CRITERIA FOR VALIDATING SECURE WIPING TOOLS - Advances in Digital Forensics XI
Conference Papers Year : 2015

CRITERIA FOR VALIDATING SECURE WIPING TOOLS

Abstract

The validation of forensic tools is an important requirement in digital forensics. The National Institute of Standards and Technology has defined standards for many digital forensic tools. However, a standard has not yet been specified for secure wiping tools. This chapter defines secure wiping functionality criteria for NTFS specific to Windows 7 and magnetic hard drives. The criteria were created based on the remnants of user actions – file creation, modification and deletion – in $MFT records, the $LogFile and the hard disk. Of particular relevance is the fact that the $LogFile, which holds considerable forensic artifacts of user actions, is not wiped properly by many tools. The use of the proposed functionality criteria is demonstrated in an evaluation of the Eraser secure wiping tool.
Fichier principal
Vignette du fichier
978-3-319-24123-4_19_Chapter.pdf (286.9 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01449066 , version 1 (30-01-2017)

Licence

Identifiers

Cite

Muhammad Sharjeel Zareen, Baber Aslam, Monis Akhlaq. CRITERIA FOR VALIDATING SECURE WIPING TOOLS. 11th IFIP International Conference on Digital Forensics (DF), Jan 2015, Orlando, FL, United States. pp.321-339, ⟨10.1007/978-3-319-24123-4_19⟩. ⟨hal-01449066⟩
120 View
362 Download

Altmetric

Share

More