| Encase BBS |
| EnCase is the industry leading computer forensic software tool used by most all computer forensic examiners worldwide. Read what their users had to say about BC Wipe and Evidence Eliminator 4.5 |
| Author | Topic: BC Wipe and/or Evidence Eliminator 4.5? |
|
**** ***** Member |
I am working on a case where the subject seems to have used? (or a least the programs themselves are there) BC Wipe and/or Evidence Eliminator 4.5. What exactly do these programs do to the files and have i got any hope of recovering anything? Thanks in advance, IP: |
|
**** ***** Member |
posted 03-23-2000 05:35 AM
Both over-write slack and free space. Evidence eliminator also gets rid of temp and swap files. Although we have not done field tests it does look as though the evidence will be trashed. IP: |
|
***** Member |
posted 03-23-2000 06:55 PM
I use BCwipe myself on my drives before I re-use them. BCwipe does a DOD wipe. If he used it the evidence is GONEZO. IP: |
|
****** ******** Member |
posted 04-03-2000 01:12 AM
Evidence Eliminator 4.5 is a good tool and definately cleans up slack and free space. We have used it downunder with some good success. However, although it will eliminate the majority of areas it still requires to be configured to delete and eliminate personally created files and folders covering the users individual system settings. Therefore, if your 'client' has use the 'factory' default settings and not configured the software to include their personal and individually created files and folders ..... your luck just may be in. You may also try to run the signature option over the suspect system and if your client has changed any extension and forgotten to change them back in an attempt to hide data prior to cleaning the system for that anticipated visit, you may pick something up they have lost track off. Happy Hunting You never know your luck in a raffle, if you do not give it a go you will never know? Zeke IP: |
|
**** ******* Member |
posted 04-13-2000 06:56 AM
FYI: I've done some experimenting with Evidence Eliminator. Sometimes you're able to view previous internet history by viewing certain .DAT files. ------------------ IP: |
|
**** ******** Member |
Version 5 of Evidence Eliminator is now available. I see they make some interesting comments about EnCase and its capabilities. Needless to say they are not quite true if Evidence Eliminator has not been properly configuired and we still get bits back from areas where the suspect has forgotten they had placed them in the visible space.
IP: |
In the fourth thread down notice what 'Zeke' says: "if your 'client' has used the 'factory' default settings...." Here you can see the importacnce of configuring Evidence Eliminator (or other wiping program) to wipe your "personal and individually created files and folders". |
|
| Back | |