Forensic Thwarting Tools

boom

Via Digg I found a site that has an excellent compendium of tools that can aid you in rendering a computer difficult or impossible to recover useful forensic evidence from. The tools listed on this site are intended to be used for educational purposes and in defining problems with existing forensic software and methods so that more effective software and methods can be developed.

Many of these tools stem from the fact that most OS’s don’t actually remove data when you delete a file they simply flag that area as available to the OS for writing. So even if you remove a file the data is still on your hard-drive. Many tools like fwipe or srm not only unlink the file but write over it with null or random bits. This effectively destroys the data.

Check out the list of tools over at www.networkintrusion.co.uk

If you enjoyed this post, make sure you subscribe to my RSS feed!

Published by

LiamM

I'm a self labeled Nerd who enjoys Playing Video Games, restoring classic muscle cars (i have a 65' Mustang in the works) , Running Big Data Clusters, Tattoos, Working on System Automation, Riding and customizing Motorcycles, and writing python Code. I'm an SRE with DemonWare/Activision Specializing in Big Data/Hadoop operations but all opinions and views expressed on this site are solely my own.