Well I’ve been developing this for a while now and still haven’t finished, mainly because I’ve got little time to spare for coding. Previously I wrote about using somekind of ping to see if your computer is still connected to the net. The solution is fun but it will not prevent forensic analysis of your computer. I have expanded upon that previous post and started to write a toolkit which could be used if we assume the following:
You want to prevent live-forensic analyses of your computer at all costs. You don’t care about normal forensic analysis because your harddisk is encrypted and you have used a real long password and a keyfile.
So with that in mind I started to construct something which frustrates live forensics and at the same time is easy to expand. If you are concerned about normal forensic analysis you can always turn to some of the current anti-forensics projects like the one at metasploit.