An Approach for Validation of Digital Anti-Forensic Evidence

e-crime is increasing and e-criminals are becoming better at masking their activities. The task of forensic data analysis is becoming more difficult and a systematic approach towards evidence validation is necessary. With no standard validation framework, the skills and interpretation of forensic examiners are unchecked. Standard practices in forensics have emerged in recent years, but none has addressed the development of a model of valid digital evidence. Various security and forensic models exist, but they do not address the validity of the digital evidence collected. Research has addressed the issues of validation and verification of forensic software tools but failed to address the validation of forensic evidence. The forensic evidence collected using forensic software tools can be questioned using an anti-forensic approach. The research presented in this paper is not intended to question the skills of forensic examiners in using forensic software tools but rather to guide forensic examiners to look at evidence in an anti-forensic way. This paper proposes a formal procedure to validate evidence of computer crime.