pith. sign in

arxiv: 2604.05770 · v2 · submitted 2026-04-07 · 💻 cs.CR

SoK: Understanding Anti-Forensics Concepts and Research Practices Across Forensic Subdomains

Janine Schneider , Florian Ramming , Maximilian Eichhorn , Gaston Pugliese , Chris Hargreaves , Jan Gruber , Joschua Schilling , Julian Geus
show 4 more authors
Kevin Mayer Lea Uhlenbrock Lena Voigt Frank Breitinger
This is my paper

Pith reviewed 2026-05-10 18:39 UTC · model grok-4.3

classification 💻 cs.CR
keywords anti-forensicsdigital forensicssystematic reviewattack vectorsresearch practicesforensic subdomainsethical challengesforensic techniques
0
0 comments X

The pith

Systematic analysis of 123 anti-forensics papers quantifies techniques and attack vectors while mapping their use across digital forensic subdomains.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper performs a systematic review that mixes qualitative and quantitative methods on 123 publications about anti-forensics. It counts and classifies the main techniques and attack vectors that obstruct forensic analysis, then tracks how often each appears in different forensic subdomains. The review also catalogs typical research methods, author motivations, and practical applications in the literature. A sympathetic reader would care because anti-forensics is used both by criminals to evade detection and by researchers to expose tool weaknesses, yet the term itself stays loosely defined and raises ethical questions about whether such research is legitimate. The work closes by discussing what the collected data imply for future studies and by suggesting paths toward clearer concepts and ethical standards.

Core claim

Through systematic analysis of 123 publications, the authors quantify the main anti-forensics techniques and attack vectors, examine their occurrence in different digital forensic subdomains, and identify typical research methods, motivations, and applications. The review notes that anti-forensics remains vague and inconsistent in definition despite prior attempts to clarify it, and it highlights ethical challenges concerning research practices and the legitimacy of the field. The authors discuss the implications of these findings for future research and propose directions for building a more coherent and ethically grounded understanding of anti-forensics.

What carries the argument

The systematic literature review and combined qualitative-quantitative synthesis performed on a set of 123 selected publications.

If this is right

  • Forensic researchers gain a clearer view of which techniques and subdomains have received the most attention.
  • Tool developers can target the weaknesses revealed by the most common attack vectors.
  • The field can move toward more consistent definitions and research practices.
  • Future work can address ethical concerns and fill gaps in underrepresented subdomains.
  • Applications of anti-forensics knowledge can focus on strengthening overall forensic robustness.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • A shared taxonomy emerging from the quantified techniques could reduce duplication in new studies.
  • Law-enforcement agencies might prioritize training or tooling for the attack vectors most frequent in high-stakes subdomains.
  • Cross-domain patterns identified in the review could suggest reusable countermeasures that apply beyond single forensic areas.
  • Explicit ethical guidelines derived from the discussion could influence how funding bodies and journals evaluate anti-forensics proposals.

Load-bearing premise

The 123 publications chosen for analysis form a representative sample of anti-forensics research and that the synthesis accurately captures the field's state without major selection or interpretation biases.

What would settle it

A broader or differently sampled collection of anti-forensics publications that shows substantially different distributions of techniques, attack vectors, or research methods than those reported from the original 123 papers.

Figures

Figures reproduced from arXiv: 2604.05770 by Chris Hargreaves, Florian Ramming, Frank Breitinger, Gaston Pugliese, Jan Gruber, Janine Schneider, Joschua Schilling, Julian Geus, Kevin Mayer, Lea Uhlenbrock, Lena Voigt, Maximilian Eichhorn.

Figure 1
Figure 1. Figure 1: Distribution of anti-forensics papers (N=123) across digital [PITH_FULL_IMAGE:figures/full_fig_p005_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Distribution of papers (N=123) over publication years (2004– [PITH_FULL_IMAGE:figures/full_fig_p009_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Number of papers (N=123) over publication years (2004–2024) [PITH_FULL_IMAGE:figures/full_fig_p010_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Number of papers (N=123) over publication years (2004–2024) [PITH_FULL_IMAGE:figures/full_fig_p010_4.png] view at source ↗
read the original abstract

Anti-forensics includes a growing set of techniques designed to obstruct forensic analysis. While cybercriminals increasingly rely on these methods, they also help researchers identify and remedy weaknesses in forensic tools, advancing the overall robustness of digital forensics. Despite repeated efforts to define it, anti-forensics remains vague and inconsistent in its use. It also poses ethical challenges regarding the appropriateness of research practices and the legitimacy of the field itself. This article presents a systematic analysis of 123 publications on anti-forensics, combining qualitative and quantitative methods. We quantify the main techniques and attack vectors, examine their occurrence in different digital forensic subdomains, and identify typical research methods, motivations, and applications. This work also discusses what these findings mean for future research and proposes directions for building a more coherent and ethically grounded understanding of anti-forensics.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 2 minor

Summary. The manuscript is a Systematization of Knowledge (SoK) paper that conducts a mixed-methods review of 123 publications on anti-forensics. It quantifies the main techniques and attack vectors, maps their occurrence across digital forensic subdomains, identifies typical research methods, motivations, and applications, discusses ethical challenges, and proposes directions for more coherent future research.

