RE: Hard Drive Forensics Question

["Murda Mcloud" <murdamcloud () bigpond com>]

Can you clarify what you mean by this?

> > Perhaps it would be a good idea to copy+paste+delete a few very large
> > random files on there (99.5% occupying the drive) a few times, just in
> > case.


Do you mean he should copy a few files that are like 90Gb in size to his
drive by pasting them and then delete those files?

Is this so that it can overwrite any free/unallocated space?



> > -----Original Message-----
> > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> > On Behalf Of Razi Shaban
> > Sent: Saturday, October 04, 2008 2:17 AM
> > To: Larry Offley
> > Cc: Matt Perry; security-basics () securityfocus com
> > Subject: Re: Hard Drive Forensics Question
> >
> > > The only thing they could prove would be that he did copy the files, if
> > he
> > > did, never deleted the files, and the area of the drive the files were
> > > written to had also never been written over in the six months since
> > then.
> >
> > Perhaps it would be a good idea to copy+paste+delete a few very large
> > random files on there (99.5% occupying the drive) a few times, just in
> > case. If he feels the random data files would appear suspicious, copy
> > the largest files on the drive a few times. This will help to make it
> > more difficult - if anything, quite difficult - to recover any data
> > that may have been on the hard drive.
> >
> > You might also want to run a free data recovery program such as Recuva
> > (http://recuva.com) to see if it can find anything potentially
> > incriminating.
> >
> >
> > Hope it helps,
> > Razi Shaban