Notifications
Clear all
General (Technical, Procedural, Software, Hardware etc.)
1
Posts
1
Users
0
Likes
286
Views
Topic starter
I'm considering putting together a set of FTK custom carver files for the commercial programs that purport to selectively delete files (evidence).
The type of custom carver files I am thinking about are those associated with such programs as "Evidence Eraser", "Secure Clean", "Evidence Eliminator", "Evidence Shredder", etc. etc.
With that database I would want to look for artifacts of the aforementioned files, not necessarily as evidence of deliberate evidence tampering/destruction, but more as a way of deciding whether or not additional work is needed in that area.
Has anybody used that approach? To what degree was it successful? Is there a different approach you would recommend?
Posted : 09/04/2011 6:13 am