Difference between revisions of "Remnant Data"

From ForensicsWiki
Jump to: navigation, search
m
m (Papers)
Line 15: Line 15:
  
 
Chow, J., B. Pfaff, T. Garfinkel, K. Christopher, M. Rosenblum,   
 
Chow, J., B. Pfaff, T. Garfinkel, K. Christopher, M. Rosenblum,   
Understanding Data Lifetime via Whole System Simulation, Proceedings of the 13th USENIX Security Symposium, 2004.
+
[[Media:Image:Tainbochs.pdf|Understanding Data Lifetime via Whole System Simulation]], Proceedings of the 13th USENIX Security Symposium, 2004.
  
 
Garfinkel, S. and Shelat, A., "Remembrance of Data Passed: A Study of Disk Sanitization Practices," IEEE Security and Privacy, January/February 2003.
 
Garfinkel, S. and Shelat, A., "Remembrance of Data Passed: A Study of Disk Sanitization Practices," IEEE Security and Privacy, January/February 2003.

Revision as of 09:36, 16 March 2007

Remnant Data is data that is unintentionally left behind on computer media. In forensic usage, remnant data is typically left behind after attempts have been made to delete the data, after the data has been forgotten, or after the media on which the data resides has been decomissioned.

Remnant data appears at all levels of modern computer systems:

  • Computer systems that are discarded.
  • Partitions in hard drives that are deleted.
  • Files on hard drives that are deleted but not overwritten.
  • Snippets of text in Microsoft Word files.
  • Heap variables that are freed with free()
  • Automatic variables left on the stack of languages like C or garbage collected in languages like Java.

Originally the phrase "remnant data" was used to describe data left behind on magnetic recording media such as tapes and floppy disks. On these kinds of media it was suggested that previous generations of data could be recovered---a process that is easy to observe with analog cassette and reel-to-reel tapes.

Papers

Byers, Simon. Scalable Exploitation of, and Responses to Information Leakage Through Hidden Data in Published Documents, AT&T Research, April 2003

Chow, J., B. Pfaff, T. Garfinkel, K. Christopher, M. Rosenblum, Understanding Data Lifetime via Whole System Simulation, Proceedings of the 13th USENIX Security Symposium, 2004.

Garfinkel, S. and Shelat, A., "Remembrance of Data Passed: A Study of Disk Sanitization Practices," IEEE Security and Privacy, January/February 2003.

See Also

  • [Sanitizing Tools]