Friday

[Leak] Complete Anti-Forensics Guide | How to never get caught in wrong place at wrong time online !



Complete Anti-Forensics Guide


Anti-forensics is the art of leaving no trace on your computer, it is combating common forensic tools in preventing any penetration for forensic tests on your computer. Anti-Forensics can pretty much be summed up in one famous quote:


"Make it hard for them to find you, and impossible for them to prove they've found you."

Because Linux installations are pretty much already secured, this guide will only focus on Windows. Windows is a security nightmare, but what if I were to tell you there was a way around this, a way to make Windows secure? VPNs, proxies, and Tor only get you so far, but what do you do when they've traced it to your computer? Anti-forensics is designed for this situation, to prevent them from proving you've done anything wrong even if they have your computer.

With that being said, let's get started.


Disabling Time Stamps

Using TimeStamps, forensic experts can build a 'digital time-line', this can be very compelling evidence when cross-referenced with other known evidence. In order to strengthen security, we must disable these logs.


Step 1.) User Assist File

There is a registry setting that keeps logs and dates of all launch programs, forensic experts can use this to build a digital timeline, we must disable this for computer security.

Navigate to 'HKEY_Current_User\Software\Microsoft\Windows\Currentvers ion\Explorer\Userassist' . You should see two subkeys called Count, delete both these keys. Now right-click the UserAssist key and create a new key named 'Settings'. In this key create DWORD value named NoLog, set the value to 1.

Windows will no longer store hidden logs of the exact times you have been accesing files, therefore forensics experts can no longer use these hidden logs to create a digital timeline.

Step 2.) Last Access Logs

Next we will disable the last access in Windows. What last access is is a setting on Windows that allows you to see when you opened, modified, and/or created files on your computer and is similar to the UserAssist registry key. By disabling this forensic experts won't as easily be able to tell when you've been accessing programs or files on your computer.

To disable last access open command prompt on your computer, if on Vista or Windows 7 make sure to run as administrator. In command prompt type the following:

fsutil behavior set disablelastaccess 1

Last access has now been disabled, in order for it to take effect you must restart your computer.


Encrypting Your Computer


It is very important to make sure that your computer is encrypted, in the case an unwanted visitor is trying to access your computer, they will not be able to access to computer if it is encrypted.


Step 1.) VeraCrypt

To encrypt your computer, you can use Veracrypt, a free program that allow you to encrypt your computer. When encrypting with VeraCrypt, you have two options; the first one is to create a hidden container. A hidden container is an operating system that is impossible prove exists.

When creating a hidden container you will have three different passwords:

1. The First would be for your decoy system, the operating system you would show someone forcing you to login your computer.

2. The second password would be for your outer volume, the operating system you would show someone forcing you to login to the second partition on your computer (a second partition is require computer for your hidden container is.

3. Third password is for the hidden operating system on the second partition of your computer, this operating system is placed in the inner volume, and is impossible to prove exists (It appears to be RAW data).

The second option is to just encrypt your hard-drive. This is also very secure, but you may be forced to give up your password due to court-order (In this situation, if you are a VERY good lier, you could simply say 'I forgot', but you would have to make it believable.) With normal drive encryption.

No comments: