Identifying Trace Evidence from Target-Specific Data Wiping Application Software

Gregory H. Carlton, Gary C. Kessler

Research output: Contribution to journalArticlepeer-review

Abstract

"One area of particular concern for computer forensics examiners involves situations in which someone utilized software applications to destroy evidence. There are products available in the marketplace that are relatively inexpensive and advertised as being able to destroy targeted portions of data stored within a computer system. This study was undertaken to analyze a subset of these tools in order to identify trace evidence, if any, left behind on disk media after executing these applications. We evaluated five Windows 7 compatible software products whose advertised features include the ability for users to wipe targeted files, folders, or evidence of selected activities. We conducted a series of experiments that involved executing each application on systems with identical data, and we then analyzed the results and compared the before and after images for each application. We identified information for each application that is beneficial to forensics examiners when faced with similar situations. This paper describes our application selection process, our application evaluation methodology, and our findings, including the variability of the effects of these tools. Following this, we describe limitations of this study and suggest areas of additional research that will benefit the study of digital forensics."--from article
Original languageAmerican English
JournalJournal of Digital Forensics, Security and Law
Volume7
StatePublished - Jan 2012

Keywords

  • Computer forensics
  • forensic software
  • digital forensics

Disciplines

  • Information Security

Cite this