-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 re: #2. I've been using Eraser (http://www.heidi.ie/node/6) for wiping external hard drives via USB. It will also selectively overwrite files / folders / free disk space. I used to schedule Eraser to wipe unused disk space but that is just a hassle. Truecrypt full disk encryption is much more convenient.
Marv Adrian Crenshaw wrote: > Hi all, > I'm planing another class for the local ISSA (and hope to get some > Infragard and OWASP folks there). The topic this time is Anti-forensics. > I plan to cover a few categories of tools: > > 0. Show simple tools to see what's been going on > Places files are stored > effect of hibernate and page file > defrag issues (I assume this can leave remnants behind in slack space of > files that defrag moved, so if ta defrag happened just before you wipe a > file you may not really get all of the data) > Filecarving with Photorec http://www.cgsecurity.org/wiki/PhotoRec > > 1. Selective track covering tools > CCleaner http://www.ccleaner.com/ > CleanAfterMe http://nirsoft.net/utils/clean_after_me.html > > 2. Delete f***ing everything!!!/Nuke it from orbit, it's the only way to > be sure > Secure Erase http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml (Scott > Moulton told me this uses built in ATA commands to wipe even bad sectors) > DBAN http://www.dban.org/ > > 3. Encryption > Truecrypt > > 4. System configs/don't leave traks in the first place > Wipe swap file on shutdown > Browsers and incognito mode > Portable apps/VMs from encrypted volumes (does anyone know how much of > the Host OS's swap is used by VMWare and the like?) > > > Any more ideas? Any better "Selective track covering tools" then the > ones I mentioned in section 1? > > Thanks, > Adrian > > > ------------------------------------------------------------------------ > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFKS8eGkOgHKNOb0dERAg8WAKCO1dGyzRfOWD4GeHo+bxiVTsFyuwCaAzDd /kkSwT+TAd7R2buKqbKUkqE= =Z3Bv -----END PGP SIGNATURE----- _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
