Security Basics mailing list archives

Re: Hard Drive Forensics Question

From: "Razi Shaban" <razishaban () gmail com>
Date: Fri, 3 Oct 2008 20:17:27 +0400

The only thing they could prove would be that he did copy the files, if he
did, never deleted the files, and the area of the drive the files were
written to had also never been written over in the six months since then.


Perhaps it would be a good idea to copy+paste+delete a few very large
random files on there (99.5% occupying the drive) a few times, just in
case. If he feels the random data files would appear suspicious, copy
the largest files on the drive a few times. This will help to make it
more difficult — if anything, quite difficult — to recover any data
that may have been on the hard drive.

You might also want to run a free data recovery program such as Recuva
(http://recuva.com) to see if it can find anything potentially
incriminating.


Hope it helps,
Razi Shaban

Current thread:

Hard Drive Forensics Question Matt Perry (Oct 02)
- Re: Hard Drive Forensics Question Jon Gucinski (Oct 03)
  - Re: Hard Drive Forensics Question Razi Shaban (Oct 03)
    - Re: Hard Drive Forensics Question Mike Hale (Oct 03)
    - RE: Hard Drive Forensics Question Mike Staples (Oct 06)
  - Re: Hard Drive Forensics Question B 650 (Oct 03)
- Re: Hard Drive Forensics Question Larry Offley (Oct 03)
  - Re: Hard Drive Forensics Question Razi Shaban (Oct 03)
    - Re: Hard Drive Forensics Question J. Oquendo (Oct 03)
    - RE: Hard Drive Forensics Question Murda Mcloud (Oct 06)
    - Re: Hard Drive Forensics Question Razi Shaban (Oct 06)
    - RE: Hard Drive Forensics Question Murda Mcloud (Oct 06)
    - Re: Hard Drive Forensics Question Razi Shaban (Oct 06)
    - RE: Hard Drive Forensics Question Murda Mcloud (Oct 06)
    - Re: Hard Drive Forensics Question Razi Shaban (Oct 06)
    - RE: Hard Drive Forensics Question Murda Mcloud (Oct 07)
    - Re: Hard Drive Forensics Question Matt (Oct 08)
    - Re: Hard Drive Forensics Question Ansgar Wiechers (Oct 08)

(Thread continues...)