Significance. If the 123-paper sample proves representative, the work would offer a useful cross-subdomain synthesis that clarifies inconsistent terminology and highlights patterns in techniques and research practices. The mixed-methods design and explicit attention to ethical issues are strengths that could help ground subsequent anti-forensics studies.

major comments (1)
  1. [Methods / Literature Review Procedure] The manuscript provides no details on the literature search strategy, databases queried, keywords or search strings employed, time window, inclusion/exclusion criteria, or any bias-mitigation steps (e.g., inter-rater reliability for coding). Because every quantitative claim—frequencies of techniques, attack-vector distributions, subdomain co-occurrences, and “typical” research methods—rests on the representativeness of these 123 papers, the absence of this information renders the central empirical synthesis unverifiable.
minor comments (2)
  1. Tables or figures that report quantitative breakdowns would benefit from explicit column/row definitions and confidence intervals or sample-size annotations to aid interpretation.
  2. [Abstract] The abstract states the number of papers analyzed but does not preview the search or selection process; adding one sentence on methodology would improve transparency for readers.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive feedback on our SoK manuscript. The single major comment raises an important point about methodological transparency, which we address directly below.

read point-by-point responses

  1. Referee: [Methods / Literature Review Procedure] The manuscript provides no details on the literature search strategy, databases queried, keywords or search strings employed, time window, inclusion/exclusion criteria, or any bias-mitigation steps (e.g., inter-rater reliability for coding). Because every quantitative claim—frequencies of techniques, attack-vector distributions, subdomain co-occurrences, and “typical” research methods—rests on the representativeness of these 123 papers, the absence of this information renders the central empirical synthesis unverifiable.

    Authors: We agree that the absence of an explicit methods description limits the verifiability of our quantitative synthesis. Although the manuscript characterizes the work as a mixed-methods review of 123 publications, it does not document the search protocol. In the revised manuscript we will add a dedicated 'Literature Review Methodology' section (placed after the introduction) that specifies: the databases queried (ACM Digital Library, IEEE Xplore, ScienceDirect, SpringerLink, and Google Scholar), the search strings and Boolean combinations used (e.g., 'anti-forensics' OR 'anti-forensic techniques' AND 'digital forensics'), the time window (2000–2024), inclusion criteria (peer-reviewed English-language papers that explicitly address techniques intended to obstruct digital forensic analysis), exclusion criteria (duplicates, non-research items, papers outside digital forensics contexts), and bias-mitigation steps (independent screening and coding by two authors with reported inter-rater reliability via Cohen's kappa). These additions will allow readers to assess sample representativeness while leaving the original analysis, counts, and conclusions unchanged. revision: yes

Circularity Check

0 steps flagged

No circularity: standard literature synthesis from external sources

full rationale

This SoK paper conducts a systematic qualitative-quantitative review of 123 external publications, coding techniques, vectors, subdomains, methods, motivations, and applications. The derivation chain consists of literature search, selection, categorization, and frequency counting applied to independent prior work; no equations, fitted parameters, self-definitional constructs, or predictions reduce outputs to the paper's own inputs by construction. Self-citations, if present, are not load-bearing for the central synthesis claims, which remain externally grounded. Sample representativeness is a validity concern, not a circularity issue.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

As a survey paper the central claim rests on literature selection and synthesis rather than new parameters or postulates; no free parameters, axioms, or invented entities are introduced.

pith-pipeline@v0.9.0 · 5475 in / 1006 out tokens · 48023 ms · 2026-05-10T18:39:27.058125+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

155 extracted references · 155 canonical work pages

  1. [1]

    Anti-forensics techniques: An analytical review,

    A. Jain and G. S. Chhabra, “Anti-forensics techniques: An analytical review,” in2014 Seventh International Conference on Contemporary Computing (IC3), Aug. 2014, pp. 412–418

    work page 2014

  2. [2]

    A survey on anti-forensics techniques,

    M. Gül and E. Kugu, “A survey on anti-forensics techniques,” in2017 International Artificial Intelligence and Data Processing Symposium (IDAP), Sep. 2017, pp. 1–6

    work page 2017

  3. [3]

