CRITERIA FOR VALIDATING SECURE WIPING TOOLS

Abstract : The validation of forensic tools is an important requirement in digital forensics. The National Institute of Standards and Technology has defined standards for many digital forensic tools. However, a standard has not yet been specified for secure wiping tools. This chapter defines secure wiping functionality criteria for NTFS specific to Windows 7 and magnetic hard drives. The criteria were created based on the remnants of user actions – file creation, modification and deletion – in $MFT records, the $LogFile and the hard disk. Of particular relevance is the fact that the $LogFile, which holds considerable forensic artifacts of user actions, is not wiped properly by many tools. The use of the proposed functionality criteria is demonstrated in an evaluation of the Eraser secure wiping tool.
Document type :
Conference papers
Complete list of metadatas

Cited literature [8 references]  Display  Hide  Download

https://hal.inria.fr/hal-01449066
Contributor : Hal Ifip <>
Submitted on : Monday, January 30, 2017 - 9:13:33 AM
Last modification on : Friday, December 1, 2017 - 1:16:44 AM

File

978-3-319-24123-4_19_Chapter.p...
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Muhammad Zareen, Baber Aslam, Monis Akhlaq. CRITERIA FOR VALIDATING SECURE WIPING TOOLS. 11th IFIP International Conference on Digital Forensics (DF), Jan 2015, Orlando, FL, United States. pp.321-339, ⟨10.1007/978-3-319-24123-4_19⟩. ⟨hal-01449066⟩

Share

Metrics

Record views

150

Files downloads

217