Countering Forensics Software by Baiting Them
Weihan Goh, Joseph Lim, Isaac Soon
DEF CON 33 (backfill) · Day 1 · Main Stage
This talk, presented by Professor Weihan Goh and his students Joseph Lim and Isaac Soon from Singapore, delves into a novel approach to anti-forensics in the mobile domain. Titled "Countering Forensics Software by Baiting Them," the presentation unveils a sophisticated methodology designed to silently manipulate or destroy data on an Android device *while* it is being extracted by mainstream forensic tools. The core innovation lies in deploying "honey tokens" as tripwires, which, when accessed by forensic software, trigger pre-configured anti-forensic payloads like data encryption or a factory reset.
AI review
Clever, well-executed research that weaponizes inotify and honey tokens to silently corrupt forensic acquisitions mid-flight — a genuinely novel angle on anti-forensics that directly challenges assumptions baked into every major commercial tool's workflow. Three live demos against Cellebrite, Belkasoft, and AXIOM land the point cleanly. Academic origin doesn't hurt it; the work stands on its own.