Anti-Forensics
Clear Browser Artifacts
Clear Command History
Clear Operating System Logs
Delete User Account
Disk Wiping
File Deletion
File Encryption
Hide Artifacts
Log Tampering
Modify Windows Registry
Physical Destruction of Storage Media
Physical Removal of Disk Storage
Steganography
System Shutdown
Timestomping
Tripwires
Uninstalling Software
Use of a Virtual Machine
- ID: AF011
- Created: 25th May 2024
- Updated: 14th June 2024
- Platforms: Windows, Linux, MacOS
- Contributor: The ITM Team
Physical Destruction of Storage Media
A subject may destroy or otherwise impair physical storage media such as hard drives to prevent them from being analyzed.
Subsections
| ID | Name | Description |
|---|---|---|
| AF011.002 | Physical Destruction of Disk Storage | A subject may destroy or otherwise impair physical disk storage, such as hard disk drives or solid state drives, to deny access to the files and artifacts stored on them. |
| AF011.001 | Physical Destruction of Removable Media | A subject may destroy or otherwise impair removable storage media, such as external hard drives or USB sticks, to deny access to the files and artifacts stored on them. |
Prevention
| ID | Name | Description |
|---|---|---|
| PV001 | No Ready System-Level Mitigation | This section cannot be readily mitigated at a system level with preventive controls since it is based on the abuse of fundamental features of the system. |
Detection
| ID | Name | Description |
|---|---|---|
| DT033 | Closed-Circuit Television | CCTV can be used to observe activity within or around a site. This control can help to detect preparation or infringement activities and record it to a video file. |
| DT008 | Tamper Seal | A tamper seal can be used to protect against tampering or unauthorized access of an object. Tamper seals can provide visual evidence if an object has been opened or attempted to be opened. |