Digital Tool Marks (DTMs): a forensic analysis of file wiping software

Graeme Horsman

Research output: Contribution to journalArticlepeer-review

731 Downloads (Pure)

Abstract

Whilst difficult to ascertain the full extent to which so called anti-forensic software applications are in use by the public, their threat to an investigation of digital content is tangible, where of particular interest is the use of file wiping tools, which remains the focus of this work. This work presents the examination of eight freely available wiping tools in order to identify the existence of ‘digital tool marks’ (DMTs) left on a system following their use. Further attempts are made to ascertain whether such DTMs can be attributable to a particular wiping tool. Analysis is focused on the impact each tool has on system at a file system level, where in this work both FAT32 and NTFS are the subject of investigation. DMTs relating to each wiping tool are provided and recoverable file system metadata post-wipe is described.
Original languageEnglish
JournalAustralian Journal of Forensic Sciences
Publication statusPublished - 29 Jul 2019

Fingerprint

Dive into the research topics of 'Digital Tool Marks (DTMs): a forensic analysis of file wiping software'. Together they form a unique fingerprint.

Cite this