The advancing science of anti-forensics

One session that caught my eye at this week's RSA conference in London was a talk by Christopher Novak of Verizon on the growing capability of hackers to disguise their traces. The ease of applying anti-forensics to cover tracks seems to be advancing very rapidly. It demands a step change in our approach to detecting and establishing evidence of criminal activities.

Almost nine out of ten cases are now believed to involve anti-forensics. And the software tools are developing rapidly. Techniques in everyday use involve data wiping; clock manipulation; overwriting or modification of audit logs; laying false trails; using foreign alphabet substitutions to disguise file names; encryption and steganography (data hiding).