Digital tool marks (DTMs): a forensic analysis of file wiping software
Whilst difficult to ascertain the full extent to which so called anti-forensic software applications are in use by the public, their threat to an investigation of digital content is tangible, where of particular interest is the use of file wiping tools, which remains the focus of this work. This wor...
Saved in:
| Published in | Australian journal of forensic sciences Vol. 53; no. 1; pp. 96 - 111 |
|---|---|
| Main Author | |
| Format | Journal Article |
| Language | English |
| Published |
Clovelly
Taylor & Francis
02.01.2021
Copyright Agency Limited (Distributor) |
| Subjects | |
| Online Access | Get full text |
| ISSN | 0045-0618 1834-562X |
| DOI | 10.1080/00450618.2019.1640793 |
Cover
Loading…
| Abstract | Whilst difficult to ascertain the full extent to which so called anti-forensic software applications are in use by the public, their threat to an investigation of digital content is tangible, where of particular interest is the use of file wiping tools, which remains the focus of this work. This work presents the examination of eight freely available wiping tools in order to identify the existence of 'digital tool marks' (DMTs) left on a system following their use. Further attempts are made to ascertain whether such DTMs can be attributable to a particular wiping tool. Analysis is focused on the impact each tool has on system at a file system level, where in this work both FAT32 and NTFS are the subject of investigation. DMTs relating to each wiping tool are provided and recoverable file system metadata post-wipe is described. |
|---|---|
| AbstractList | Whilst difficult to ascertain the full extent to which so called anti-forensic software applications are in use by the public, their threat to an investigation of digital content is tangible, where of particular interest is the use of file wiping tools, which remains the focus of this work. This work presents the examination of eight freely available wiping tools in order to identify the existence of ‘digital tool marks’ (DMTs) left on a system following their use. Further attempts are made to ascertain whether such DTMs can be attributable to a particular wiping tool. Analysis is focused on the impact each tool has on system at a file system level, where in this work both FAT32 and NTFS are the subject of investigation. DMTs relating to each wiping tool are provided and recoverable file system metadata post-wipe is described. Whilst difficult to ascertain the full extent to which so called antiforensic software applications are in use by the public, their threat to an investigation of digital content is tangible, where of particular interest is the use of file wiping tools, which remains the focus of this work. This work presents the examination of eight freely available wiping tools in order to identify the existence of 'digital tool marks' (DMTs) left on a system following their use. Further attempts are made to ascertain whether such DTMs can be attributable to a particular wiping tool. Analysis is focused on the impact each tool has on system at a file system level, where in this work both FAT32 and NTFS are the subject of investigation. DMTs relating to each wiping tool are provided and recoverable file system metadata post-wipe is described. |
| Author | Horsman, Graeme |
