Internet privacy and security course
Aa font
AA font size
About translation
Previous Next
Counter forensics (anti-computer forensics)

Chapter 72

Counter forensics (anti-computer forensics)

In this section we will look at the measures to counter forensic analysis. More specifically, this chapter provides a bird’s eye view of tasks and solutions.

There are three main ways to counter forensic analysis:

  • Protection (encryption)
  • Hiding (steganography)
  • Erasure

We focus on encryption and steganography in separate chapters, and before you start learning about counter-forensics techniques, you should already know how to encrypt your hard drive, how to create encrypted file-hosted volumes, know about the methods of defeating them and, of course, be aware of the techniques for disguising encrypted file containers. Even better if you know about the methods of creating strong passwords, specifically the part where we give you the recommendations on how to protect yourself from forensic analysis.

Overall encryption is a reliable method provided you encrypt a system, use encrypted file-hosted volumes inside it and follow these recommendations. But sometimes the use of encrypted file-hosted volumes can lead to legal issues. We have already mentioned a few such cases in this course, and just recently we’ve heard about another precedent related to the user’s refusal to give up the password to his phone.

A Florida man William Montanez was on the road and pulled over by the local police for not properly yielding. Who doesn’t get traffic stops, but during the search the police also found 4,5 grams of weed, THC oil and a concealed handgun.

But it’s not the police, guns and drugs that put Montanez in the media spotlight – it’s the two iPhones found in his car. After the police saw a text message that read “OMG did they find it” on the screen, they asked Montanez to unlock his phone, a request he denied because he’d suddenly forgotten his code like many of us would have if we found ourselves in his shoes.

Though Montanez’s decision is justified considering the situation he was in, the judge thought otherwise. The court demanded he should unlock his phone, and after Montanez denied, the judge found him in civil contempt and threw him in jail. Allegedly, Montanez is hiding the evidence on his phone that may lead to drug trafficking charges. Allegedly…

After hearing such stories, you may start thinking that forensic analysis can threaten only drug dealers and criminals. But you may remember that your laptops and phones are often searched when you are crossing the borders of different countries, and your refusal to yield to such requests will lead to serious problems for you.

So far it is the Chinese authorities that have taken the most disturbing measures when it comes to forensic analysis. There the police can perform a forensic analysis of mobile phones rights in the street. You may be taking a stroll, and suddenly get pulled over, your phone – retrieved to be subjected to a forensic analysis. If you are asking yourself, how will the police know your password? Well, you will be more than willing to give it up of your own accord (It’s China, right?).

Then your phone is connected to a laptop, all its contents are uploaded and then analyzed with the help of forensic software. The police would be especially interested in correspondence, videos, photos, user activity on social networks, call and text message history, downloaded applications. As you see, the threat of forensic