As much as we would like the tasks involved in digital forensics to be as easy as possible, we do encounter situations which make investigations, and life as a forensics investigator, not-so-simple and sometimes stressful. People wishing to hide information, cover their tracks, and even those who have malicious intent or actually participate in cyber crimes often employ various methods to try to foil the attempts of forensic investigators with the hope of hampering or halting investigations.
Within somewhat recent times we've seen several major digital breaches online, especially from 2011 onward. Many of these attacks allegedly came from, or were claimed to be the work of, infamous hacker groups such as LulzSec, Anonymous, Lizard Squad, and many others, including individuals and Hacktivists (people that hack for a specific cause or reason and are less concerned about doing time in prison). Some of these hacks and attacks not only brought down several major networks and agencies, but also cost millions in damage, directly and indirectly; as a result, the loss of public confidence in the companies contributed to further increases in damages.
These daring, creative, and public attacks saw the emergence of many other new groups that learned from the mistakes of past breaches of Anonymous and others. Both social media and underground communication channels soon became the easiest forms of communication between like-minded hackers and hacktivists. With the internet and World Wide Web becoming easily accessible, this also saw the competition not only between IPs, but also private companies and corporations, which lead to the creation of free wireless hotspots on almost every street with businesses, small or large.
The result of having internet access at just about every coffee shop enabled anyone with a smartphone, tablet, laptop, or other devices to acquire almost unauthenticated access to the internet. This gave them access to hacker sites and portals, along with the ability to download tools, upload malware, send infected emails, or even carry out attacks.
Adding to this scenario is the availability of more user-friendly tools to aid in the masking of Publicly Identifiable Information (PII), or any information that would aid in the discovery of unveiling suspects involved in cyber-crimes during forensic investigations. Tools used for encryption of data and anonymity, such as masking of IP addresses, are readily and easily available to anyone, most of which were and are increasingly more and more user-friendly.
It should also be noted that many Wi-Fi hotspots themselves can be quite dangerous, as these can be easily set up to intercept personal data, such as login and password information together with PII (such as social security numbers, date of birth info, and phone numbers) from any user that may connect to the Wi-Fi and enter such information.
The process of encryption provides confidentiality between communication parties and uses technology in very much the same way we use locks and keys to safeguard our personal and private belongings. For a lock to open, there must be a specific matching key. So too, in the digital world, data is encrypted or locked using an encryption algorithm and must use either the same key to decrypt or unlock the data. There also exists another scenario where one key may be used to encrypt or lock the data and another used to decrypt the data. Two such very popular encryption tools are TrueCrypt and VeraCrypt.
These two encryption tools use very high encryption methods that keep data very confidential. The main barrier to forensics may be acquiring the decryption key to decrypt or unlock access to the data.
Encryption, in particular, can make investigations rather difficult, but there is also the concept of anonymity which adds to the complexity of maintaining an accuracy of the true sources found in investigations. Like encryption, there exist several free and open source tools for all operating system platforms, such as Windows, Mac, Linux, and Android, which attempt and most often successfully mask the hiding of someone's digital footprint. This digital footprint usually identifies a device by its IP address and MAC (Media Access Control) address. Without going into the network aspect of things, these two digital addresses can be compared to a person's full name and home address, respectively.
Even though a person's IP address can change according to their private network (home and work) and public network (internet) access, the MAC address remains the same. However, various tools are also freely available to spoof or fake one's IP and MAC addresses for the purpose of privacy and anonymity. Adding to that, users can use a system of routing their data through online servers and devices to make the tracing of the source of the sent data quite difficult. This system is referred to as proxy chaining and does keep some of the user's identity hidden.
A good example of this would be the Tor browser; it uses onion routing and several proxies worldwide to route or passes the data along from proxy to proxy, making the tracing of the source very difficult, but not impossible. You can think of proxy chains as a relay race, but instead of having four people, one passing the baton to the next, the data is passed between hundreds of proxy devices, worldwide.