Forensics: Digital

You should not store self-incriminating information on digital devices except for very deliberate reasons, such as writing and sending an action claim, and always through Tails.

To retrieve electronic data from a computer that has been turned off, the computer must contain traces of what it was used for. To prevent this, you can use Tails^[1], an “amnesic” operating system designed to leave no trace on the computer it runs on. Tails is a forensic examiner's worst nightmare.

When investigating cyber actions, forensic methods are used to analyze the targets of the hack to determine where the attack came from (attribution) — this may include determining what tools were used and any other “signatures”. The use of popular rather than custom tools can help prevent attribution. If attribution is possible, discrete hacks can be linked together. Implementing operational security during the hack will get in the way of deanonymization — any Virtual Private Servers (VPSs) used should be purchased anonymously and accessed only through Tails^[1].

Electronic data retrieved from a digital device is useless if it is encrypted and cannot be decrypted by the forensic examiner. To achieve this, you can encrypt your devices with Full Disk Encryption and a strong password. This type of encryption is only active when the device is completely powered down (not locked or hibernating), so all your encrypted devices should be turned off when not in use.

Metadata can be retrieved by digital forensics like any other data. To prevent this, metadata should be deleted before a file is published online or sent to others.