January 13th, 2005, 11:57 AM
Looking for evidence of ZDelete being used
Hi all, was wondering if you could help me out with a query.
I've recently started as a digital forensic analyst, and am undergoing training in Encase, FTK and several other forensic tools. I'm currently asssisting another analyst with regards to a case where we have a hunch that the suspect used a disk-cleaning utility (most likely ZDelete) to erase certain files.
We can't find any solid evidence to say whether he has or not, but doing a keyword search revealed some deleted files that aroused suspicion regarding use of ZDelete. Could anyone recommend what to look for to see if ZDelete had once been installed on the suspect's hdd?
Thank you for your time