•  
  •  
 

Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)

Abstract

One area of particular concern for computer forensics examiners involves situations in which someone utilized software applications to destroy evidence. There are products available in the marketplace that are relatively inexpensive and advertised as being able to destroy targeted portions of data stored within a computer system. This study was undertaken to analyze a subset of these tools in order to identify trace evidence, if any, left behind on disk media after executing these applications. We evaluated five Windows 7 compatible software products whose advertised features include the ability for users to wipe targeted files, folders, or evidence of selected activities. We conducted a series of experiments that involved executing each application on systems with identical data, and we then analyzed the results and compared the before and after images for each application. We identified information for each application that is beneficial to forensics examiners when faced with similar situations. This paper describes our application selection process, our application evaluation methodology, and our findings, including the variability of the effects of these tools. Following this, we describe limitations of this study and suggest areas of additional research that will benefit the study of digital forensics.

References

Acronis Inc. (2011). Hard disk drive wipe software providing complete disk cleanup. Retrieved April 2, 2011 from http://www.acronis.com/enterprise/products/drivecleanser/

Active Data Security Solutions. (2011). Retrieved April 14, 2011 from Active@ ERASER: http://www.active-eraser.com/features.htm

Alghafli, K. A., Jones, A., & Martin, T. A. (2010). Forensic Analysis of the Windows 7 Registry. Journal of Digital Forensics, Security and Law, 5 (4), 5- 30.

Bodrag, S.R.L. (2011). Wipe Expert 2. Retrieved April 2, 2011, from http://www.bodrag.com/prod/wipe_expert/

EvidenceSmart.com. (2011). Evidence Smart - Your reliable Privacy Protector. Retrieved April 2, 2011, from http://www.evidencesmart.com/

Geeknet, Inc. (2009). SourceForge.net: regshot - Project Web Hosting - Open Source Software. Retrieved July 12, 2011, from http://regshot.sourceforge.net/

GEEP EDS LLC. (2011). Darik's Boot and Nuke. Retrieved April 2, 2011, from http://www.dban.org/about

Geiger, M. (2006). Computer-Forensic Tools: Analysis and Data Recovery. FIRST.org. 18. Baltimore: FIRST.org, Inc.

Heidi Computers, Ltd. (2010). Software Products. Retrieved July 7, 2011, from http://www.heidi.ie/

Hughes, G. F., Coughlin, T., & Commins, D. M. (2009). Disposal of Disk and Tape Data by Secure Sanitization. Security and Privacy, 7 (4), 29-34.

IDM Computer Solutions, Inc. (2011). UltraSentry - secure file delete, Internet history removal, cookie delete, registry cleaner. Retrieved April 2, 2011, from http://www.ultraedit.com/products/ultrasentry.html

IOLO Technologies, LLC. (2011). iolo DriveScrubber. Retrieved April 2, 2011 from, http://www.iolo.com/ds/3/

Jetco Inc. (2011). Retrieved April 14, 2011, from http://www.jetico.com/wiping-bcwipe/ Jones, A., & Meyler, C. (2004). What evidence is left after disk cleaners. Digital Investigation, 183-188. KremlinEncrypt.com. (2008). Kremlin Wipe. Retrieved April 5, 2011, from http://www.kremlinencrypt.com/wipe.htm

Low, J. (2010). Eraser. Retrieved April 14, 2011, from http://eraser.heidi.ie

O & O Software, GmbH. (2011). O & O SafeErase 5 Secure Hard Drive Data Erase Software. Retrieved April 2, 2011, from http://www.oosoftware.com/home/en/products/oosafeerase/

Paragon Technologies GmbH. (2011). Paragon Disk Wiper Personal. Retrieved April 2, 2011, from http://www.paragon-software.com/home/dwpersonal/

Robin Hood Software Ltd. (2011). Product - Evidence Eliminator. Retrieved April 14, 2011, from http://www.evidence-eliminator.com/

R-Tools Technology, I. (2011). Disk Cleaning and Internet Privacy. Retrieved April 5, 2011, from http://www.r-wipe.com/

Webroot Software, Inc. (2011). Window Washer, Computer & Internet Privacy Software. Retrieved April 14, 2011, from http://www.webroot.com/En_US/consumer-products-windowwasher.html

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.