Digital Evidence Question - What is an effective Windows hard-disk search tool?

From: marcus peddle (marcus_peddle_at_yahoo.ca)
Date: 06/17/03

  • Next message: Klotz, Brian: "RE: redhat audit"
    Date: Mon, 16 Jun 2003 20:12:29 -0400 (EDT)
    To: security-basics@securityfocus.com
    
    

    Hello,
     
    I have a question/request:
     
    A few weeks back, a friend of mine in law enforcement
    demo'ed a tool he had on is computer that searched his
    entire hard drive and built an evidence file (he
    called it acquiring the drive). He then used a
    propritarty tool to search the file the tool built for
    things he thought he had deleted. I am very aware of
    the footprint that can be left on a users computer but
    he had an extensive wipe tool that I was quite
    surprised to see did not delete everything. He began
    pulling up images/cookies/files that he thought he had
    deleted years ago.
     
    Needless to say i was quite surprized.
     
    So I now use a wiping program on my computer that
    deletes and overwrites all deleted files. I also have
    a few other footprint erasers going but I wonder how
    effective they are.
     
    What I seek is the following:
     
    -A tool (peferably freeware) that I can use to acquire
    and search my hard drive for
    images/history/general/etc information that I have
    "deleted".
     
    Any suggestions? It goes without saying that any
    ideas you may have would be appreciated. Thanks!
     
    Marcus

    ______________________________________________________________________
    Post your free ad now! http://personals.yahoo.ca

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------


  • Next message: Klotz, Brian: "RE: redhat audit"

    Relevant Pages