Greetings to the list. I am a user of AccessData's FTK, among other tools. What I am currently looking for is information on how to discern the difference between areas of a disk that have never been written to, vs. a disk that has been wiped or zeroed out. Does the free / slack space of a new, off the factory hard disk always contain the same data, or does is vary from manufacturer and low level format? I am aware that different zeroing tools can write "random" data. Is it a general practice when not writing random data to write zeros, or do some products use another particular value? While searching the archives and Internet, I did see a bit of information that some disk wipe tool write a particular signature at the start of an overwrite. Can anyone provide any links or information on this? Sorry if it's been discussed before - I bet it has - but I couldn't find it searching the archives. The search tool seems a bit problematic. Thanks in advance for any info! Michael Edwards Blank & Associates P.S. - 206.256.9699 x36 2001 Western Avenue, Suite 250 - Seattle, Washington 98121 CONFIDENTIALITY NOTICE: The contents of this message are intended solely for the person to whom this message is addressed, and may be protected from disclosure or dissemination by the attorney-client privilege or other guarantee of confidentiality. If you believe you have received this message in error, please notify the sender at <mailto:medwards@digital-legal.com>medwards@digital-legal.com and destroy all copies. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Feb 22 2003 - 12:31:19 PST