Thursday, March 16, 2006

Reply to Ken's Comment On the Verbatim Store 'n' Go

After Ken's comment on my (and Verbatim's) claim that a work session on a PC involving the Verbatim Store "n" Go device left behind no trace, I did a little investigating.

Using a virtual installation of Windows XP, I took both software and and data off the Verbatim device, edited 3 images, generated one word processor document and edited several text files. I then closed the session and went looking. There is indeed a trace or three left behind. I found 9 registry keys and several files in swap with no header information (as is the case in regular deletions).

So there is a trace left behind, though I will not say Verbatim's claim is false. There is no obvious indication a user has been on the PC. A forensic examination will indeed reveal the session has taken place and might even allow recovery of some files from the swap area, though I was not able to recover any, using a simple software approach.

I think Verbatim's claim is based on the idea that the next user or regular user of the machine will not notice anything left behind, which is entirely true. That is their goal and they have met it.

In conclusion; if one is working on highly sensitive materials, it might be a better idea to wait until you got to a PC you control to do it. But if one simply needs to catch up on mail and some work, the Store 'N' Go device is perfect, with only that caveat.


1 comment:

  1. now that's the "Crack research team" I mention in the promo! Well Done! Jack


All comments are moderated.

Note: Only a member of this blog may post a comment.