Title: Anti-Forensics: A Practitioner Perspective

Issue Number: Vol. 4, No. 2
Year of Publication: Jan - 2015
Page Numbers: 390-403
Authors: Jean-Paul Van Belle, Richard de Beer, Adrie Stander
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P001593

Abstract:


With the increase in cybercrime, digital evidence is becoming an integral part of the judicial system. Digital evidence is to be found everywhere from computers, to mobile phones, ATMs and surveillance cameras, and it is hard to imagine a crime that does not contain any element of digital evidence. It is however not simple to extract such evidence and present it to court in such a way that there is no uncertainty that it was not changed in any way. Thus the responsibility placed on a Digital Forensics (DF) practitioner to present usable evidence to a court is increasing fast. In some respects, however, it is relatively easy to get rid of digital evidence or to hide it. Many tools exist for cybercrime criminals to prevent DF practitioners from getting their hands on information of probative value. Such tools and methods known as Anti-Forensics (AF). The purpose of this study is to identify the abilities of DF practitioners to identify the use of AF in their active investigations. The research model used, attempts to identify all the factors and constructs of AF that impacts on investigations. This model was then used to develop a survey instrument to gather empirical data from South African DFs. The research has shown that whilst South African DF practitioners perceive DF as having an impact on their investigations, they also perceive electronic evidence as forming only part of the evidence presented to court, and that even if most of the usable evidence of lost, some will generally remain. It was also found that while most DF practitioners in South Africa are well versed only in the more commonly known AF techniques. They do not rate their abilities on more complex techniques well. Finally, most DF practitioners appear not to actively attempt to identify AF techniques as part of their investigations. This combined with a lack of understanding of more complex AF techniques could leave South African DF practitioners exposed by missing important evidence due to lack of technical proficiency.