RE: Data Recovery Oct 31 2006 02:02PM
Greg Kelley (gkelley vestigeltd com)
Nice article, Kurt, but this issue is not confined to just NTFS
formatted volumes. With Windows, and other operating systems,
propensity to create temp files and use memory paging, I would never
trust a wiping application to remove all evidences of a file by just
wiping the file itself. A complete erase of the disk is the only way to
insure that the data is gone.

Greg Kelley, EnCE
Vestige Digital Investigations
Computer Forensics | Electronic Discovery | Corporate Surety
46 Public Square, Ste 220
Medina, OH 44256
(330)721-1205 x5432
(330)721-1206 Fax

-----Original Message-----
From: Kurt Seifried [mailto:bt (at) seifried (dot) org [email concealed]]
Sent: Monday, October 30, 2006 3:10 PM
To: Russell Aspinwall; forensics (at) securityfocus (dot) com [email concealed]
Subject: Re: Data Recovery

> In response to data recovery after 57+ formats query
> The UK magazine Computer Shopper carried a feature article "Recovery
> Position" in its March 2006 issue, which can be found here
> and search for Recovery Position. It
> appears that disk erasing programs do not delete the data, if you have
> right tools for recovery; however a hammer does work.

No surprise there.

Pretty much all the programs fail with NTFS alternate data streams,
that are hosted in the NTFS MFT, or simply fail to wipe normal files at

> --
> Regards
> Russell


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus