An Investigation into the Efficiency of Forensic Erasure Tools for Hard Disk Mechanisms

One of the common anecdotal complaints used when defending the insecure erasure of hard disks is the length of time taken to affect a secure erasure. This paper discusses results of experiments conducted with Unix/Linux based hard disk wiping software when run on various machines and hard disk mechanisms in terms of size, speed and interface. The initial research has uncovered a range of issues and factors that affect the speed of erasure of hard disk mechanisms. Some of these factors included memory configuration and CPU but not in ways that were expected. This paper includes results from contemporary ATA and the newer SATA IDE hard disk drives in use today

Oops they did it again: The 2007 Australian study of remnant data contained on 2nd hand hard disks

The 2007 study used a biased selection process where the primary focus was the purchase of high-speed SCSI drives and drive packs, in addition 2.5 inch laptop drives were targeted. Conventional IDE based hard drives were also examined in the study. A total of 84 drives were examined this year, 23 yielded data that represented significant and in some cases profound exposure if data. Encouragingly more hard disks were erased in this study than in previous studies. However, there is still a significant gap in erasure procedures in organisations, which is particularly concerning given that the drives were from large corporations

Oops they did it again: The 2007 Australian study of remnant data contained on 2nd hand hard disks

The 2007 study used a biased selection process where the primary focus was the purchase of high-speed SCSI drives and drive packs, in addition 2.5 inch laptop drives were targeted. Conventional IDE based hard drives were also examined in the study. A total of 84 drives were examined this year, 23 yielded data that represented significant and in some cases profound exposure if data. Encouragingly more hard disks were erased in this study than in previous studies. However, there is still a significant gap in erasure procedures in organisations, which is particularly concerning given that the drives were from large corporations

A UK and Australian Study of Hard Disk Disposal

Recent studies in Australia and the United Kingdom indicate that a broad cross-section of organisations are failing to adequately protect or erase confidential data stored on hard disk drives before subsequent disposal. Over 90% of hard disks that were examined as a result of the two Independent studies were in an easily recoverable state with some drives simply requiring a boot. This paper will give an overview and comparison of the two studies conducted. Then an examination of possible factors responsible for the inadequate erasure of hard disk devices will be undertaken. Furthermore, possible future research directions will also be explore

Do Current Erasure Programs Remove Evidence of BitTorrent Activity?

This research in progress aims to evaluate the effectiveness of commercial programs to erase traces of the use of BitTorrent software. The erasure programs MaxErase, P2PDoctor, Privacy Suite, Window Washer and R-Clean and Wipe were used on a machine that had used the BitTorrent client Azureus to download two torrent files. The drive was imaged and then searched for torrent files. The registry was also examined on the source machine. The program R-Clean and Wipe left evidence in both the registry and the image of the name and type of files that had been downloaded with this software. Of greater concern was that the software MaxErase, P2PDoctor, Window Washer and Privacy Suite claimed to erase evidence of P2P activity, but did not remove evidence of torrent activity. Current erasure tools do not appear to be effective at removing traces of BitTorrent activity. Keywords: P2P, BitTorrent, file sharing, erasure softwar

Do Current Erasure Programs Remove Evidence of BitTorrent Activity?

This research in progress aims to evaluate the effectiveness of commercial programs to erase traces of the use of BitTorrent software. The erasure programs MaxErase, P2PDoctor, Privacy Suite, Window Washer and R-Clean and Wipe were used on a machine that had used the BitTorrent client Azureus to download two torrent files. The drive was imaged and then searched for torrent files. The registry was also examined on the source machine. The program R-Clean and Wipe left evidence in both the registry and the image of the name and type of files that had been downloaded with this software. Of greater concern was that the software MaxErase, P2PDoctor, Window Washer and Privacy Suite claimed to erase evidence of P2P activity, but did not remove evidence of torrent activity. Current erasure tools do not appear to be effective at removing traces of BitTorrent activity

An examination of the Asus WL-HDD 2.5 as a nepenthes malware collector

The Linksys WRT54g has been used as a host for network forensics tools for instance Snort for a long period of time. Whilst large corporations are already utilising network forensic tools, this paper demonstrates that it is quite feasible for a non-security specialist to track and capture malicious network traffic. This paper introduces the Asus Wireless Hard disk as a replacement for the popular Linksys WRT54g. Firstly, the Linksys router will be introduced detailing some of the research that was undertaken on the device over the years amongst the security community. It then briefly discusses malicious software and the impact this may have for a home user. The paper then outlines the trivial steps in setting up Nepenthes 0.1.7 (a malware collector) for the Asus WL-HDD 2.5 according to the Nepenthes and tests the feasibility of running the malware collector on the selected device. The paper then concludes on discussing the limitations of the device when attempting to execute Nepenthes