Anti-Forensics
Account Misuse
Clear Browser Artifacts
Clear Email Artifacts
Decrease Privileges
Delayed Execution Triggers
Delete User Account
Deletion of Volume Shadow Copy
Disk Wiping
File Deletion
File Encryption
Hide Artifacts
Hiding or Destroying Command History
Log Deletion
Log Modification
Modify Windows Registry
Network Obfuscation
Physical Destruction of Storage Media
Physical Removal of Disk Storage
Stalling
Steganography
System Shutdown
Timestomping
Tripwires
Uninstalling Software
Virtualization
Windows System Time Modification
- ID: AF029.002
- Created: 20th October 2025
- Updated: 20th October 2025
- Platforms: WindowsLinuxMacOSiOSAndroidAmazon Web Services (AWS)Microsoft AzureGoogle Cloud Platform (GCP)Oracle Cloud Infrastructure (OCI)
- Contributor: Ryan Bellows
Unauthorized VPN Usage
The subject deliberately uses Virtual Private Network (VPN) technology in a manner that circumvents organizational oversight, masking the nature, destination, or content of network activity. This includes installing unapproved VPN clients, as well as reconfiguring sanctioned VPN software to route traffic through unauthorized exit nodes, personal infrastructure, or third-party services not governed by corporate policy.
By diverting traffic away from monitored pathways, the subject obstructs standard telemetry collection - evading logging of session destinations, data transfers, or identity-bound usage. This behavior frustrates forensic reconstruction, hinders real-time monitoring, and degrades the reliability of investigative artifacts. Unauthorized VPN usage is an intentional anti-forensics measure aimed at concealing potentially harmful activity behind layers of encrypted and unsanctioned transit.