±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36595
New Yesterday: 4 Visitors: 114

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Use of FTK Custom Carver DB to spot evidence tampering

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

akaplan0qw9
Senior Member
 

Use of FTK Custom Carver DB to spot evidence tampering

Post Posted: Apr 09, 11 06:13

I'm considering putting together a set of FTK custom carver files for the commercial programs that purport to selectively delete files (evidence).

The type of custom carver files I am thinking about are those associated with such programs as "Evidence Eraser", "Secure Clean", "Evidence Eliminator", "Evidence Shredder", etc. etc.

With that database I would want to look for artifacts of the aforementioned files, not necessarily as evidence of deliberate evidence tampering/destruction, but more as a way of deciding whether or not additional work is needed in that area.

Has anybody used that approach? To what degree was it successful? Is there a different approach you would recommend?
_________________
Alan M. Kaplan, ACE
Nevada PI License #220
AKaplan @ LasVegasPI.com 
 

Page 1 of 1