Using Metasploit for anti-forensics
Over the past decade or so, there have been substantial improvements and advancements in digital forensic technologies. The forensic tools and techniques are well developed and matured to search, analyze, and preserve any digital evidence in case of a breach, fraud, or an incident.
We have seen, throughout this book, how Metasploit can be used to compromise a remote system. Meterpreter works using an in-memory dll injection and ensures that nothing is written onto the disk unless explicitly required. However, during a compromise, we often need to perform certain actions that modify, add, or delete files on the remote filesystem. This implies that our actions will be traced back if any sort of forensic investigation is undertaken on the compromised system.
Making a successful compromise of our target system is one essential part, while making sure that our compromise remains unnoticed and undetected, even from a forensic perspective, is the...
