Secure deletion and the effectiveness of evidence elimination software
School of Computer and Information Science, Edith Cowan University
Faculty of Computing, Health and Science
School of Computer and Information Science
This paper will discuss and analyse the different methods of wiping media to make them forensically clean. This will include naming the tools, running them on a device and seeing what the device logically looks like after it has completed. It will then follow on to analyse the effectiveness of software that is designed to eliminate evidence (such as web browser history) from a computer. This analysis will take place on a small FAT32 partition running Windows 98. The test environment will be limited to using only internet explorer. The procedure will consist of installing a 'vanilla' test system, taking a bitwise copy and recording the md5. Websites will be browsed and recorded and then the system will be imaged again. After this the software will be installed and run and the 2 images will be compared. The main things that will be checked will be the temporary internet files and the registry. This will be carried out with at least 2 separate pieces of software.