Logo
RSS Feed

🕶️ Anti-Forensics

Hiding Processes

Malware is not going to just always sit there and sing 🎶. Below are common techniques. More detailed explanation is in the anti-forensics section.

Forged Image Detection

https://29a.ch/photo-forensics/#forensic-magnifier Images can be forged or cloned. Regions can be manipulated with. Hard to detect with naked eye.

Evading Antivirus

Windows https://tyeyeah.github.io/2021/08/02/2021-08-02-Bypass-Anti-Virus/ macOS Linux

Hiding Data

Alternative data stream Alternate data streams. Specific for Windows. See more here. Are there such streams for other OS?

Turning Off Logging

macOS From Apple’s official documentation: In some cases, the contents of a volume are sufficiently secret that it is not appropriate to log them.

USBKill Switch

A software that could be used for anti-forensics. By default, configs are at /etc and named usbkill.