Forensic Tools for Computers

Zilla Data Nuker

Test: Zilla Data Nuker

Software Title

Files created or downloaded leave a trace even when deleted. These traces allow skilled computer forensic professionals to retrieve the data. Zillasoft, LLC, a New England-based software developing entity provides Zilla Data Nuker that "Shreds sensitive files so they cannot be recovered or undeleted" according to the promotional material for the software. (Zilla Data Nuker 2.0) Zilla Data Nuker is freely downloadable from the ZDNet site at www.zdnet.com or can be obtained directly from the Zillasoft website at www.zillasoft.ws.

Software Functionality

Zilla Data Nuker uses what the company terms as "shredding algorithms" to obliterate data. Ostensibly the software is designed to be used to improve the functionality of a home or office computer by deleting unnecessary files from the hard drive. Zillasoft also claims that the software can function to help protect the user's privacy by completely destroying information targeted by Zilla Data Nuker. This tool might be used by someone who wants to delete personal files that contain sensitive information or by someone working for a company that is attempting to "prevent employees from wasting company time on things such as pornography and music downloading." (Rothke, 2004) Many companies are beginning to more closely examine the files on employee computers to assure that misuse is not taking place. Zilla Data Nuker claims that it can remove such files not just from visibility but from existence on the hard drive. Since the Enron case where data was destroyed by the terabytes, "recovery and analysis of data has come to form a central part of internal investigations." (Marlin, 2004) But with every advance in detection software comes an advance in obfuscation software.

Performance Testing

Using a tool that operates with a GUI interface within the Windows environment such as Zilla Data Nuker has some inherent drawbacks. Some proponents of command line forensic tools "argue that most users really do not know what is going on when they 'point and click' their way around a computer forensic examination." (Kuchta, 2001) This may be a true statement but is somewhat beyond the scope of this text since the testing information is not being submitted in a legal proceeding. Conditions where the specifics regarding the process that the software uses to perform its function will often require software experts from the company that wrote the software to help solidify the reliability of the program in question.

'The Computer Forensics Tool Testing project at the National Institute of Standards and Technology (NIST), an agency of the United States Department of Commerce, was designed to provide a measure of assurance for the software tools used by law enforcement in computer forensics investigations." (General Test Methodology, 2001)

The test method is a combination of the software used for testing and the procedures for completing the testing. (General Test Methodology, 2001) Each of the applicable procedures mentioned in the U.S. Commerce Department prescribed methodology has been included below.

Title stating what product was tested: Zilla Data Nuker

Identification of the testing environment: Local corporate office.

The name and address of the vendor: Zillasoft, LLC. The address was unlisted on the website. After conducting a WHOIS search for www.zillasoft.ws it was learned that the company has a private registration. The address for the hosting company is:

H4Host.com

Lubbock, Texas

79408

United States 50888-07683

Unambiguous identification of the product tested including version, patches, etc.: version 2.0

The test with the criteria for measurement: An audio file called 1.mp3 will be created and then deleted and emptied from the Windows Recycle bin. Once deleted, third party undelete software (eData Unerase Personal 3.0) will be used to attempt to retrieve the file. This procedure will be repeated with the Zilla Data Nuker software used to delete the file and the same third party undelete software used to retrieve it.

Results: The results of the test revealed that deleting the file from the Windows file structure and then emptying the Recycle bin removed the subject file titled 1.mp3. The recovery software (eData Unerase Personal 3.0) was able to retrieve the file (1.mp3) and it was restored and functioned correctly. When the file was deleted with Zilla Data Nuker, the eData Unerase recovery tool was unable to locate the file. This procedure was repeated three separate instances and the results came out identically each time with several different files.

Conclusions (Usefulness, Recommendations)