Based on Kroll’s experience through thousands of incident response engagements, our experts have observed an uptick in the usage of anti-forensics tactics, techniques and procedures (TTPs) to circumvent internal security teams and their detection solutions. Anti-forensics are often used by adversaries to hide their activity either by the concealment, manipulation or deletion of their movement within a victim’s system or network infrastructure. These techniques can be difficult to spot for cybersecurity analysts without proper training and experience in detection, as anti-forensic TTPs tend to require more vigilance to spot them during an incident response investigation.
This series focuses on the many variants of anti-forensic tradecraft commonly used by threat actors including detecting timestomping, clearing event logs, alternate data streams (ADS) and disabling antivirus. Our experts dive into what each of the anti-forensics TTPs mean and explain the level of impact each can cause for a cybersecurity analyst during an investigation.
Incident response, digital forensics, breach notification, security strategy, managed security services, discovery solutions, security transformation.
Find, collect and process forensically useful artifacts in minutes.
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Kroll's expertise establishes whether data was compromised and to what extent. We uncover actionable information, leaving you better prepared to manage a future incident.
Improve investigations and reduce your potential for litigation and fines with the strict chain-of-custody protocol our experts follow at every stage of the data collection process.
Cyber incident remediation and recovery services are part of Kroll’s Complete Response capabilities, expediting system recovery and minimizing business disruption.