Hiding Evidence
In this section, we’ll look at ways that evidence can be effectively hidden from forensic investigators. The suspect or subject of the forensic examination may have taken steps to make discovery of evidence difficult or impossible. While certain techniques, such as disk encryption, can hamper an investigation if the necessary passphrase or key is not known, there are other techniques that attempt to hide even the existence of an encrypted container. Application of these anti-forensic techniques are intentionally designed to avoid the discovery that a given piece of evidence even exists. By using network anti-forensic techniques, evidence can be hidden online in places that are difficult to examine.
Note that not all anti-forensic techniques are employed for nefarious purposes, nor are criminals the only people who will employ such techniques. A person who wishes to have any degree of electronic privacy in our modern surveillance economy must resort to the same techniques to avoid having their personal information harvested by large corporations and sold by data brokers. I have an entirely separate OER on Anti-Forensics and Digital Privacy that explores these legitimate uses of anti-forensic techniques. For Coastal Carolina University students, the corresponding course is CSCI 435.