PaulDotCom mailing list archives
Anti-forensic tools
From: marv at madmarvonline.com (Mad Marv)
Date: Wed, 01 Jul 2009 10:31:02 -1000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 re: #2. I've been using Eraser (http://www.heidi.ie/node/6) for wiping external hard drives via USB. It will also selectively overwrite files / folders / free disk space. I used to schedule Eraser to wipe unused disk space but that is just a hassle. Truecrypt full disk encryption is much more convenient. Marv Adrian Crenshaw wrote:
Hi all,
I'm planing another class for the local ISSA (and hope to get some
Infragard and OWASP folks there). The topic this time is Anti-forensics.
I plan to cover a few categories of tools:
0. Show simple tools to see what's been going on
Places files are stored
effect of hibernate and page file
defrag issues (I assume this can leave remnants behind in slack space of
files that defrag moved, so if ta defrag happened just before you wipe a
file you may not really get all of the data)
Filecarving with Photorec http://www.cgsecurity.org/wiki/PhotoRec
1. Selective track covering tools
CCleaner http://www.ccleaner.com/
CleanAfterMe http://nirsoft.net/utils/clean_after_me.html
2. Delete f***ing everything!!!/Nuke it from orbit, it's the only way to
be sure
Secure Erase http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml (Scott
Moulton told me this uses built in ATA commands to wipe even bad sectors)
DBAN http://www.dban.org/
3. Encryption
Truecrypt
4. System configs/don't leave traks in the first place
Wipe swap file on shutdown
Browsers and incognito mode
Portable apps/VMs from encrypted volumes (does anyone know how much of
the Host OS's swap is used by VMWare and the like?)
Any more ideas? Any better "Selective track covering tools" then the
ones I mentioned in section 1?
Thanks,
Adrian
------------------------------------------------------------------------
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKS8eGkOgHKNOb0dERAg8WAKCO1dGyzRfOWD4GeHo+bxiVTsFyuwCaAzDd /kkSwT+TAd7R2buKqbKUkqE= =Z3Bv -----END PGP SIGNATURE-----
Current thread:
- Anti-forensic tools Xander Solis (Jul 01)
- <Possible follow-ups>
- Anti-forensic tools Ali Emirlioglu (Jul 01)
- Anti-forensic tools iamnowonmai (Jul 01)
- Anti-forensic tools d4ncingd4n at gmail.com (Jul 01)
- Anti-forensic tools Adrian Crenshaw (Jul 01)
- Anti-forensic tools iamnowonmai (Jul 01)
- Anti-forensic tools Chris Merkel (Jul 01)
- Anti-forensic tools Jim Halfpenny (Jul 01)
- Anti-forensic tools Jody & Jennifer McCluggage (Jul 01)
- Anti-forensic tools Joel Folkerts (Jul 01)
- Anti-forensic tools Adrian Crenshaw (Jul 01)
- Anti-forensic tools Joel Folkerts (Jul 01)
- Anti-forensic tools Mad Marv (Jul 01)
- Anti-forensic tools Cody Ray (Jul 01)
- Anti-forensic tools Chris Merkel (Jul 01)
- Anti-forensic tools Adrian Crenshaw (Jul 02)
- Anti-forensic tools Dimitrios Kapsalis (Jul 02)
- Anti-forensic tools Adrian Crenshaw (Jul 02)
- Anti-forensic tools Joshua Wright (Jul 02)
- Anti-forensic tools Adrian Crenshaw (Jul 02)
- Anti-forensic tools Jim Halfpenny (Jul 02)
- Anti-forensic tools Grymoire (Jul 02)
- Anti-forensic tools Adrian Crenshaw (Jul 02)
- Anti-forensic tools Jim Halfpenny (Jul 02)