[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <754924961001251022v164e03ecp119a0a1cac8769c6@mail.gmail.com>
Date: Tue, 26 Jan 2010 00:07:02 +0545
From: Bipin Gautam <bipin.gautam@...il.com>
To: Michael Holstein <michael.holstein@...ohio.edu>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Disk wiping -- An alternate approach?
Ok, i know the "obvious things" Michael!
> Modern forensic tools are good enough to find your "needle" in that
"haystack" in short order, regardless of how well you try to hide it in
plain sight among the contents of wikipedia, et.al.
You are telling me "Modern forensic" examiners DRAW CONCLUSIONS
without look it ALL possible evidence and by shifting just a few bytes
of possible "related keywords" and draw insufficient conclusions? Isnt
it like, when an forensic incident happens you take fingerprint from
the whole house skipping a few rooms thinking there are sooooo many
rooms to look for.....?
On top of that, the keywords they fish-out that way is by no guarantee
belonging to the OWNER OF THE COMPUTER instead as leftover chunks from
the internet written by someone and lands on your computer's in
disk-fragments as free-space as browser cache is flushed ?
Dont miss the main point! On top of that FAT32/NTFS fs has high
fragmentation rate than EXT*.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists