| <<< examination media | Index | previous examination cases >>> |
How would you forensially wipe and verify a hard disk drive? How would you describe this in court or a hearing?
Tools such as BCWipe, PGPWipe, and WinHex can be employed.
Wipe overwrites the entire medium or single partition of the disk with any character.
It is preferable to overwrite the entire disk with an all zeroes or all ones: 0x00 or 0xFF.
It is easier to visually verify presence of 0x00 or 0xFF later on if necessary.
After the wipe operation, open the medium with a hex editor such as WinHex and visually confirm that the medium had been successfully overwritten with the chosen wipe pattern.
| <<< examination media | Index | previous examination cases >>> |