Data Security & Digital Forensics

Oh yeah I did some dumb ass himbo shit yesterday…I was re-arranging some stuff on my hard-drive and I cut and pasted a whole drive by mistake..then I undid it..

Everything looked fine…I didn’t realise till hours later than I’d deleted like 6 months of REALLY important work…so I kinda panicked for a second..

Then I remembered I’m a geek….some more I am a security geek, so I know that when you delete your files, they aren’t REALLY deleted…the file system just marks them as deleted and you can no longer see them in Windows..They are only REALLY wiped when you fill up your disk with other crap and the blocks are re-used and your original files are over-written..

Anyway this is the basic concept of computer forensics, to be safe against this wipe your slack space and if you sell your PC don’t just delete your files or format it, do a 7 pass over-write with something like Eraser[/url]. As I said above the only safe method is to overwrite everything, then delete it all, then overwrite again. And this is not even fail-safe…using Electron/Digital Microscopy the big agencies can still recover your data..The only truly safe way is incineration 🙂

The way I explain that is this…imagine your hard disk is a tin tray, you put your data in by hitting it with a hammer, you erase it by hitting the other side with a hammer…you aren’t going to get 100% accuracy on the dent so there will be some residual data..They can find all this and reconstruct it into something meaningful, but it costs a huge amount of money..

As with most things security related..it’s a balance, the cost of protection vs what you are protecting vs the cost of recovery/intrusion.

For most people a free tool like eraser and a few hours of wiping is fine 🙂 Call it Data Sanitization…keep your house clean 🙂

If you really want to know the guts behind it you can read this article:

Secure Deletion of Data from Magnetic and Solid-State Memory[/url]”

Most people don’t know this..once it’s ‘gone’ from the recycle bin they think it’s lost forever. Well in truth unless you’ve written a shit load of stuff to your disk since you deleted it, chances are it’s still very much there.

The most powerful commercial tool in this field is Encase[/url], the government have more powerful shit, but we aren’t even supposed to know that.

(I lost about 300mb of stuff, it took me about 15 minutes to fully recover it all).

Let me illustrate with some lovely art..ok I have a very important picture which shows me in a compromising situation…I wish to delete it..

So I shift-delete it, it’s gone, not in the recycle bin ah I’m safe:

Then Shaolin comes along and fires up his trust undeletion utility:

See it recovered everything, including the original file name and some other blank filenames..

So who is Kinoshita Ayumi you ask? Go Google it 😀

Another tip to note is..if you’ve ‘lost’ files, don’t write anything to that drive or especially that partition. And when you restore the files, also restore to a different partition or you might find that files you are trying to restore disappear half way through as though overwrote them…

The software I used for this was Active UNDELETE.

Anyway I have to go for lunch now, hope you learnt something new today..

Comments

comments

Subscribe

You can subscribe via e-mail to get my posts in your Inbox, or stalk me on numerous other platforms.


3 Responses to Data Security & Digital Forensics

  1. Vader November 17, 2004 at 11:33 pm #

    *Then I remembered I’m a geek….*

    Wot wus on ur mind then? why did u forget?? lol

  2. kimberlycun November 18, 2004 at 5:43 am #

    glad u recovered your stuff. 15 mins…wow!

  3. ShaolinTiger November 18, 2004 at 8:31 am #

    Dude….that would be telling ok 😛

 
Keep up with me on Social Media by following me below - Thanks so much!