Abstract
Secure deletion programs purport to permanently erase files from digital media. These programs are used by businesses and individuals to remove sensitive information from media, and by criminals to remove evidence of the tools or fruits of illegal activities. This paper focuses on the trace evidence left by secure deletion programs. In particular, five Windows-based secure deletion programs are tested to determine if they leave identifiable signatures after deleting a file. The results show that the majority of the programs leave identifiable signatures. Moreover, some of the programs do not completely erase file metadata, which enables forensic investigators to extract the name, size, creation date and deletion date of the “deleted” files.
Chapter PDF
Similar content being viewed by others
References
Defense Security Service, National Industrial Security Program Operating Manual (NISPOM), DoD 5220.22-M, U.S. Department of Defense (www.dss.mil/isec/nispom_0195.pdf), 1995.
M. Geiger and L. Cranor, Counter-Forensic Privacy Tools: A Forensic Evaluation, Technical Report CMU-ISRI-05-119, Institute for Software Research International, School of Computer Science, Carnegie Mellon University, Pittsburgh, Pennsylvania (reports-archive.adm.cs.cmu.edu/anon/isri2005/CMU-ISRI-05-119.pdf), 2005.
P. Guttman, Secure deletion of data from magnetic and solid-state memory, Proceedings of the Sixth USENIX Security Symposium (www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html), 1996.
[4] Microsoft Corporation, FAT32 File System Specification (www.microsoft.com/whdc/system/platform/firmware/fatgen.mspx), 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 IFIP Internatonal Federation for Information Processing
About this paper
Cite this paper
Burke, P., Craiger, P. (2006). Assessing Trace Evidence Left by Secure Deletion Programs. In: Olivier, M.S., Shenoi, S. (eds) Advances in Digital Forensics II. DigitalForensics 2006. IFIP Advances in Information and Communication, vol 222. Springer, Boston, MA. https://doi.org/10.1007/0-387-36891-4_15
Download citation
DOI: https://doi.org/10.1007/0-387-36891-4_15
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-36890-0
Online ISBN: 978-0-387-36891-7
eBook Packages: Computer ScienceComputer Science (R0)