Hey Christopher,
Some research into that area has already been done. You can find some
excellent information with some "signatures" of what commercial
anti-forensic tools do to the filesystem. They are from the 2005 Digital
Forensic Research Workshop (DFRWS) presented by Matthew Geiger.
http://www.dfrws.org/2005/proceedings/geiger_couterforensics.pdf
http://www.dfrws.org/2005/proceedings/geiger_counterforensics_slides.pdf
-jhs
--
-------------------------------
John H. Sawyer - GCFA GCIH GCFW
UF IT Security Engineer
-------------------------------
Christopher Blume wrote:
This brings up an interesting point. If enough disk wiping programs
have some sort of unique, or at least semi-rare signature, it might be
handy to maintain a database of those applications, and their specific
techniques -- simply for cross-referencing.
-Christopher Blume
Simson Garfinkel wrote:
For many companies, I can imagine that they would like to have a
positive validation that a disk was wiped, rather than that it just
happened to be blank.
