A Comparison of Data Sanitization Methods
Objective
The objective of this project is to demonstrate the effectiveness of various data Sanitization methods.
Deleted files will be inspected for artifacts using third party tools such as Eric Zimmerman Tools as well as built in tools such as Windows’ Registry Editor.
File Deletion
File deletion will replicate common user deletion methods e.g. right clicking and sending to the Recycle Bin. Other deletion scenarios cover using Window’s Cipher cipher /w:D to overwrite deleted data, using the command prompt del command, and the Poweshell `Remove-Item’.
As some files are considered to be system files, these can not be downlaoded without removing their system file attribute. This was done using Attrib -h -s “D:\Del Command\*.*” /s /d for the del command, and Remove-Item -Path C:\Test\mislabelled-system-file.txt -Force for Remove-Item.
Data Recovery
Deleted files will be recovered using The Sleuth Kit’s Autopsy.
MFT Output
The output of the MFT is stored in the file below.
MFT Output
Files Used for Deletion
Some files were too large to add to GitHub; they are available on the Google Drive link below. Google Drive Link
MFTECmd Troubleshooting Guide
A guide I wrote to troubleshoot the ‘This app can’t run on your PC’ error. This can be found Here