Use of FTK Custom C...
 
Notifications
Clear all

Use of FTK Custom Carver DB to spot evidence tampering

1 Posts
1 Users
0 Likes
286 Views
(@akaplan0qw9)
Posts: 69
Trusted Member
Topic starter
 

I'm considering putting together a set of FTK custom carver files for the commercial programs that purport to selectively delete files (evidence).

The type of custom carver files I am thinking about are those associated with such programs as "Evidence Eraser", "Secure Clean", "Evidence Eliminator", "Evidence Shredder", etc. etc.

With that database I would want to look for artifacts of the aforementioned files, not necessarily as evidence of deliberate evidence tampering/destruction, but more as a way of deciding whether or not additional work is needed in that area.

Has anybody used that approach? To what degree was it successful? Is there a different approach you would recommend?

 
Posted : 09/04/2011 6:13 am
Share: