Anti-forensics techniques destroy or hide evidence of malicious activity — log deletion, timestomping (altering file timestamps), overwriting disk sectors, steganography.
Centralized logging (SIEM) defeats local log deletion. Immutable logs (write-once storage) are critical. Detecting anti-forensics activity is itself an indicator of compromise.