In the first part of this paper we talked about the most common – and also some of the simplest – ways suspects can try to cover their tracks in an attempt to slow down the investigation. This part of the article is dedicated to some of the more advanced techniques that sometimes can really be challenging to deal with. Let’s take a look at some of the possible workarounds when the data we are looking for was deleted or encrypted.
Attempting to securely wipe or otherwise destroy evidence stored on hard drives and other media can be the planned last resort. If done properly, secure erase will irreversibly destroy evidence without giving investigators the slightest chance of recovery. However, computer users with average literacy can make mistakes that will result in incomplete destruction. Let’s have a look at what the suspect can do to erase the hard drive.
