Forensic analysis is one of the least developed areas of computer security. Investigations are often handled by individuals withlittle more than a software certifications and very few investigators have detailed knowledge of the inner workings of the software and systems they analyze. A checklist of search terms and a copy of EnCase is often sufficient for cases involving less knowledgeable defendants, but what happens when a skilled attacker plans for the eventuality of forensic analysis? This talk will discuss the process and failings of forensic analysis as it is commonly performed today. We will present the details of techniques which can be used to undermine modern forensic analysis. These techniques will be outlined through detailed samples implemented in a Linux rootkit along with improvements that could be made to the forensic process.