Thursday, January 27, 2011

More on secure wiping tools: SRM and BCWipe

This article from the SANS Computer Forensics  Blog explains in detail how the secure wiping tools behave from a forensics point of view.

As explained in previous posts,  only a tool that can access the raw device can totally wipe any trace of an existing file, because userland tools cannot access the indirect blocs. This trace can help to confirm that a given file was wiped.

No comments:

Post a Comment