    Understanding digital image anti-forensics: an analytical review,

    N. Taneja, V . S. Bramhe, D. Bhardwaj, and A. Taneja, “Understanding digital image anti-forensics: an analytical review,”Multim. Tools Appl., vol. 83, no. 4, pp. 10 445–10 466, 2024. [Online]. Available: https://doi.org/10.1007/s11042-023-15866-0

    work page doi:10.1007/s11042-023-15866-0 2024

  4. [4]

    Systematic review: Anti-forensic computer techniques,

    R. González Arias, J. Bermejo Higuera, J. J. Rainer Granados, J. R. Bermejo Higuera, and J. A. Sicilia Montalvo, “Systematic review: Anti-forensic computer techniques,”Applied Sciences, vol. 14, no. 12, p. 5302, 2024, number: 12 Publisher: Multidisciplinary Digital Publishing Institute. [Online]. Available: https://www.mdpi.com/2076-3417/14/12/5302

    work page 2024

  5. [5]

    Anti-forensics: Furthering digital forensic science through a new extended, granular taxonomy,

    K. Conlan, I. Baggili, and F. Breitinger, “Anti-forensics: Furthering digital forensic science through a new extended, granular taxonomy,” Digital Investigation, vol. 18, pp. S66–S75, 2016. [Online]. Available: https://linkinghub.elsevier.com/retrieve/pii/S1742287616300378

    work page 2016

  6. [6]

    Guidelines for performing systematic literature reviews in software engineering version 2.3,

    B. Kitchenham and S. Charters, “Guidelines for performing systematic literature reviews in software engineering version 2.3,”

    work page

  7. [7]

    [Online]. Available: https://www.researchgate.net/profile/Barb ara-Kitchenham/publication/302924724_Guidelines_for_performin g_Systematic_Literature_Reviews_in_Software_Engineering/links/ 61712932766c4a211c03a6f7/Guidelines-for-performing-Systemati c-Literature-Reviews-in-Software-Engineering.pdf

    work page arXiv

  8. [8]

    Digital forensics

    Interpol, “Digital forensics.” [Online]. Available: https://www.interp ol.int/How-we-work/Innovation/Digital-forensics

    work page

  9. [9]

    [Online]

    Computer forensics tools & techniques catalog - home. [Online]. Available: https://toolcatalog.nist.gov/

    work page

  10. [10]

    DFRWS EU 10-year review and future directions in digital forensic research,

    F. Breitinger, J.-N. Hilgert, C. Hargreaves, J. Sheppard, R. Overdorf, and M. Scanlon, “DFRWS EU 10-year review and future directions in digital forensic research,”Forensic Science International: Digital Investigation, vol. 48, p. 301685, 2024. [Online]. Available: https://linkinghub.elsevier.com/retrieve/pii/S2666281723002044

    work page 2024

  11. [11]

    SOLVE-IT: A proposed digital forensic knowledge base inspired by MITRE ATT&CK,

    C. Hargreaves, H. van Beek, and E. Casey, “SOLVE-IT: A proposed digital forensic knowledge base inspired by MITRE ATT&CK,” Forensic Science International: Digital Investigation, vol. 52, p. 301864, 2025. [Online]. Available: https://www.sciencedirect.com/sc ience/article/pii/S2666281725000034

    work page 2025

  12. [12]

    Digital anti-forensics: Emerging trends in data transformation techniques

    C. S. J. Peron and M. Legary, “Digital anti-forensics: Emerging trends in data transformation techniques.” [Online]. Available: https://www.slideshare.net/slideshow/digital-antiforensics-emergin g-trends-in-data-transformation-techniques/4050814

    work page arXiv

  13. [13]

    The art of defiling - defeating forensic analysis,

    the grugq, “The art of defiling - defeating forensic analysis,” blackhat Europe 2005. [Online]. Available: https://www.blackhat.c om/presentations/bh-europe-05/bh-eu-05-grugq.pdf

    work page 2005

  14. [14]

    Bleeding-edge anti-forensics,

    V . Liu and F. Brown, “Bleeding-edge anti-forensics,” InfoSec World

    work page

  15. [15]

    Available: https://resources.bishopfox.com/files/slide s/2006/InfoSecWorld_2006-K2-Bleeding_Edge_AntiForensics-200 6.pdf

    [Online]. Available: https://resources.bishopfox.com/files/slide s/2006/InfoSecWorld_2006-K2-Bleeding_Edge_AntiForensics-200 6.pdf

    work page 2006

  16. [16]

    Anti-forensics: The coming wave in digital forensics,

    M. K. Rogers, “Anti-forensics: The coming wave in digital forensics,” 2006

    work page 2006

  17. [17]

    Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem,

    R. Harris, “Arriving at an anti-forensics consensus: Examining how to define and control the anti-forensics problem,”Digital Investigation, vol. 3, pp. 44–49, 2006. [Online]. Available: https: //www.sciencedirect.com/science/article/pii/S1742287606000673

    work page 2006

  18. [18]

    Anti-forensics and the digital investigator,

    G. Kessler, “Anti-forensics and the digital investigator,”5th Australian Digital Forensics Conference, vol. Edith Cowan University, p. December 3rd 2007, 2007, medium: PDF Publisher: Security Research Institute (SRI), Edith Cowan University. [Online]. Available: http://ro.ecu.edu.au/adf/1

    work page 2007

  19. [19]

    Taxonomy of anti-computer forensics threats,

    J. Sremack and A. Antonov, “Taxonomy of anti-computer forensics threats,” inLecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI), vol. P-114, 2007, pp. 103–112

    work page 2007

  20. [20]

    Data hiding in the NTFS file system,

    E. Huebner, D. Bem, and C. K. Wee, “Data hiding in the NTFS file system,”Digital Investigation, vol. 3, no. 4, pp. 211–226, 2006. [Online]. Available: https://www.sciencedirect.com/science/article/pi i/S1742287606001265

    work page 2006

  21. [21]

    What evidence is left after disk cleaners?

    A. Jones and C. Meyler, “What evidence is left after disk cleaners?” Digital Investigation, vol. 1, no. 3, pp. 183–188, 2004. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S17422 87604000568

    work page 2004

  22. [22]

    A Tool for the Detection of Hidden Data in Microsoft Compound Document File Format,

    H. Kwon, Y . Kim, S. Lee, and J. Lim, “A Tool for the Detection of Hidden Data in Microsoft Compound Document File Format,” in 2008 International Conference on Information Science and Security (ICISS 2008), Jan. 2008, pp. 141–146

    work page 2008

  23. [23]

    Taking advantages of a disadvantage: Digital forensics and steganography using document metadata,

    A. Castiglione, A. D. Santis, and C. Soriente, “Taking advantages of a disadvantage: Digital forensics and steganography using document metadata,”Journal of Systems and Software, vol. 80, no. 5, pp. 750–764, 2007. [Online]. Available: https://www.sciencedirect.com/ science/article/pii/S0164121206001981

    work page 2007

  24. [24]

    Data Hiding in SIM/USIM Cards: A Steganographic Approach,

    A. Savoldi and P. Gubian, “Data Hiding in SIM/USIM Cards: A Steganographic Approach,” inSecond International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE’07), Apr. 2007, pp. 86–100

    work page 2007

  25. [25]

    A Plausibly-Deniable, Practical Trusted Platform Module Based Anti-Forensics Client-Server System,

    W. Goh, P. C. Leong, and C. K. Yeo, “A Plausibly-Deniable, Practical Trusted Platform Module Based Anti-Forensics Client-Server System,” IEEE Journal on Selected Areas in Communications, vol. 29, no. 7, pp. 1377–1391, Aug. 2011

    work page 2011

  26. [26]

    Sensor pattern noise based source anonymization,

    N. N. Dafale and R. Naskar, “Sensor pattern noise based source anonymization,” in2017 Third International Conference on Sensing, Signal Processing and Security (ICSSS), May 2017, pp. 93–98

    work page 2017

  27. [27]

    H. T. Sencar and N. Memon, Eds.,Digital Image Forensics: There is More to a Picture than Meets the Eye. Springer, 2013. [Online]. Available: https://link.springer.com/10.1007/978-1-4614-0757-7

    work page doi:10.1007/978-1-4614-0757-7 2013

  28. [28]

    Forensic Detection of Timestamp Manipulation for Digital Forensic Investigation,

    J. Oh, S. Lee, and H. Hwang, “Forensic Detection of Timestamp Manipulation for Digital Forensic Investigation,”IEEE Access, vol. 12, pp. 72 544–72 565, 2024

    work page 2024

  29. [29]

    Designing a cluster-based covert channel to evade disk investigation and forensics,

    H. Khan, M. Javed, S. A. Khayam, and F. Mirza, “Designing a cluster-based covert channel to evade disk investigation and forensics,”Computers & Security, vol. 30, no. 1, pp. 35–49, 2011. [Online]. Available: https://www.sciencedirect.com/science/article/pi i/S016740481000088X

    work page 2011

  30. [30]

    Automated Production of Predetermined Digital Evidence,

    A. Castiglione, G. Cattaneo, G. De Maio, and A. De Santis, “Automated Production of Predetermined Digital Evidence,”IEEE Access, vol. 1, pp. 216–231, 2013

    work page 2013

  31. [31]

