Secure deletion and the effectiveness of evidence elimination software

Authors

Simon Innes, Edith Cowan University

Document Type

Conference Proceeding

Publisher

School of Computer and Information Science, Edith Cowan University

Faculty

Faculty of Computing, Health and Science

School

School of Computer and Information Science

RAS ID

3238

Comments

Innes, S. (2005). Secure Deletion and the Effectiveness of Evidence Elimination Software. In Australian Computer, Network & Information Forensics Conference (pp. 24-44). Available here

Abstract

This paper will discuss and analyse the different methods of wiping media to make them forensically clean. This will include naming the tools, running them on a device and seeing what the device logically looks like after it has completed. It will then follow on to analyse the effectiveness of software that is designed to eliminate evidence (such as web browser history) from a computer. This analysis will take place on a small FAT32 partition running Windows 98. The test environment will be limited to using only internet explorer. The procedure will consist of installing a 'vanilla' test system, taking a bitwise copy and recording the md5. Websites will be browsed and recorded and then the system will be imaged again. After this the software will be installed and run and the 2 images will be compared. The main things that will be checked will be the temporary internet files and the registry. This will be carried out with at least 2 separate pieces of software.