FINDING DELETED DATA

Previous page
Table of content
Next page

FINDING DELETED DATA

No matter how many times you've deleted a file, or what methods you may have used, there will always be a way to retrieve it again. While you could extract an overwritten file's data by analyzing its magnetic traces on your hard disk (discussed below), it's far easier to look for electronic traces of it.

The keyboard buffer

Most operating systems store everything you type in a portion of memory called the keyboard buffer, so when you create a text document (containing all the subversive actions you plan to take against your government, for example), the keyboard buffer temporarily stores this information in your computer's memory. When you close the file, your computer clears the keyboard buffer by dumping its contents into a temporary copy of that particular file, which you can then view with a computer forensics tool (discussed below).

So if you're trying to get rid of evidence, simply encrypting or deleting a file won't be enough. Encryption or file deletion protects your final file, but it does nothing to hide or erase information dumped in any temporary files created along the way. To ensure you are not incriminated by the keyboard buffer, use your favorite file shredder to delete any temporary files stored on your hard disk.

Cleaning your web browser cache

When you search the Internet, your web browser stores (caches) the web pages you visit in a directory on your hard disk called the cache directory. Since the cache directory records all the websites you've visited in the last two weeks, it can leave behind an incriminating trail if you've been visiting sites you're not supposed to visit.

In case you're curious what kind of information someone might find in your web browser cache, run a program such as Cache Auditor (http://www.webknacks.com) for Internet Explorer or Cache, Cookie & Windows Cleaner (http://www.moleculesoft.com) for either Internet Explorer or Netscape. Cache, Cookie & Windows Cleaner shows the contents of your cache files, so anyone can see which web pages you've looked at in the past few days.

Other cache-purging programs include Cache and Cookie Washer (http://www.webroot.com), and IEClean or NSClean (http://www.nsclean.com), which can clean up the cache in Internet Explorer and Netscape. Macintosh users can try MacWasher (http://www.webroot.com) If you're a Windows user running AOL, Internet Explorer, Netscape, or even Opera, try the Complete Cleanup (http://members.aol.com/softdd) program for purging your cache files.

Just remember that purging the cache simply deletes the files and won't physically remove them-anyone can undelete your erased cache directory file later. (For more security, use a file shredder instead, as discussed earlier in the chapter.)

If you think purging your cache, deleting old email messages, wiping out temporary files, and shredding all your files is too much trouble, guess what? That's exactly what computer forensics experts are counting on when they examine a suspect's computer.


Previous page
Table of content
Next page
Steal This Computer Book 3(c) What They Won't Tell You About the Internet
Steal This Computer Book 3: What They Wont Tell You about the Internet
ISBN: 1593270003
EAN: 2147483647
Year: 2003
Pages: 215
Authors: Wallace Wang
BUY ON AMAZON
Cisco IOS Cookbook (Cookbooks (OReilly))
Cultural Imperative: Global Trends in the 21st Century
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
The Oracle Hackers Handbook: Hacking and Defending Oracle
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy