dfm covers
 
 

Anti-Forensics Tools in the Public Domain

Written by Frazer Lewis

Recovering deleted data goes hand in hand with forensic computing. It is difficult to imagine an investigative scenario whereby the information recovered in deleted data does not play a key role when drawing final conclusions.


Historically, anti-forensic or secure delete tools were somewhat “underground” executables. These applications were shared between the paranoid computer enthusiasts or those who “had something to hide”. Today, there exists a wide variety of secure delete tools that no longer carry such a dubious stigma. How and why did such tools get so popular?


Only a few years ago the average user believed that the process of securely deleting a file consisted of merely “emptying the bin” – and why wouldn’t they? There was no button for the user to get the file back. Many (if not, still most) people believe the same today, though a growing number are becoming more aware that deleted files are not exactly what they seem. Day-to-day computer operators are gradually gaining more education as to the implications of “non-secure” delete operations, though it is unlikely that this knowledge has emerged via a direct public interest in forensics. User awareness of secure deletion began not because people were looking for a way to hide data from prying eyes; rather, that people were looking for a way to recover the holiday snaps they accidentally deleted, or the important email sent from their boss. With this growing demand for data recovery, applications began to emerge providing the functionality which the mass market was looking for. Some companies were quick to cash in on the success, though in today’s world the average user has a wide choice of free offerings.


Due to experiences with other file system applications such as disk continuity checkers or de-fragmentation programs, many believed that an application advertising “deleted data recovery” would prove to be a long and arduous process. Individuals were no doubt surprised when within in a few clicks of a pretty GUI, they had successfully recovered their holiday snaps or important email from work. The uptake of data recovery tools continued to spread… see issue 5 for the rest of this article - subscribe now!


The full article appears in Issue 5 of Digital Forensics Magazine, published 1st Nov 2010. You must log in with a valid subscription to read on...


 
Please make cache directory writable.
 

Submit an Article

Call for Articles

We are keen to publish new articles from all aspects of digital forensics. Click to contact us with your completed article or article ideas.

Featured Book

Learning iOS Forensics

A practical hands-on guide to acquire and analyse iOS devices with the latest forensic techniques and tools.

Meet the Authors

Andrew Harbison

Andrew Harbison is a Director and IT Forensics Lead at Grant Thornton

 

Coming up in the Next issue of Digital Forensics Magazine

Graph Database Technology

Attackers examine how your assets are connected, looking for a vulnerable part of the network, and navigating via methods such as “spear phishing.” What they’re really doing is abstracting out the graph of your networked systems, which is the set of security dependencies. Read More »


Fraudulent Use of Digital Images and Detection Survey

This article looks at the basic concepts related to image forgery; the types, detection procedure algorithms and all possible techniques to detect malicious signatures ibased on forgery types and detection techniques. Read More »

Subscribe today


Discovery in the Cloud: An Investigator’s Close Look at Unexpected Risks and Challenges

Documents residing in cloud storage accounts are increasingly coming into scope in digital forensic investigations such as IP theft, regulatory, corruption, merger clearance and civil matters.  Read More »


Every Issue
Plus the usual Competition, Book Reviews, 360, IRQ, Legal

Click here to read more about the future issues