Wulf's Webden

The Webden on WordPress


When I did my Digital Forensics course a couple of years ago, one of the main themes drilled home was the importance of contemporaneous notes – writing down what you did while you are doing it. This has two purposes. In the courtroom setting, it demonstrates your competence (or otherwise) as an expert. Ideally you need a way of putting in incontrovertible timestamps and other measures to prove that the record has not been altered. More usefully, in my subsequent practice, it provides enough description of the path taken that it can be followed again from the same starting point to arrive at the same conclusion.

Earlier today I had cause to turn back to one of the assignments I submitted during the course, in order to look at the the contemporaneous notes I submitted to demonstrate how I had evaluated, installed and tested a hex editor. I am in the process of checking another program, Eraser, to see that it thoroughly deletes data to the standard I need. The hex editor lets me look at exactly what is on the disk. I can locate my file and (since it is a simple text file) read it directly; after deletion I can return to the same location and look to see what is left. After regular deletion, the contents will still be largely readable even if not directly accessible by the regular operating system; afterwards, all traces should be expunged.

It isn’t something I have had cause to do since the course and I was getting a little bogged down trying to figure out what tool to use until I remembered to look back at my notes. Job done and, next week, I can conduct my tests. Hurrah for good notes!

Comments are closed.