Forensia – Anti Forensics Tool For Red Teamers, Used For Erasing Some Footprints In The Post Exploitation Phase.
Anti-forensics tool is a software or hardware that aims to prevent digital forensics investigation and analysis. The use of anti-forensics tools has become prevalent due to the increase in digital crime activities. These tools are often used by attackers to cover their tracks and evade detection by law enforcement agencies.
The primary purpose of an anti-forensic tool is to hide data from investigators, modify metadata, and create false leads. For instance, malware can be designed with anti-forensic capabilities that delete logs or encrypt files making it impossible for forensic analysts to uncover its origin or intent. Similarly, encryption tools like VeraCrypt have hidden volumes that can fool investigators into thinking they have found all the data on a device when in reality there is still some data that has not been decrypted yet.
Reduces Payload Burnout And Increases Detection Countdown. Can Be Used To Test The capabilities of Your Incident Response / Forensics Teams.
Capabilities
- Unloading Sysmon Driver.
- Gutmann Method File Shredding.
- USNJrnl Disabler.
- Prefetch Disabler.
- Log Eraser and Event log Disabler.
- User Assist Update Time Disabler.
- Access Time Disabler.
- Clear Recent Items
- Clear Shim Cache
- Clear RecentFileCache
- Clear ShellBag
- Delete Windows Defender Quarantine Files
- File Melting Capabilities.
Important Update of Forensia
Added:
- Clear Recent Items
- Clear Shim Cache
- Clear RecentFileCache
- Clear ShellBag
- Clear Quanatine Files
TODO
USNJRnl Execution On All Disk Drives.
Unallocated Space ReWriting.
A Bit of Polishing.
Credits
https://github.com/Naranbataar/Corrupt
https://github.com/LloydLabs/delete-self-poc
https://github.com/OsandaMalith/WindowsInternals/blob/master/Unload_Minifilter.c
https://stackoverflow.com/users/15168/jonathan-leffler
https://github.com/GiovanniDicanio/WinReg
For more Hacking Tools click HERE
