Anti-Forensics
Clear Browser Artifacts
Clear Command History
Clear Operating System Logs
Delete User Account
Disk Wiping
File Deletion
File Encryption
Hide Artifacts
Log Tampering
Modify Windows Registry
Physical Destruction of Storage Media
Physical Removal of Disk Storage
Steganography
System Shutdown
Timestomping
Tripwires
Uninstalling Software
Use of a Virtual Machine
- ID: AF012
- Created: 25th May 2024
- Updated: 14th June 2024
- Contributor: The ITM Team
Hide Artifacts
A subject may attempt to hide artifacts associated with their behaviors to evade or delay detection.
Subsections
| ID | Name | Description |
|---|---|---|
| AF012.003 | Hidden File System | A subject may use their own abstracted file system, separate from the standard file system. In doing so, insiders can hide the presence of malicious components and file input/output from security tools. |
| AF012.001 | Hidden Files and Directories | A subject may set files and directories to be hidden to evade detection mechanisms or delay investigators. |
| AF012.002 | Hide Emails With Rules | A subject may utilize email rules can be used to automatically move emails from an inbox to obscure locations, with the goal of hiding them from immediate view, delaying identification. |