dfm covers
 
 

Anti-Forensics Tools in the Public Domain

Written by Frazer Lewis

Recovering deleted data goes hand in hand with forensic computing. It is difficult to imagine an investigative scenario whereby the information recovered in deleted data does not play a key role when drawing final conclusions.


Historically, anti-forensic or secure delete tools were somewhat “underground” executables. These applications were shared between the paranoid computer enthusiasts or those who “had something to hide”. Today, there exists a wide variety of secure delete tools that no longer carry such a dubious stigma. How and why did such tools get so popular?


Only a few years ago the average user believed that the process of securely deleting a file consisted of merely “emptying the bin” – and why wouldn’t they? There was no button for the user to get the file back. Many (if not, still most) people believe the same today, though a growing number are becoming more aware that deleted files are not exactly what they seem. Day-to-day computer operators are gradually gaining more education as to the implications of “non-secure” delete operations, though it is unlikely that this knowledge has emerged via a direct public interest in forensics. User awareness of secure deletion began not because people were looking for a way to hide data from prying eyes; rather, that people were looking for a way to recover the holiday snaps they accidentally deleted, or the important email sent from their boss. With this growing demand for data recovery, applications began to emerge providing the functionality which the mass market was looking for. Some companies were quick to cash in on the success, though in today’s world the average user has a wide choice of free offerings.


Due to experiences with other file system applications such as disk continuity checkers or de-fragmentation programs, many believed that an application advertising “deleted data recovery” would prove to be a long and arduous process. Individuals were no doubt surprised when within in a few clicks of a pretty GUI, they had successfully recovered their holiday snaps or important email from work. The uptake of data recovery tools continued to spread… see issue 5 for the rest of this article - subscribe now!


The full article appears in Issue 5 of Digital Forensics Magazine, published 1st Nov 2010. You must log in with a valid subscription to read on...


 
Please make cache directory writable.
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Learning iOS Forensics

A practical hands-on guide to acquire and analyse iOS devices with the latest forensic techniques and tools.

Meet the Authors

Scott C. Zimmerman

Scott C. Zimmerman is a CISSP qualified Information Security consultant and presenter

 

Coming up in the Next issue of Digital Forensics Magazine

Coming up in Issue 38 on sale from February 2019:


Crowd Sourcing Digital Evidence The Risk v The Reward

All digital devices used today can be considered as a potential source for digital evidence. Andrew Ryan investigates the current state in the art of crowd sourced digital evidence. Read More »

Recovery of Forensic Artifacts from Deleted Jump-List in Windows 10

Jump-Lists are widely discussed in forensics community since the release of Windows 7 and are having more capabilities to reveal forensics artifacts in Windows 10. Read More »

Subscribe today


Operacion Bitcoin

The article is an actual case study of an Interpol investigation carried out in association with CertUY that has been ongoing for some months. It is written by the first hacker sent to prison in Uruguay who is currently out on bail pending sentencing. Read More »

Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the next issue