22.2 Information Detritus

 <  Day Day Up  >  

Modern operating systems, particularly those that are Windows-based, smear information detritus (dirt) all over your hard drive. Many users are aware that when you delete a file, you don't necessarily remove it from your hard drive. For example, when you press Delete, you may lose the icon and the link to the location, but the data may remain on your hard drive. Hackers or forensics experts can later retrieve this data.

In fact, even a filesystem format (as performed by the operating system) does not necessarily destroy all of the data. [1] Even after a format, forensics tools can extract significant amounts of data. In order to protect yourself, you need to shred the electronic documents with a secure wiping utility.

[1] The low-level format often performed by the BIOS firmware does.

No matter how well designed the wiping utility is, however, it will always leave bits of information garbage in odd corners of your hard drive. The only way to truly erase a hard disk is to physically reset the charges on the disk surface. Putting the hard drive in a strong electromagnetic field can do this. More practically, simply set the hard drive in your fireplace and roast it on a high flame for an hour or two (make sure the room is properly ventilated, and don't pick up the hot metal case until it cools). Most users want to keep using their drives , so it's important to understand the places your operating system and hardware collect information detritus. We will describe some of these places, and how the Windows counter-forensics tool Evidence Eliminator can protect you from information attacks from hackers and forensic scientists.

 <  Day Day Up  >  


Security Warrior
Security Warrior
ISBN: 0596005458
EAN: 2147483647
Year: 2004
Pages: 211

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net