Secure deletion and the effectiveness of evidence elimination software

Document Type

Conference Proceeding


School of Computer and Information Science, Edith Cowan University


Faculty of Computing, Health and Science


School of Computer and Information Science




Innes, S. (2005). Secure Deletion and the Effectiveness of Evidence Elimination Software. In Australian Computer, Network & Information Forensics Conference (pp. 24-44). Available here


This paper will discuss and analyse the different methods of wiping media to make them forensically clean. This will include naming the tools, running them on a device and seeing what the device logically looks like after it has completed. It will then follow on to analyse the effectiveness of software that is designed to eliminate evidence (such as web browser history) from a computer. This analysis will take place on a small FAT32 partition running Windows 98. The test environment will be limited to using only internet explorer. The procedure will consist of installing a 'vanilla' test system, taking a bitwise copy and recording the md5. Websites will be browsed and recorded and then the system will be imaged again. After this the software will be installed and run and the 2 images will be compared. The main things that will be checked will be the temporary internet files and the registry. This will be carried out with at least 2 separate pieces of software.