| Author_xml | – sequence: 1 givenname: Graeme orcidid: 0000-0002-0685-0650 surname: Horsman fullname: Horsman, Graeme email: graeme.horsman@googlemail.com organization: Teesside University |
| BookMark | eNqVkEFrFDEUx4NUcFv9CELAix5m-5JMZjJ6sbS2FVa8VPAW3maSbep0MiYpy357M0x7UVA8hRd-_x_v_Y_J0RhGS8hrBmsGCk4BagkNU2sOrFuzpoa2E8_IiilRV7Lh34_IamaqGXpBjlO6g0KWYUUuL_zOZxxoDmGg9xh_JPr24uZLeveeInUh2jF5Q3HE4ZB8osFR5wdL937y446m4PIeo31Jnjsckn31-J6Qb5efbs6vq83Xq8_nZ5vKSNblyiouDDgnkYHZYi0NB6mkk33NnRSKKasaZVrVYmcY7xVuO9HIfrtF0_QKxAl5s3inGH4-2JT1XXiIZbmked02DFohu0J9WCgTQ0rROm3KjdmHMUf0g2ag5-L0U3F6Lk4_FlfS8rf0FH1p5vDP3PWSi_c-a9z5NGWdLEZzq_1Yqpy_Q9zpPvhZJQRrnjAOnAFjDdRcSFZUmz9VtzlPSfeY8f91HxfdksN9iEOvMx6GEF3E0fikxd-P-wXc07gS |
| CitedBy_id | crossref_primary_10_1111_1556_4029_14907 crossref_primary_10_1016_j_fsidi_2023_301607 crossref_primary_10_1111_1556_4029_15240 crossref_primary_10_1016_j_cose_2020_102034 |
| Cites_doi | 10.1520/JFS10278J 10.1016/S1361-3723(07)70079-9 10.1111/1556-4029.13722 10.1007/978-3-540-89862-7_21 10.1016/j.diin.2007.01.005 10.1016/j.diin.2006.06.005 10.1016/0379-0738(96)01964-0 |
| ContentType | Journal Article |
| Copyright | 2019 Australian Academy of Forensic Sciences 2019 2019 Australian Academy of Forensic Sciences |
| Copyright_xml | – notice: 2019 Australian Academy of Forensic Sciences 2019 – notice: 2019 Australian Academy of Forensic Sciences |
| DBID | AAYXX CITATION 7QO 7SS 7U7 8FD C1K FR3 K7. K9. P64 |
| DOI | 10.1080/00450618.2019.1640793 |
| DatabaseName | CrossRef Biotechnology Research Abstracts Entomology Abstracts (Full archive) Toxicology Abstracts Technology Research Database Environmental Sciences and Pollution Management Engineering Research Database ProQuest Criminal Justice (Alumni) ProQuest Health & Medical Complete (Alumni) Biotechnology and BioEngineering Abstracts |
| DatabaseTitle | CrossRef Entomology Abstracts ProQuest Criminal Justice (Alumni) Biotechnology Research Abstracts Technology Research Database Toxicology Abstracts ProQuest Health & Medical Complete (Alumni) Engineering Research Database Biotechnology and BioEngineering Abstracts Environmental Sciences and Pollution Management |
| DatabaseTitleList | Entomology Abstracts |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Law |
| EISSN | 1834-562X |
| EndPage | 111 |
| ExternalDocumentID | 10_1080_00450618_2019_1640793 10.3316/agispt.20210116042351 1640793 |
| Genre | Research Article Journal Article Original Articles |
| GroupedDBID | --- .7F .QJ 0BK 0R~ 23N 2DF 30N 4.4 5GY 6J9 AAENE AAJMT AALDU AAMIU AAPUL AAQRR ABCCY ABDBF ABFIM ABHAV ABJNI ABLIJ ABPAQ ABPEM ABTAI ABXUL ABXYU ACGFO ACGFS ACTIO ACUHS ADCVX ADGTB AEGXH AEISY AENEX AEOZL AEPSL AEYOC AFKVX AGDLA AGMYJ AHDZW AIAGR AIJEM AJWEG AKBVH AKOOK ALMA_UNASSIGNED_HOLDINGS ALQZU AQRUH ARTTT AVBZW AWYRJ BLEHA CCCUG CE4 CS3 DGEBU DKSSO EAZ EBD EBS ESX E~A E~B F5P GTTXZ H13 HF~ HZ~ H~P IPNFZ J.P KYCEM LJTGL M4Z NA5 NX0 O9- P2P PQQKQ RIG RNANH ROSJB RTWRZ S-T SNACF TBQAZ TDBHL TEI TFL TFT TFW TN5 TQWBC TTHFI TUROJ TUS TWF UT5 UU3 ZGOLN ~S~ 3YN AEGYZ AFWLO AAGDL AAHIA AAYXX ADYSH AFRVT AIYEW AMPGV CITATION 7QO 7SS 7U7 8FD C1K FR3 K7. K9. P64 TASJS |
| ID | FETCH-LOGICAL-c519t-e823c0ff5a10cba45c20585f5d42f53818e868c787a9c12d8ab9365dbbac6d803 |
| ISSN | 0045-0618 |
| IngestDate | Wed Aug 13 04:21:23 EDT 2025 Tue Jul 01 02:46:04 EDT 2025 Thu Apr 24 23:12:12 EDT 2025 Wed Aug 28 03:31:15 EDT 2024 Wed Aug 28 03:35:16 EDT 2024 Wed Dec 25 09:07:19 EST 2024 |
