Encryption: it can be considered as one of the most valuable anti-forensic methods, but its efficiency can be avoided if the system left on, which will open the door to malware to get installed or to predators to do a live forensic.
Steganography: it’s the security through obscurity technique that mainly is used to conceal information and covert communication. This technique can be used legitimately for copyright purposes and illegitimately like stealing data and conceal it inside an innocent looking file like an mp3 file.
Data wiping: the standard way of erasing files will make the space that was occupied by those files free, but in fact the data will stay residual and there are many tools that can recover it, so data wiping is considered one of the countermeasure techniques against residual data.
Disk Degaussing: It’s a media sanitization technique that can be achieved by passing the media through a powerful magnetic field which will surely erase the data and render it unrecoverable by any means
Trail obfuscation: spoofing, log clearance, zombie accounts, Trojans, misinformation are all methods of trail obfuscation that are just used to thwart the digital investigation process.
Virtual solution: This technology has two roles: 1St One is an anti-forensic tool as many people could create a virtual machine with fully encrypted disk drive and use it separately to do their own work, while keep their computer just for amusement purposes like watching movies, playing games and listening to iTunes. 2ND Role is a forensics tool because it helps the examiner to do image investigation.
Disabling Hibernation: the purpose behind enabling hibernation is to save the power consumption and technically this feature enables us to take a snapshot of the latest activity on the system, including the Memory and save it to a local file called hiberfil.sys, so when we switch our computer back from the hibernation state to the normal one we wouldn’t lose our work, but in disk forensics the hiberfil.sys files could be used to get the pass phrase which could be found in memory.
Windows registry: It keeps all the configuration and settings of windows operation systems and thorough it many keys could be disabled to switch any activity hunting impossible like USB flash drive access, last logged on users, page file at shutdown,… etc..