Seeing the invisible: forensic uses of anomaly detection and machine learning


Anti-forensics is the practice of circumventing classical forensics analysis procedures making them either unreliable or impossible. In this paper we propose the use of machine learning algorithms and anomaly detection to cope with a wide class of definitive anti-forensics techniques. We test the proposed system on a dataset we created through the implementation of an innovative technique of anti-forensics, and we show that our approach yields promising results in terms of detection.

Operating Systems Review of the ACM Special Interest Group on Operating Systems (SIGOPS)