Assessing trace evidence left by secure deletion programs

Paul Burke; Philip Craiger

Journal ArticleOPEN ACCESS

Assessing trace evidence left by secure deletion programs

IFIP International Federation for Information Processing (2006) 222 185-195

DOI: 10.1007/0-387-36891-4_15

0Citations

11Readers

Abstract

Secure deletion programs purport to permanently erase files from digital media. These programs are used by businesses and individuals to remove sensitive information from media, and by criminals to remove evidence of the tools or fruits of illegal activities. This paper focuses on the trace evidence left by secure deletion programs. In particular, five Windows-based secure deletion programs are tested to determine if they leave identifiable signatures after deleting a file. The results show that the majority of the programs leave identifiable signatures. Moreover, some of the programs do not completely erase file metadata, which enables forensic investigators to extract the name, size, creation date and deletion date of the "deleted" files.

Author supplied keywords

Cite

CITATION STYLE

APA

Burke, P., & Craiger, P. (2006). Assessing trace evidence left by secure deletion programs. IFIP International Federation for Information Processing, 222, 185–195. https://doi.org/10.1007/0-387-36891-4_15

Assessing trace evidence left by secure deletion programs

Abstract

Author supplied keywords

Cite

Register to see more suggestions