    The Forensic Analysis of a False Digital Alibi,

    A. Castiglione, G. Cattaneo, G. De Maio, A. De Santis, G. Costabile, and M. Epifani, “The Forensic Analysis of a False Digital Alibi,” in2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, Jul. 2012, pp. 114–121

    work page 2012

  32. [32]

    Time for Truth: Forensic Analysis of NTFS Timestamps,

    M. Galhuber and R. Luh, “Time for Truth: Forensic Analysis of NTFS Timestamps,” inProceedings of the 16th International Conference on Availability, Reliability and Security, ser. ARES ’21. New York, NY , USA: Association for Computing Machinery, 2021, event-place: Vienna, Austria. [Online]. Available: https: //doi.org/10.1145/3465481.3470016

    work page doi:10.1145/3465481.3470016 2021

  33. [33]

    Understanding Anti- forensic Techniques with Timestamp Manipulation (Invited Paper),

    D.-i. Jang, G.-J. Ahn, H. Hwang, and K. Kim, “Understanding Anti- forensic Techniques with Timestamp Manipulation (Invited Paper),” in2016 IEEE 17th International Conference on Information Reuse and Integration (IRI), Jul. 2016, pp. 609–614

    work page 2016

  34. [34]

    Detection of Timestamps Tampering in NTFS using Machine Learning,

    A. Mohamed and C. Khalid, “Detection of Timestamps Tampering in NTFS using Machine Learning,”Procedia Computer Science, vol. 160, pp. 778–784, 2019. [Online]. Available: https: //www.sciencedirect.com/science/article/pii/S1877050919317119

    work page 2019

  35. [35]

    Counter Forensics: A New PRNU Based Method for Image Source Anonymization,

    A. Raj and D. Sankar, “Counter Forensics: A New PRNU Based Method for Image Source Anonymization,” in2019 IEEE Inter- national Conference on Electrical, Computer and Communication Technologies (ICECCT), Feb. 2019, pp. 1–7

    work page 2019

  36. [36]

    exHide: Hiding Data within the exFAT File System,

    J. Heeger, Y . Yannikos, and M. Steinebach, “exHide: Hiding Data within the exFAT File System,” inProceedings of the 16th International Conference on Availability, Reliability and Security, ser. ARES ’21. New York, NY , USA: Association for Computing Machinery, 2021, event-place: Vienna, Austria. [Online]. Available: https://doi.org/10.1145/3465481.3470117

    work page doi:10.1145/3465481.3470117 2021

  37. [37]

    NULL byte injection: anti-forensic technique for data hiding in FAT32 file system,

    D. Kim, Y . K. Lee, and J. Jeong, “NULL byte injection: anti-forensic technique for data hiding in FAT32 file system,” inProceedings of the Twenty-Third International Symposium on Theory, Algorithmic Foundations, and Protocol Design for Mobile Networks and Mobile Computing, ser. MobiHoc ’22. New York, NY , USA: Association for Computing Machinery, 2022, p...

    work page doi:10.1145/3492866.3558587 2022

  38. [38]

    Revisiting Data Hiding Techniques for Apple File System,

    T. Göbel, J. Türr, and H. Baier, “Revisiting Data Hiding Techniques for Apple File System,” inProceedings of the 14th International Conference on Availability, Reliability and Security, ser. ARES ’19. New York, NY , USA: Association for Computing Machinery, 2019, event-place: Canterbury, CA, United Kingdom. [Online]. Available: https://doi.org/10.1145/333...

    work page doi:10.1145/3339252.3340524 2019

  39. [39]

    Detecting and Manipulat- ing Compressed Alternate Data Streams in a Forensics Investigation,

    A. I. Martini, A. Zaharis, and C. Ilioudis, “Detecting and Manipulat- ing Compressed Alternate Data Streams in a Forensics Investigation,” in2008 Third International Annual Workshop on Digital Forensics and Incident Analysis, Oct. 2008, pp. 53–59

    work page 2008

  40. [40]

    Forensic Techniques to Detect Hidden Data in Alternate Data Streams in NTFS,

    R. Hermon, U. Singh, and B. Singh, “Forensic Techniques to Detect Hidden Data in Alternate Data Streams in NTFS,” in2022 IEEE Bombay Section Signature Conference (IBSSC), Dec. 2022, pp. 1–6

    work page 2022

  41. [41]

    Different interpretations of ISO9660 file systems,

    B. D. Carrier, “Different interpretations of ISO9660 file systems,” Digital Investigation, vol. 7, pp. S129–S134, 2010. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S17422 87610000435

    work page 2010

  42. [42]