| IsDoiOpenAccess | false |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 1 |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-c519t-e823c0ff5a10cba45c20585f5d42f53818e868c787a9c12d8ab9365dbbac6d803 |
| Notes | 2021-01-16T17:53:40+11:00 AUSTRALIAN JOURNAL OF FORENSIC SCIENCES, Vol. 53, No. 1, Feb 2021, 96-111 TAJFS.jpg AUSTRALIAN JOURNAL OF FORENSIC SCIENCES, Vol. 53, No. 1, Feb 2021: 96-111 Informit, Melbourne (Vic) ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14 |
| ORCID | 0000-0002-0685-0650 |
| OpenAccessLink | https://research.tees.ac.uk/en/publications/76cfcb42-2193-447f-b3c1-776ee06a0c55 |
| PQID | 2476107359 |
| PQPubID | 28264 |
| PageCount | 16 |
| ParticipantIDs | rmit_agispt_search_informit_org_doi_10_3316_agispt_20210116042351 crossref_primary_10_1080_00450618_2019_1640793 crossref_citationtrail_10_1080_00450618_2019_1640793 proquest_journals_2476107359 rmit_agispt_https_data_informit_org_doi_10_3316_agispt_20210116042351 informaworld_taylorfrancis_310_1080_00450618_2019_1640793 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2021-01-02 |
| PublicationDateYYYYMMDD | 2021-01-02 |
| PublicationDate_xml | – month: 01 year: 2021 text: 2021-01-02 day: 02 |
| PublicationDecade | 2020 |
| PublicationPlace | Clovelly |
| PublicationPlace_xml | – name: Clovelly |
| PublicationTitle | Australian journal of forensic sciences |
| PublicationYear | 2021 |
| Publisher | Taylor & Francis Copyright Agency Limited (Distributor) |
| Publisher_xml | – name: Taylor & Francis – name: Copyright Agency Limited (Distributor) |
| References | cit0011 cit0001 cit0012 Carrier B (cit0014) 2005 cit0010 Kessler GC (cit0003) 2007 Boddington R (cit0007) 2016 cit0008 cit0006 cit0017 cit0004 cit0015 cit0005 cit0016 cit0002 Geiger M (cit0009) 2005 cit0013 |
| References_xml | – ident: cit0013 – ident: cit0004 doi: 10.1520/JFS10278J – ident: cit0011 – ident: cit0017 – volume-title: Practical digital forensics year: 2016 ident: cit0007 – ident: cit0008 doi: 10.1016/S1361-3723(07)70079-9 – ident: cit0012 – ident: cit0015 – ident: cit0016 – ident: cit0006 doi: 10.1111/1556-4029.13722 – ident: cit0001 doi: 10.1007/978-3-540-89862-7_21 – ident: cit0002 doi: 10.1016/j.diin.2007.01.005 – start-page: 1 volume-title: Australian Digital Forensics Conference year: 2007 ident: cit0003 – volume-title: DFRWS year: 2005 ident: cit0009 – volume-title: File system forensic analysis year: 2005 ident: cit0014 – ident: cit0010 doi: 10.1016/j.diin.2006.06.005 – ident: cit0005 doi: 10.1016/0379-0738(96)01964-0 |
| SSID | ssj0019618 |
| Score | 2.206184 |
| Snippet | Whilst difficult to ascertain the full extent to which so called anti-forensic software applications are in use by the public, their threat to an investigation... Whilst difficult to ascertain the full extent to which so called antiforensic software applications are in use by the public, their threat to an investigation... |
| SourceID | proquest crossref rmit informaworld |
| SourceType | Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 96 |
| SubjectTerms | Applications programs Computer forensics Computer programs deletion Digital forensic science digital forensics digital tool marks File wiping FORENSIC MEDICINE Forensic science forensics MEDIA Medical jurisprudence METADATA recovery Software SOFTWARE PROTECTION |
