Encryption: it can be considered as one of the most valuable anti-forensic methods, but its efficiency can be avoided if the system left on, which will open the door to malware to get installed or to  predators to do a live forensic.

Steganography: it’s the security through obscurity technique that mainly is used to conceal information and covert communication. This technique can be used legitimately for copyright purposes and illegitimately like stealing data and conceal it inside an innocent looking file like an mp3 file.

Data wiping: the standard way  of erasing files  will make the space that was occupied by those files free, but in fact the data will stay residual  and there are many tools that can recover it, so data wiping is considered one of the countermeasure techniques against residual data.

Disk Degaussing: It’s a media sanitization technique that can be achieved by passing the media through a powerful magnetic field which will surely erase the data and render it unrecoverable by any means

Trail obfuscation: spoofing, log clearance, zombie accounts, Trojans, misinformation are all methods of trail obfuscation that are just used to thwart the digital investigation process.

Virtual solution: This  technology  has two roles: 1St  One  is an  anti-forensic tool as many people could create a virtual machine with fully encrypted disk drive  and use it  separately to do their own work, while keep their computer just for amusement purposes like watching movies, playing games and listening to iTunes. 2ND Role is a forensics tool because it helps the examiner to do image investigation.

Disabling Hibernation: the purpose behind enabling hibernation is to save the  power consumption  and technically this feature enables us to take  a snapshot of the latest activity on the  system, including the Memory and save it to a local file  called hiberfil.sys, so when we switch our computer back from the hibernation  state to the normal one  we wouldn’t lose our work, but in disk forensics the hiberfil.sys files could be used to get the pass phrase which could be found in memory.

Windows registry: It keeps all the configuration and settings of windows operation systems and thorough it many keys could be disabled to switch any activity hunting impossible like USB flash drive access, last logged on users, page file at shutdown,… etc..