Digital tool marks (DTMs): a forensic analysis of file wiping software

Artigo Acesso aberto Revisado por pares

Digital tool marks (DTMs): a forensic analysis of file wiping software

2019; Taylor & Francis; Volume: 53; Issue: 1 Linguagem: Inglês

10.1080/00450618.2019.1640793

ISSN

1834-562X

Autores

Graeme Horsman,

Tópico(s)

Security and Verification in Computing

Resumo

Whilst difficult to ascertain the full extent to which so called anti-forensic software applications are in use by the public, their threat to an investigation of digital content is tangible, where of particular interest is the use of file wiping tools, which remains the focus of this work. This work presents the examination of eight freely available wiping tools in order to identify the existence of ‘digital tool marks’ (DMTs) left on a system following their use. Further attempts are made to ascertain whether such DTMs can be attributable to a particular wiping tool. Analysis is focused on the impact each tool has on system at a file system level, where in this work both FAT32 and NTFS are the subject of investigation. DMTs relating to each wiping tool are provided and recoverable file system metadata post-wipe is described.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Digital tool marks (DTMs): a forensic analysis of file wiping software