DELETE isn't enough anymore. Consider the case of Robert M. Johnson, the former Newsday publisher who, prosecutors allege, used a software program called Evidence Eliminator to rid his computers of child porn. As anyone who watches shows like "CSI" can attest, pressing "delete" makes files invisible, perhaps, but it doesn't make them gone.
Making files gone has become a booming industry unto itself. Sales of Evidence Eliminator ($149.95) run in the millions of dollars each year, says Andrew Churchill, managing director of England-based Robin Hood Software -- and it's just one of over a dozen "file shredder" or "anti-forensic" products on the market. Eraser, a similar tool available free over the Internet, is downloaded roughly 2.5 million times per year, according to its distributor, Ireland's Heidi Computers.
Many of these software vendors claim that their programs "use wipe methods that exceed the standards set by the U.S. Department of Defense" (CyberCide, $29.95) -- while others boast the capability to "erase to both the U.S. Department of Defense and German Military/Government standards" (DataEraser, $29.95). Their websites urge protection against overly curious bosses, family members, corporate competitors and all variants of law enforcement. "You are at very high risk of investigation!" warns the Evidence Eliminator website. "There is no need for you to play Russian roulette with your job, family, car, property.... Act now!"
The government is responding with forensic techniques and claims of its own, and the high-tech arms race increasingly emerges in courtrooms, with judges and juries asked to meditate on that very basic human desire: to hide things. These indictments are often two-pronged, as is the case with Johnson, who was accused in June of downloading and possessing child pornography -- and with trying to make incriminating files disappear. For your average consumer, "the biggest concern is wanting to get rid of things they're afraid a spouse will find on the computer," says Brendan I. Koerner, a Wired magazine contributing editor.
But spouses aren't the only ones encountering sanitized hard drives. Law enforcement agencies such as the FBI say that in the last year an increasing number of suspects chose to use such computer programs and that they expect the trend will continue. "It is not surprising to us that this technology is out there," says FBI spokesman Paul Bresson. "And tomorrow, six months from now, we'll see it even more."
Making files reappear is a booming business also. Computers are evidentiary treasure troves, and law enforcement isn't willing to roll over without a fight. "Five years ago, there were 1,000 law enforcement and government workers out there attacking this problem," says John Colbert, chief executive of Pasadena-based Guidance Software, which makes the forensic software most used by law enforcement. "Now there are about 20,000." Even so, some FBI computer labs are overburdened with the glut of hard drives they're asked to analyze, says Eugene Spafford, professor of computer sciences at Purdue University. And stories abound in the forensic community of huge backlogs of hard drives coming out of intelligence investigations in Iraq and Afghanistan.
Private-sector forensics is growing alongside law enforcement. Chicago-based Navigant Consulting, a litigation support firm, has doubled its computer-forensics business over the last six months, says managing director James E. Gordon; Deloitte & Touche's Forensics Investigation Services division had 79% growth in the last year, senior manager Bill Farwell says. Of course, the upswing isn't linked solely to the new popularity of anti-forensic software -- there are plenty of regularly deleted files to chase after -- but also to the central role that computers are playing these days in most if not every civil, criminal and corporate conflict.
The truth is in between
"We do have methods which allow us to produce the evidence needed for investigation," says Jim Plitt, director of the U.S. Immigration and Customs Enforcement's Cyber Crimes Center, the bastion of classified high-tech in charge of analyzing Johnson's hard drives.
"They've got their classified information and we've got ours," counters Evidence Eliminator's Churchill. "There will never be any way to defeat Evidence Eliminator."
The truth lies somewhere between these claims, according to Matthew Geiger, a graduate student at Carnegie-Mellon University who recently put six anti-forensic products through a rigorous testing regimen. "The use of counter-forensic tools does indeed pose a challenge to digital investigators," he says. "These tools have the ability to get rid of incriminating evidence and private information. The question is, will they get rid of all of it? Whether they get rid of all the bits and pieces that turn out to be important is a matter of chance. In some cases, they're not very good at it."