SANS Digital Forensics and Incident Response Blog: Tag - shred

Digital Forensics: In-depth analysis of SRM and BCWipe (for unix)

Secure wiping tools are nothing new, we've all seen and used them for a long time now. It's no mystery that these tools are used by intruders to cover their tracks by securely deleting files such as logs, or other files they downloaded onto compromised systems. Organizations also use these tools to securely delete confidential … Continue reading Digital Forensics: In-depth analysis of SRM and BCWipe (for unix)


Digital Forensics: A Quick Note About Shred

Hal Pomeranz, Deer Run Associates In the Linux/Unix realm we have tools like shred for securely overwriting files before deleting them in order to prevent recovery of the deleted file. If your adversary is sufficiently advanced (or just not lazy), they can obviously use these tools to frustrate your forensic investigation. Previously, I had thought … Continue reading Digital Forensics: A Quick Note About Shred