Security Basics mailing list archives
Re: Hard Drive Forensics Question
From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Tue, 7 Oct 2008 20:33:41 +0200
On 2008-10-07 anonymous pimp wrote:
On Tue, Oct 7, 2008 at 12:42 AM, Ansgar Wiechers wrote:On 2008-10-06 Razi Shaban wrote:Which is more likely to appear on a normal hard drive that has not been tampered with or set up: Entire blocks of 0s, or random malformed data?How does knowing that the disk has been wiped help with recovering the overwritten data?It's more suspicious, more likely to have the company spread bad word of the guy. Wiping a disk clean pretty much implies guiltiness.
Wiping a disk implies that the disk was wiped. Period. Whatever reason someone may or may not have had for wiping it is entirely his business. If you want to convict someone, you're obliged to prove his guilt, not he to prove his innocence. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Re: Hard Drive Forensics Question, (continued)
- Re: Hard Drive Forensics Question Ansgar Wiechers (Oct 08)
- Re: Hard Drive Forensics Question J. Oquendo (Oct 08)
- Re: Hard Drive Forensics Question Ansgar Wiechers (Oct 08)
- Re: Hard Drive Forensics Question J. Oquendo (Oct 09)
- Re: Hard Drive Forensics Question Ansgar Wiechers (Oct 09)
- Re: Hard Drive Forensics Question Chris Barber (Oct 10)
- Message not available
- Re: Hard Drive Forensics Question Ansgar Wiechers (Oct 08)
- Message not available
- RE: Hard Drive Forensics Question Murda Mcloud (Oct 09)
- Re: Hard Drive Forensics Question Ansgar Wiechers (Oct 07)
- Re: Hard Drive Forensics Question anonymous pimp (Oct 07)
- Re: Hard Drive Forensics Question Ansgar Wiechers (Oct 07)
- Re: Hard Drive Forensics Question Ansgar Wiechers (Oct 06)
- Re: Hard Drive Forensics Question Morgan Reed (Oct 07)
- RE: Hard Drive Forensics Question Murda Mcloud (Oct 06)