    Anti-forensics in ext4: On secrecy and usability of timestamp-based data hiding,

    T. Göbel and H. Baier, “Anti-forensics in ext4: On secrecy and usability of timestamp-based data hiding,”Digital Investigation, vol. 24, pp. S111–S120, 2018. [Online]. Available: https: //www.sciencedirect.com/science/article/pii/S174228761830046X

    work page 2018

  43. [43]

    Ambiguous file system partitions,

    J. Schneider, M. Eichhorn, and F. Freiling, “Ambiguous file system partitions,”Forensic Science International: Digital Investigation, vol. 42, p. 301399, 2022. [Online]. Available: https: //www.sciencedirect.com/science/article/pii/S2666281722000804

    work page 2022

  44. [44]

    Anti-forensics: The Next Step in Digital Forensics Tool Testing,

    M. Wundram, F. C. Freiling, and C. Moch, “Anti-forensics: The Next Step in Digital Forensics Tool Testing,” in2013 Seventh International Conference on IT Security Incident Management and IT Forensics, Mar. 2013, pp. 83–97

    work page 2013

  45. [45]

    Employing Deep Ensemble Learning for Improving the Security of Computer Networks Against Adversarial Attacks,

    E. Nowroozi, M. Mohammadi, E. Sava¸ s, Y . Mekdad, and M. Conti, “Employing Deep Ensemble Learning for Improving the Security of Computer Networks Against Adversarial Attacks,”IEEE Transactions on Network and Service Management, vol. 20, no. 2, pp. 2096–2105, Jun. 2023

    work page 2096

  46. [46]

    FAUST: Forensic artifacts of uninstalled steganography tools,

    R. Zax and F. Adelstein, “FAUST: Forensic artifacts of uninstalled steganography tools,”Digital Investigation, vol. 6, no. 1, pp. 25–38,

    work page

  47. [47]

    Available: https://www.sciencedirect.com/science/arti cle/pii/S1742287609000267

    [Online]. Available: https://www.sciencedirect.com/science/arti cle/pii/S1742287609000267

    work page

  48. [48]

    A statistical method for detecting on-disk wiped areas,

    A. Savoldi, M. Piccinelli, and P. Gubian, “A statistical method for detecting on-disk wiped areas,”Digital Investigation, vol. 8, no. 3, pp. 194–214, 2012. [Online]. Available: https: //www.sciencedirect.com/science/article/pii/S1742287611000545

    work page 2012

  49. [49]

    Data Preservation System using BoCA: Blockchain-of-Custody Application,

    T. Martin and M. Hammoudeh, “Data Preservation System using BoCA: Blockchain-of-Custody Application,” inProceedings of the 5th International Conference on Future Networks and Distributed Systems, ser. ICFNDS ’21. New York, NY , USA: Association for Computing Machinery, 2022, pp. 70–77, event-place: Dubai, United Arab Emirates. [Online]. Available: https:/...

    work page doi:10.1145/3508072.3508084 2022

  50. [50]

    Blockchain- based chain of custody: towards real-time tamper-proof evidence management,

    L. Ahmad, S. Khanji, F. Iqbal, and F. Kamoun, “Blockchain- based chain of custody: towards real-time tamper-proof evidence management,” inProceedings of the 15th International Conference on Availability, Reliability and Security, ser. ARES ’20. New York, NY , USA: Association for Computing Machinery, 2020, event-place: Virtual Event, Ireland. [Online]. Av...

    work page doi:10.1145/3407023.3409199 2020

  51. [51]

    Preventing Spoliation of Evidence with Blockchain: A Perspective from South Asia,

    A. Shahaab, C. Hewage, and I. Khan, “Preventing Spoliation of Evidence with Blockchain: A Perspective from South Asia,” in Proceedings of the 2021 3rd International Conference on Blockchain Technology, ser. ICBCT ’21. New York, NY , USA: Association for Computing Machinery, 2021, pp. 45–52, event-place: Shanghai, China. [Online]. Available: https://doi.or...

    work page doi:10.1145/3460537.3460550 2021

  52. [52]

    Control Logic Obfuscation Attack in Industrial Control Systems,

    N. Zubair, A. Ayub, H. Yoo, and I. Ahmed, “Control Logic Obfuscation Attack in Industrial Control Systems,” in2022 IEEE International Conference on Cyber Security and Resilience (CSR), Jul. 2022, pp. 227–232

    work page 2022

  53. [53]

    Introducing Anti-Forensics to SQLite Corpora and Tool Testing,

    S. Schmitt, “Introducing Anti-Forensics to SQLite Corpora and Tool Testing,” in2018 11th International Conference on IT Security Incident Management & IT Forensics (IMF), May 2018, pp. 89– 106

    work page 2018

  54. [54]

