Full Text

1. INTRODUCTION

In this digital age, keeping personal or confidential data private is quite difficult. Regrettably, this problem is exacerbated by the very technology we use to create the digital data. It has already been established that a problem exists with users and companies selling off old hard disks that still contain commercial or personal data, even if the hard disk has been formatted (Garfinkel and Shelat, 2003; Jones, Valli, Sutherland, and Thomas, 2006; Jones, Valli, Dardick, and Sutherland, 2008). What has yet to be established is the extent of commercial, private, or personal data that can be transmitted via file slack. "File slack" can contain data dumped randomly from the computer's memory, data from previously deleted files, etc., and can potentially reveal prior uses of the computer such as fragments of email messages, network or internet site logon names and passwords, etc (Volonino, Anzaldua, and Godwin, 2006).

For this paper, we will limit our discussion to Microsoft Windows OS because "unlike Windows . . . file systems, UNIX does not have file slack space. When UNIX creates a new file, it writes the remainder of the block with zeros and sets them as unallocated. Therefore it is not possible to recover deleted data from slack space on UNIX systems" (Casey 2004). According to NetApplications, roughly 90% of operating systems on PCs are some version of Microsoft Windows (NetApplications 2008). Additionally, Steve Ballmer of Microsoft stated that "forty percent of servers run Windows" (Niccolai 2008).

"File slack is a data storage area most users are unaware of (Vacca, 2002). "It is a source of significant security leakage and consists of raw memory dumps that occur during the work session as...