Systems and methods to counter the removal of digital forensic information by malicious software.

摘要

The invention relates to a method and a system (100) for preventing anti-forensic actions. The method identifies a suspicious object from a plurality of objects on a computer device (102) monitors actions performed by the suspect object. The method intercepts a first command from the suspect object, aimed at creating and / or modifying a digital artifact on the computer device and, after the interception of the first command, intercepts a second command from the suspect object, aimed at eliminating at least a suspicious object and the digital artifact. In response to the interception of both the first command aimed at creating and / or modifying the digital artifact and the second command aimed at eliminating at least the suspicious object and the digital artifact, the method blocks the second command and saves the suspect object and the digital artifact in a digital archive (116). The system is suitable for performing the method described above. [Fig. 1]