[Pauldotcom] Anti-forensic tools
Adrian Crenshaw
irongeek at irongeek.com
Wed Jul 1 20:48:42 UTC 2009
Thanks. So, am I right in assuming if the following scenario happens, some
remnant data will be left in free space?:
1. File is written to the drive.
2. Defrag happens, moves parts of the file around.
3. File is wiped with all zeros.
4. A data carving tool can still get the data from where it was before the
defrag.
I'm also wondering, if I use a VM ran from an encrypted volume, how much
stuff might show up in the page file/swap space.
Thanks,
Adrian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090701/2546d7cc/attachment.htm
More information about the Pauldotcom
mailing list