Forensics Bonanza in Facebook Case

Discussion in 'privacy general' started by LockBox, Apr 3, 2012.

Thread Status:
Not open for further replies.
  1. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
  2. Securit

    Securit Registered Member

    Joined:
    Feb 14, 2012
    Posts:
    19
    Thanks! Very interesting reading!
     
  3. BrandiCandi

    BrandiCandi Guest

    Interesting indeed.
     
  4. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    What I found most interesting in the paper is the fact that the forensics experts were able to extract metadata from files that were erased and overwritten by new data. I thought that doing that without employing very expensive means is not possible?
     
  5. Dogbiscuit

    Dogbiscuit Guest

    Some metadata is stored in the Windows file system and not in the file itself.
     
  6. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    Ah, I see!

    Do you know of any free (or trial) software that can be used to analyze metadata from specific files? They mentioned one in the paper, but it is paid and has no trial. I'd like to see just how much information you can extract this way.
     
  7. Dogbiscuit

    Dogbiscuit Guest

    I can't recommend one, but a search on 'metadata removal tool' showed many.
     
  8. syncmaster913n

    syncmaster913n Registered Member

    Joined:
    Mar 24, 2012
    Posts:
    153
    Last edited: Apr 15, 2012
  9. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    It looks like this guy tried to hide his tracks by reinstalling Windows. He obviously doesn't understand that does nothing to hide most of the data that was on the drive.
     
  10. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Eye-opening, Indeed !

    Thanks for posting :thumb:

    It appears he only reinstalled, Without deleting the partions first = Big No No :D
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.