Guidelines for Using Anti-Forensics Techniques

When using anti-forensics techniques:

• Assess the organization's susceptibility to anti-forensics techniques.
• Leverage buffer overflows to disrupt forensic tools.
• Leverage techniques like memory residents and VM detection to hide the existence or purpose of malware.
• Cover your tracks to avoid being identified or having your attack detected.
• Keep in mind that you need to deliver a report to the client and shouldn't truly hide the attack.
• Ensure you aren't causing collateral damage when covering your tracks.
• Clear, modify, or falsify event logs to mislead analysts looking for a record of malicious activity.
• Erase shell history to remove traces of the commands you executed.
• Shred or securely erase files to remove traces from the system.
• Change timestamp values in events and files to make it more difficult for analysts to formulate a coherent narrative.