Exploring Computer Forensics and Anti-Forensic Data Storage Techniques
Protect your business interest from third party analysis
Note: Please read the list in order; this will help you understand the logic behind every technique.
Note: These are personal insights and not facts, I do not guarantee success in any way.
Introduction
Forensics analysis allows a business to discover hacking evidence, retrieve old data from disk drives, and discover hardware or software modifications. Forensic analysis can also be used and abused by third parties for illegal purposes.
Anti-forensics techniques can help a business or individual hinder the ability of a third party to read data from drives or see or modify a computer's configuration.
This post contains a list of anti-forensics techniques for data storage that can serve as an example to protect business interests. This list will be improved and expanded over time.
List of Anti-Forensics Techniques for Data Storage
Note: Please read the list in order; this will help you understand the logic behind every technique.
Note: These are personal insights and not facts, I do not guarantee success in any way.
- As a general tip, it is easier to hinder data recovery if drives are encrypted before first use and if drives are completely rewritten before discarding them. Flash Memory only needs to be completely formatted once and Hard Drives need multiple complete rewrites.
- A complete formatting of a drive overwrites all its data once and then formats it.
- Encrypt important storage drives before using them. Strong data encryption will help reduce the possibility of third parties reading the content of those drives. It'll also hinder the chances of reading old data from discarded drives by a third-party. Once you wish to discard an encrypted Hard Drive, you should format it and even re-write it as recommended, but as it was encrypted before use, retrieving data will be harder as a third-party would first need to decrypt the recovered data.
- Before discarding a Flash Drive, do a complete format. By completely formatting flash memory, you reduce any chances of retrieving old data in the case of forensic analysis by other parties.
- Before discarding a Hard Drive, rewrite the hard drive disk multiple times. There are many tools that help you accomplish this. Rewriting data on hard drives reduces any chance of other parties retrieving old data during analysis or after discarding it. Consider destroying the Hard Drive afterwards as recovering data on Hard Drives may be possible even after multiple rewrites.
- Use and prefer small SD cards or flash memory for temporary storage. Cards with 16 GB or 32 GB of storage are easier to completely format than larger cards. A small drive takes less time to format than a larger drive. A complete format helps hinder any chances of old data retrieval and if this disk is encrypted before hand, it would be harder still to recover data. Small Flash Cards are also easier to destroy than Flash Drives and Hard Drives.
