I'm writing a anti-forensics tool in python, that would be uploaded/executed on a target machine to keep the attackers identity safe. I'm reading up on anti-forensics and doing all my research but I would like to have some suggestions on some techniques or data I should be looking out for. This can apply to any OS since I'm writing the script to identify the OS and go from there. Right now I'm thinking of ways to systematically delete directories and files for when the attacker want's to wipe most data on the target's system so that It will delete(or encrypt) everything without deleting(or encrypting) the files it actually need to do so. Then in the end delete a file that corrupts the system - if the attacker wants that to happen. The encryption would be done with AES CBC mode with a 256bit key.
Now in order to completely wipe the drive I would probably have to create a partition then boot off of something that could run the code on the other partition without any interruption, because it doesn't depend on the other to function. That would probably have to be written in and require deep-knowledge in C which I'm still learning and I doubt I could do something like that , but would make the tool much better so I might try to learn to do so.
If you didn't catch the question in that mess , here it is:
Do you guys have any suggestions on some techniques or data I should look out for to keep the attackers identity safe.