    Styx: Countering robust memory acquisition,

    R. Palutke and F. Freiling, “Styx: Countering robust memory acquisition,”Digital Investigation, vol. 24, pp. S18–S28, 2018. [Online]. Available: https://www.sciencedirect.com/science/article/pi i/S1742287618300367

    work page 2018

  55. [55]

    Covert communication by means of email spam: A challenge for digital investigation,

    S. Yu, “Covert communication by means of email spam: A challenge for digital investigation,”Digital Investigation, vol. 13, pp. 72–79,

    work page

  56. [56]

    Available: https://www.sciencedirect.com/science/arti cle/pii/S1742287615000432

    [Online]. Available: https://www.sciencedirect.com/science/arti cle/pii/S1742287615000432

    work page

  57. [57]

    RandCompile: Removing Forensic Gadgets from the Linux Kernel to Combat its Analysis,

    F. Franzen, A. C. Wilhelmer, and J. Grossklags, “RandCompile: Removing Forensic Gadgets from the Linux Kernel to Combat its Analysis,” inProceedings of the 39th Annual Computer Security Applications Conference, ser. ACSAC ’23. New York, NY , USA: Association for Computing Machinery, 2023, pp. 677–690, event-place: Austin, TX, USA. [Online]. Available: htt...

    work page doi:10.1145/3627106.3627197 2023

  58. [58]

    Improving the Security of Visual Challenges,

    J. Valente, K. Bahirat, K. Venechanos, A. A. Cardenas, and P. Balakrishnan, “Improving the Security of Visual Challenges,” ACM Trans. Cyber-Phys. Syst., vol. 3, no. 3, Aug. 2019, place: New York, NY , USA Publisher: Association for Computing Machinery. [Online]. Available: https://doi.org/10.1145/3331183

    work page doi:10.1145/3331183 2019

  59. [59]

    Detection and localization of inter-frame forgeries in videos based on macroblock variation and motion vector analysis,

    J. Bakas, R. Naskar, and S. Bakshi, “Detection and localization of inter-frame forgeries in videos based on macroblock variation and motion vector analysis,”Computers & Electrical Engineering, vol. 89, p. 106929, 2021. [Online]. Available: https://www.scienced irect.com/science/article/pii/S0045790620307783

    work page 2021

  60. [60]

    Data remanence and digital forensic in- vestigation for CUDA Graphics Processing Units,

    X. Bellekens, G. Paul, J. M. Irvine, C. Tachtatzis, R. C. Atkinson, T. Kirkham, and C. Renfrew, “Data remanence and digital forensic in- vestigation for CUDA Graphics Processing Units,” in2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), May 2015, pp. 1345–1350, iSSN: 1573-0077

    work page 2015

  61. [61]

    Controlled experiments in digital evidence tampering,

    F. Freiling and L. Hösch, “Controlled experiments in digital evidence tampering,”Digital Investigation, vol. 24, pp. S83–S92,

    work page

  62. [62]

    Available: https://www.sciencedirect.com/science/arti cle/pii/S1742287618300434

    [Online]. Available: https://www.sciencedirect.com/science/arti cle/pii/S1742287618300434

    work page

  63. [63]

    Tampering with Digital Evidence is Hard: The Case of Main Memory Images,

    J. Schneider, J. Wolf, and F. Freiling, “Tampering with Digital Evidence is Hard: The Case of Main Memory Images,”Forensic Science International: Digital Investigation, vol. 32, p. 300924,

    work page

  64. [64]

    Available: https://www.sciencedirect.com/science/arti cle/pii/S2666281720300196

    [Online]. Available: https://www.sciencedirect.com/science/arti cle/pii/S2666281720300196

    work page

  65. [65]

    Prudent design principles for digital tampering experiments,

    J. Schneider, L. Düsel, B. Lorch, J. Drafz, and F. Freiling, “Prudent design principles for digital tampering experiments,”Forensic Science International: Digital Investigation, vol. 40, p. 301334,

    work page

  66. [66]

    Available: https://www.sciencedirect.com/science/arti cle/pii/S2666281722000038

    [Online]. Available: https://www.sciencedirect.com/science/arti cle/pii/S2666281722000038

    work page

  67. [67]

    A Hierarchical Visibility theory for formal digital investigation of anti-forensic attacks,

    S. Rekhis and N. Boudriga, “A Hierarchical Visibility theory for formal digital investigation of anti-forensic attacks,”Computers & Security, vol. 31, no. 8, pp. 967–982, 2012. [Online]. Available: https: //www.sciencedirect.com/science/article/pii/S0167404812001022

    work page 2012

  68. [68]

    A memory-based game-theoretic defensive approach for digital forensic investigators,