| Title | Digital tool marks (DTMs): a forensic analysis of file wiping software |
| URI | https://www.tandfonline.com/doi/abs/10.1080/00450618.2019.1640793 https://search.informit.org/documentSummary;res=AGISPT;dn=20210116042351 http://search.informit.org/doi/10.3316/agispt.20210116042351 https://www.proquest.com/docview/2476107359 |
| Volume | 53 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV3db9MwELdge-EF8SkKA_mBB1CVqknsJOatohsVYjx1YuLFcpy4qrY2UxJUaX_97mInTWDSGOIlqtLm4vp-dz6f74OQ97CiaN83xtMiMB7Lpxz0oOGeYGC7ahA_odA1cPo9Wpyxr-f8fN_osskuqdOJvr41r-RfuAr3gK-YJXsPznZE4QZ8Bv7CFTgM17_i8Xy9wp4fYD8Wl-ONKi8aF-p8eQrMETbnHGxSDFHHoqz76iNYjGm8WzepUhXo4Z0qBxFBPQdIr7JER8qtmp01_qVU-SYfL4qy2jiwOT9C4Dd-hL5rEYw77POQ9HWjLeQ7wIBVdCLqLZlOX_6hjdvwRcaRLsbRiYmPJ4e2KeKw-vVvq1IXK4h-hbDxMKjVurrC-FfYpvp-hBE9mDx_GMQxntAfzhbznz-6IyRsZWPDC-zfatO3sLD6bSMaGCaDsrWDzUevzkJjgiyfkMdu70BnFghPyYN8-4w8_KZ2z8mJgwJFKNAGCvQDAuHjJzqjLedoCwJaGIogoBYEtAXBC3J2crz8vPBciwxPg-lde3kShHpqDFcgc6liXAdT2AAanrHAcLTG8iRKNGhlJbQfZIlKRRjxLE2VjrJkGr4kB9tim78iNEvSIDZJxqOYMa2TNAxEGmkBMhwDVT0irJ0fqV39eGxjcin9rsysnVaJ0yrdtI7IpHvsyhZQuesB0Z98WTeeK2PbzMjwjmePWk5JJx-VDFgMe4Q45GJEjpF70gKpyWirJEZiS_tG-KooVxLgi0NE1LU_HWJuRGZ9OnZNuieN1_9pLG_Io700H5GDuvyVvwU7uU7fOYm4Acxss3M |
| linkProvider | Library Specific Holdings |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV1Lb9swDBbW7rBd1u6FZe02HXbYDg6sly3tVqwNsi3JKQV6EyTZCop2cRG7CNBfX9Gyg2RAUQw926JNiSIpivyI0NdgURwh3idOUZ_wMhVBD3qRKB58Vxe2nzIQGpjOsvE5_30hLrZqYSCtEs7QPgJFtLoaNjcEo_uUOADkEcEOtZlZakjgLkqxPfRcBN8dpJyls81NAnQ0ibfMAroYyL6K5yEyO_ZpB710xwfdKrdvLdHoALmeh5iAcjW8bezQ3f0D7_g0Jg_Rq85RxSdRsl6jZ-XyDdqbmPVbNDq9XECvEdxU1TX-a1ZXNf52Op_W339ggwMrkBTvsOnwTnDlMcA_4TX0yV7gOmj-tVmV79D56Gz-c5x0_RgSF_y8JiklZS71XpiwwNZw4WgaThteFJx6Aaa_lJl0QQUY5QgtpLGKZaKw1riskCl7j_aX1bL8gHAhLc29LESWc-6ctIwqmzkVBCYPVN0A8X4VtOvAyqFnxrUmG0zTOD0apkd30zNAw82wm4jW8dgAtb3EumnDJD72NNHskbHHvTzobuPXmvI8OKQ5E2qAzkBGtFlc1jdNWz5Va0j71fGL4VG1Wuiw7vCLjJGsf5XCOZyQDFKWBBmgk206UQH-J42PT2DzC3oxnk8nevJr9ucIvQTCbQiKHqP9ZnVbfgpOWWM_t7vuHrH6JJo |
| linkToPdf | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV3Nb9MwFLfYkBAXvhGFAT5wgEOq-DM2t4muGrBVHDaJm2U7cTVtNFWTqdL--vnFSdUioQnt2tQvsf2-bP_8ewh9ihHFExJC5jUNGa9yEf1gEJnmMXf10fy0ha2B05k8Puc_fosBTdj0sEpYQ4dEFNH5ajDuZRkGRBzw8YgYhjpglh4TOIrSbA89lPF3QPWxfLY5SICCJumQWUARAzVc4vmXmJ3wtENeupOCbt227wLR9ClyQxcS_uRyfN26sb_5i93xXn18hp70aSo-THr1HD2oFi_Q3oldv0TTycUcKo3gtq6v8B-7umzw58nZafPlK7Y49gQg8R7bnu0E1wED-RNeQ5XsOW6i31_bVfUKnU-Pzr4dZ301hszHLK_NKkWZz0MQNk6vs1x4mse1RhAlp0FA4K-UVD46AKs9oaWyTjMpSuesl6XK2Wu0v6gX1RuES-VoEVQpZMG598oxqp30OqpLEaX6EeLDJBjfU5VDxYwrQzaMpml4DAyP6YdnhMabZsvE1XFXA709w6btNklCqmhi2B1tDwZ1ML3ZN4byIqajBRN6hI5ARYydXzTLtrs81RgA_Zr0xvioXs1NnHb4RMaIHP5KYRVOiATAkiAjdLgtJ7m__5Tx9h7d_Ige_ZpMzcn32c936DHI7faf6AHab1fX1fuYkbXuQ2dzt-YiIz4 |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Digital+tool+marks+%28DTMs%29%3A+A+forensic+analysis+of+file+wiping+software&rft.jtitle=Australian+journal+of+forensic+sciences&rft.au=Graeme+Horsman&rft.date=2021-01-02&rft.issn=0045-0618&rft.volume=53&rft.issue=1&rft.spage=96&rft.epage=111&rft_id=info:doi/10.1080%2F00450618.2019.1640793&rft.externalDBID=n%2Fa&rft.externalDocID=10.3316%2Fagispt.20210116042351 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0045-0618&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0045-0618&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0045-0618&client=summon |