Computer forensics is the discipline that deals with the acquisition, investigation, preservation, and presentationof digital evidence in the court of law. Whereas antiforensics is the terminology used to describemalicious activities deployed to delete, alter, or hide digital evidence with the main objective of manipulating,destroying, and preventing the creation of evidence. Various antiforensic methodologies and tools can beused to interfere with digital evidence and computer forensic tools. However, memory-based antiforensictechniques are of particular interest because of their effectiveness, advanced manipulation of digital evidence,and attack on computer forensic tools. These techniques are mainly performed in volatile memory usingadvanced data alteration and hiding techniques. For these reasons memory-based antiforensic techniquesare considered to be unbeatable. This article aims to present some of the current antiforensic approachesand in particular reports on memory-based antiforensic tools and techniques.
展开▼
