows 10 and Windows 11, new fields are present that cannot be found in earlier versions.

During this webinar we will consider a number of anti-forensic efforts, such as:

  • Moving or renaming files
  • Deleting evidence or using privacy protection and disk cleaning tools
  • Destroying evidence by formatting, sanitizing or wiping
  • Data encryption
  • Anti-debugging protection