Notifications
Clear all

secure deletion

3 Posts
2 Users
0 Likes
333 Views
(@chrisfearns)
Posts: 11
Active Member
Topic starter
 

Is there any program that comes supplied already with standard windows XP that will allow a user to securely delete a downloaded open source programme such as a file property changer, without it being forensically possible to retrieve evidence that such a file property changer existed in the first place on the hard drive?
ie, can someone with the programs available as standard to hand with windows XP then download an open source file property changer, alter the properties of a seperate file, and then delete the evidence that a property changing file had ever been downloaded thus making the altered file look more authentic and viable?

 
Posted : 27/06/2006 7:07 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Prehaps with the defrag utility. Compare what you find in the Prefetch directory (run count, last run date) to what you find under the UserAssist key (same variables if there're any entries there for the defrag utility).

Hope this helps,

Harlan

 
Posted : 27/06/2006 7:18 pm
(@chrisfearns)
Posts: 11
Active Member
Topic starter
 

in a similar vein though, is there anything that shows the last date of the hard drive having been defragged? ie forensic footprints that lead to the conclusion that it has or hasnt been defragged? this would have a knock on effect indicating towards whether something might have been deleted or not!

 
Posted : 27/06/2006 9:15 pm
Share: