ABSTRACT
Nowadays, criminals are familiar with the techniques and methods by which digital forensic practitioners gather digital evidence. There is a broad interpretation from throughout the digital forensic community as to what antiforensics truly are. While not having unanimous agreement from the forensic community, several attempts have been made to define antiforensics based on personal experiences to characterize the terminologies used for describing the techniques used, which are explored in this chapter. It presents examples of file manipulation techniques that can be used independently or in any combination with other antiforensic techniques. Another type of data-hiding technique is achieved by making changes to the ways in which the file system interacts and manages its hosted data. Combatting these techniques requires organizations to implement layered strategic and risk-based countermeasures that provide for an agnostic method of detecting antiforensics throughout the enterprise.
