Tuesday, September 26, 2017

Anti-forensics Thought: Recovery Partition

I was just listening to a speaker talk about disk forensics. He mentioned how we can just skip over the "recovery partition" on the disk we're examining since, "That's not usually interesting to us."

Hmmmmmmmmmmmm.......     Got me thinking.

I wonder if any bad guys have ever tried using that partition as a place to hide bad things?

A quick Google search reveals little speculation or discussion on the topic.