full-disclosure-uk January 2010 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Disk wiping -- An alte

Re: [Full-disclosure] Disk wiping -- An alternate approach?

From: Bipin Gautam <bipin.gautam_at_nospam>
Date: Mon Jan 25 2010 - 18:22:02 GMT
To: Michael Holstein <michael.holstein@csuohio.edu>


Ok, i know the "obvious things" Michael!

> Modern forensic tools are good enough to find your "needle" in that
"haystack" in short order, regardless of how well you try to hide it in plain sight among the contents of wikipedia, et.al.

You are telling me "Modern forensic" examiners DRAW CONCLUSIONS without look it ALL possible evidence and by shifting just a few bytes of possible "related keywords" and draw insufficient conclusions? Isnt it like, when an forensic incident happens you take fingerprint from the whole house skipping a few rooms thinking there are sooooo many rooms to look for.....?

On top of that, the keywords they fish-out that way is by no guarantee belonging to the OWNER OF THE COMPUTER instead as leftover chunks from the internet written by someone and lands on your computer's in disk-fragments as free-space as browser cache is flushed ?

Dont miss the main point! On top of that FAT32/NTFS fs has high fragmentation rate than EXT*.



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/