    S. S. Hasanabadi, A. H. Lashkari, and A. A. Ghorbani, “A memory-based game-theoretic defensive approach for digital forensic investigators,”Forensic Science International: Digital Investigation, vol. 38, p. 301214, 2021. [Online]. Available: https: //www.sciencedirect.com/science/article/pii/S2666281721001220

    work page 2021

  69. [69]

    A game-theoretic defensive approach for forensic investigators against rootkits,

    ——, “A game-theoretic defensive approach for forensic investigators against rootkits,”Forensic Science International: Digital Investigation, vol. 33, p. 200909, 2020. [Online]. Available: https://www.scienced irect.com/science/article/pii/S2666281720300299

    work page 2020

  70. [70]

    A survey and research challenges of anti-forensics: Evaluation of game-theoretic models in simulation of forensic agents’ behaviour,

    ——, “A survey and research challenges of anti-forensics: Evaluation of game-theoretic models in simulation of forensic agents’ behaviour,” Forensic Science International: Digital Investigation, vol. 35, p. 301024, 2020. [Online]. Available: https://www.sciencedirect.com/sc ience/article/pii/S2666281720300925

    work page 2020

  71. [71]

    Using Attack Graphs in Forensic Examinations,

    C. Liu, A. Singhal, and D. Wijesekera, “Using Attack Graphs in Forensic Examinations,” in2012 Seventh International Conference on Availability, Reliability and Security, Aug. 2012, pp. 596–603

    work page 2012

  72. [72]

    Challenges to digital forensics: A survey of researchers & practitioners attitudes and opinions,

    M. Al Fahdi, N. Clarke, and S. Furnell, “Challenges to digital forensics: A survey of researchers & practitioners attitudes and opinions,” in2013 Information Security for South Africa, Aug. 2013, pp. 1–8, iSSN: 2330-9881

    work page 2013

  73. [73]

    Anti-computer forensics,

    K. Hausknecht and S. Grui ˇci´c, “Anti-computer forensics,” in2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), May 2017, pp. 1233–1240

    work page 2017

  74. [74]

    The anti-forensics challenge,

    K. Dahbur and B. Mohammad, “The anti-forensics challenge,” in Proceedings of the 2011 International Conference on Intelligent Semantic Web-Services and Applications, ser. ISWSA ’11. New York, NY , USA: Association for Computing Machinery, 2011, event-place: Amman, Jordan. [Online]. Available: https: //doi.org/10.1145/1980822.1980836

    work page doi:10.1145/1980822.1980836 2011

  75. [75]

    General Countermeasures of Anti- Forensics Categories,

    M. R. Al-Mousa, N. A. Sweerky, G. Samara, M. Alghanim, A. S. I. Hussein, and B. Qadoumi, “General Countermeasures of Anti- Forensics Categories,” in2021 Global Congress on Electrical Engineering (GC-ElecEng), Dec. 2021, pp. 5–10

    work page 2021

  76. [76]

    Coun- terfeiting and Defending the Digital Forensic Process,

    A. Botas, R. J. Rodriguez, T. Väisänen, and P. Zdzichowski, “Coun- terfeiting and Defending the Digital Forensic Process,” in2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, Oct. 2015, pp. 1966–1971

    work page 2015

  77. [77]

    A review of image steganalysis techniques for digital forensics,

    K. Karampidis, E. Kavallieratou, and G. Papadourakis, “A review of image steganalysis techniques for digital forensics,”Journal of Information Security and Applications, vol. 40, pp. 217–235, 2018. [Online]. Available: https://www.sciencedirect.com/science/article/pi i/S2214212617300777

    work page 2018

  78. [78]

    A Conceptual Frame- work for Database Anti-forensics Impact Mitigation,

    B. Z. Adamu, M. Karabatak, and F. Ertam, “A Conceptual Frame- work for Database Anti-forensics Impact Mitigation,” in2020 8th International Symposium on Digital Forensics and Security (ISDFS), Jun. 2020, pp. 1–6

    work page 2020

  79. [79]

    Fool me once: A systematic review of techniques to authenticate digital artefacts,

    C. Neale, “Fool me once: A systematic review of techniques to authenticate digital artefacts,”Forensic Science International: Digital Investigation, vol. 45, p. 301516, Jun. 2023. [Online]. Available: https: //www.sciencedirect.com/science/article/pii/S2666281723000173

    work page 2023

  80. [80]

    The case for Zero Trust Digital Forensics,

    C. Neale, I. Kennedy, B. Price, Y . Yu, and B. Nuseibeh, “The case for Zero Trust Digital Forensics,”Forensic Science International: Digital Investigation, vol. 40, p. 301352, 2022. [Online]. Available: https: //www.sciencedirect.com/science/article/pii/S266628172200021X

    work page 2022

Showing first 80 references.