Document Type
Article
Publication/Presentation Date
2012
Abstract/Description
"One area of particular concern for computer forensics examiners involves situations in which someone utilized software applications to destroy evidence. There are products available in the marketplace that are relatively inexpensive and advertised as being able to destroy targeted portions of data stored within a computer system. This study was undertaken to analyze a subset of these tools in order to identify trace evidence, if any, left behind on disk media after executing these applications. We evaluated five Windows 7 compatible software products whose advertised features include the ability for users to wipe targeted files, folders, or evidence of selected activities. We conducted a series of experiments that involved executing each application on systems with identical data, and we then analyzed the results and compared the before and after images for each application. We identified information for each application that is beneficial to forensics examiners when faced with similar situations. This paper describes our application selection process, our application evaluation methodology, and our findings, including the variability of the effects of these tools. Following this, we describe limitations of this study and suggest areas of additional research that will benefit the study of digital forensics."--from article
Publication Title
Journal of Digital Forensics, Security and Law
Publisher
Association of Digital Forensics, Security and Law
City
Maidens
Scholarly Commons Citation
Carlton, G. H., & Kessler, G. C. (2012). Identifying Trace Evidence from Target-Specific Data Wiping Application Software. Journal of Digital Forensics, Security and Law, 7(2). Retrieved from https://commons.erau.edu/db-security-studies/24
Additional Information
See the publisher's website for more content on this subject.