Anti-Forensics and Anti-Anti-Forensics: Attacks and Mitigating Techniques for Digital-Forensic Investigations

Presented at DEF CON 20 (2012), July 27, 2012, 5 p.m. (50 minutes)

Digital investigations may be conducted differently by various labs (law enforcement agencies, private firms, enterprise corporations) but each lab performs similar steps when acquiring, processing, analyzing, or reporting on data. This talk will discuss techniques that criminals can use to throw wrenches into each of these steps in order to disrupt an investigation, and how they can even force evidence to be excluded from litigation. Each of these techniques can be detected early by an investigator who is aware of them, and they can be avoided if you know what to look for. Come learn about Anti-Forensic techniques, and the Anti-Anti-Forensic techniques that mitigate them.

Presenters:

• Michael Perklin
  Michael Perklin is a Senior Investigator and has performed digital-forensic examinations on over a thousand devices. Michael is a member of the High Technology Crime Investigations Association, a professor of digital forensics at Sheridan College, and is currently writing his thesis paper on anti-forensic techniques. Twitter: @mperklin

Links:

• https://defcon.org/html/defcon-20/dc-20-speakers.html#Perklin
• https://infocon.org/cons/DEF CON/DEF CON 20/DEF CON 20 video and slides/DEF CON 20 - Michael Perklin - Anti-Forensics and Anti-Anti-Forensics Attacks - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=BCnjKEFOH1M

Similar Presentations:

• DerbyCon 2.0 Reunion (2012) / Moar Anti-Forensics – Moar Louise
• DerbyCon 1.0 (2011) / Anti-Forensics for the Louise
• DerbyCon 3.0 All in the Family (2013) / An Anti-Forensics Primer