Post on 19-May-2015
description
transcript
The Traces We Leave Behind
AND HOW TO FIND THEM
Mattias Wecksten
2009 (cc) by-nc-sa
What Traces Do You Leave If…
…you delete a file?
…you format a hard drive?
…edits a document without saving?
…use an USB memory?
Files on the Hard Drive
• Hard drive = Binder with index
• Write file = Insert document
• Remove file= Erase from index
• Format = Replace index
Data Extraction: deleted file
• Recreate the entry• Analyze data• Recreate data
Data Extraction: formatted hard drive
• Recreate the register• Analyze data
Data extraction: Word-recovery
The Windows Registry
Metadata
Questionnaire:
• Who is responsible if erased information turns up?• What information seeps out?• What ethical aspects are considered?• Are you prepared for the incident?
References
Presentation: M. Weckstén (cc) by-nc-sa
wecksten@gmail.com
Photo: Bitxo (cc) by-nc-sa
Illustrations: T. Weckstén (cc) by-nc-sa