Whilst difficult to ascertain the full extent to which so called anti-forensic software applications are in use by the public, their threat to an investigation of digital content is tangible, where of particular interest is the use of file wiping tools, which remains the focus of this work. This work presents the examination of eight freely available wiping tools in order to identify the existence of ‘digital tool marks’ (DMTs) left on a system following their use. Further attempts are made to ascertain whether such DTMs can be attributable to a particular wiping tool. Analysis is focused on the impact each tool has on system at a file system level, where in this work both FAT32 and NTFS are the subject of investigation. DMTs relating to each wiping tool are provided and recoverable file system metadata post-wipe is described.
|Journal||Australian Journal of Forensic Sciences|
|Publication status||Published - 29 Jul 2019|