When finding nothing may be evidence of something: Anti-forensics and digital tool marks |
| |
| Authors: | Graeme Horsman David Errickson |
| |
| Affiliation: | 1. Teesside University, Campus Heart, Southfield Rd, Middlesbrough TS1 3BX, United Kingdom;2. Cranfield Forensic Institute, Defence Academy of the United Kingdom, Cranfield University, Shrivenham, SN6 8LA, United Kingdom |
| |
| Abstract: | There are an abundance of measures available to the standard digital device users which provide the opportunity to act in an anti-forensic manner and conceal any potential digital evidence denoting a criminal act. Whilst there is a lack of empirical evidence which evaluates the scale of this threat to digital forensic investigations leaving the true extent of engagement with such tools unknown, arguably the field should take proactive steps to examine and record the capabilities of these measures. Whilst forensic science has long accepted the concept of toolmark analysis as part of criminal investigations, ‘digital tool marks’ (DTMs) are a notion rarely acknowledged and considered in digital investigations. DTMs are the traces left behind by a tool or process on a suspect system which can help to determine what malicious behaviour has occurred on a device. This article discusses and champions the need for DTM research in digital forensics highlighting the benefits of doing so. |
| |
| Keywords: | Corresponding author. Digital forensics Anti forensics Digital tool marks Investigation Crime |
| 本文献已被 ScienceDirect 等数据库收录! |
|
