Erase, move, change logs
Answer: Covering Tracks
Erase, Move, Change logs: One of the best ways to catch a hacker is to have your systems log their actions. If a hacker deletes your logs, he’s deleting your evidence! Worse still, a hacker might modify logs to give investigators false information. Make sure that your organization’s logs are secure and backed up regularly!
Deleting Files: Imagine you came up with a great invention, and you were storing it in only one place, and some hacker comes along and deletes all your files! All that hard work, gone! Hackers deleting important intellectual property is only one of the major risks of file deletion: they could delete your system logs, documents, and even delete files that would render your operating system inoperable! It’s important to have safeguards in place to prevent unauthorized file deletion.
Time Stomping: In any forensics investigation, it is important for investigators to create a timeline of events that helps to recreate how and when things happened. Timestomping is a technique that involves deleting or modifying the timestamps on files, logs, and metadata to fool forensic analysts. However, there are certain patterns that forensics analysts can find that would suggest that timestomping has occurred.
TOR/Proxies: Proxies are internet servers which act as a communication middle-man for your computer and the internet. If yoeachu use a proxy, then all your computer’s requests for internet content will be routed through that proxy first, making it appear to the outside world that you have a different IP address/location.
TOR is a special type of network/software that allows users to connect to a special type of network, called the “Tor Network,” also known as “The Dark Net.” On the Tor Network, all web requests are put through a series of proxy servers, which is supposed to anonymize your web requests. Many criminals use this network because they think they are anonymous, but in reality, there are still ways for them to get caught using the Tor Network.
IP Spoofing: An IP is like a home address that can identify a device, but it is temporary and the system can be cheated. An IP address can be faked, or spoofed, which makes the IP address appear as if it is a different IP address. By spoofing their IP address, an attacker can hide their identity, and worse, they can frame somebody else for their crimes.
Anti-Forensics: A savvy hacker can take special measures to cover his tracks and defeat forensic investigators. The general purpose of anti-forensics is to make the life of a forensics analyst very difficult. Some of the tricks involved are modifying file headers, hiding files inside of other files, encrypting data, and even encrypting entire drives.