CommsBlack Mobile

← Back to CommsBlack Training

Module 12 — Anti-Forensics Awareness

🔍 1. What Investigators Look At

  • Device images: full copies of storage for later analysis.
  • System and app logs, cached data and databases.
  • Backups and synced copies held by cloud providers.

❌ 2. Common Misconceptions

  • “Incognito mode” removes traces everywhere – it does not.
  • Deleting an app guarantees its data is gone – it may not.
  • Tools marketed as “erasers” often focus on peace of mind, not proven guarantees.

🛠️ 3. Practical Anti-Forensics (Within the Rules)

  • Use separate devices/profiles for truly high-risk roles.
  • Limit the number of apps and services involved in sensitive operations.
  • Treat duress features as last-resort tools and understand the legal context before relying on them.

⚖️ 4. Limits & Ethics

No anti-forensics practice is perfect, especially against capable and well-resourced adversaries. The goal is risk reduction, not guaranteed invisibility, and your approach should always stay within the law in your jurisdiction.