Forensics Bonanza in Facebook Case

Discussion in 'privacy general' started by LockBox, Apr 3, 2012.

Thread Status:
Not open for further replies.
  1. LockBox
    Offline

    LockBox Registered Member

  2. Securit
    Offline

    Securit Registered Member

    Thanks! Very interesting reading!
  3. BrandiCandi
    Offline

    BrandiCandi Guest

    Interesting indeed.
  4. syncmaster913n
    Offline

    syncmaster913n Registered Member

    What I found most interesting in the paper is the fact that the forensics experts were able to extract metadata from files that were erased and overwritten by new data. I thought that doing that without employing very expensive means is not possible?
  5. Dogbiscuit
    Offline

    Dogbiscuit Registered Member

    Some metadata is stored in the Windows file system and not in the file itself.
  6. syncmaster913n
    Offline

    syncmaster913n Registered Member

    Ah, I see!

    Do you know of any free (or trial) software that can be used to analyze metadata from specific files? They mentioned one in the paper, but it is paid and has no trial. I'd like to see just how much information you can extract this way.
  7. Dogbiscuit
    Offline

    Dogbiscuit Registered Member

    I can't recommend one, but a search on 'metadata removal tool' showed many.
  8. syncmaster913n
    Offline

    syncmaster913n Registered Member

    Last edited: Apr 15, 2012
  9. chronomatic
    Offline

    chronomatic Registered Member

    It looks like this guy tried to hide his tracks by reinstalling Windows. He obviously doesn't understand that does nothing to hide most of the data that was on the drive.
  10. CloneRanger
    Offline

    CloneRanger Registered Member

    Eye-opening, Indeed !

    Thanks for posting :thumb:

    It appears he only reinstalled, Without deleting the partions first = Big No No :D
Thread Status:
Not open for further replies.