Slashdot Mirror
Salon On Computer Forensics
splorf writes "Salon has a
good new article on computer forensics, focusing on Lee Tydalska, a guy in Southern California who started collecting old computers and peripherals as a hobby, and now has a nice business doing data recovery from weird and obsolete media for investigators (or normal users who just need media conversion). "It hardly needs saying why this craft has grown in importance",
the article says, "but if one word sums it up, it's 'Enron-itis'". Oh yes, the #1 outfit in the field is apparently a UK firm called Vogon International. You've got to love this stuff."
I was suprised to see an @Stake employee bring a Mac to a presentation, but he explained that they used Mac because the greater FireWire support meant they could do forensic imaging onto external disks a hell of alot faster.
"we can recover any data, even punch cards from a planet blown to pieces to make a path for a new hyperspace bypass"
--- sig moved for great justice.
Whatever you do, don't contact their "construction fleet". Bad things will happen. The dolphins warned me.
<?php while ($self != "asleep") { $sheep_count++; } ?>
where are the "Thumb drives" they promised at the end of the article?
Anyone know what they might be and how I could go about reading them them?
... now Vogon industry will be able to restore all failed poetry attempts destroyed by their authors, even if the shredded the paper into teeny bits, even if they burned it!
Well, it's certainly inflamed the public and investigators, leading to more complications in other companies.
Doesn't seem to be that much of a misnomer to me...
sPh
Here's an interesting site about old computers. It has pictures of most of models. Brings back memories...
Aren't they the ones who will be destroying the earth to make room for an intergalactic highway?
"Awareness of computer security as a whole is kind of on the upswing," says Laura Koetzle, an analyst with Forrester Research. "As mainstream companies get more interested in computer security and realize that they don't know very much about it, there's more of a market for it."
You would think that watching their software products get constantly infected by viruses would have brought this about?
Oh well, maybe with a heightened sense of security they might get their software patched more often or perhaps switch to an operating system that isn't such a target to script kiddies.
preloading systems with mis-directing and/or mis-incriminating evidence and planting them in places that investigators are sure to "find"
Slightly OT... /. poster a while back who opened several web e-mail accounts in the names of known criminals and terrorists. :-)
I recall reading a
He sent random crap encrypted with PGP between them all
And no, dont critisise me for doing this!
Anyone quoted by a reporter knows how little they understand
Don't believe what you read is the truth.
So, does this mean that the government will pay me to use my old Commodore64 machines (3 of em) to read all those old criminal records disk? Time to cash in!
GOD DAMNIT , MODERATE ME!
Data recovery is one of the most expensive search results on Overture that I've seen.
These guys provide a valuable if expensive service. On the other hand, companies are becoming so paranoid about liability, because of this that they have started clearing all email from servers after 3 months (mine does) Once, I got lazy about saving stuff elsewhere, and I lost my contact inforamtion for someone. I still haven't found that guy. I hope he doesn't hate me.
Stop Continental Drift! Reunite Gondwanaland!
Now that we know that companies like this exist, how do you as a person who is responible for dumping old equipment ensure that your company erases sensitive data so that it cannot be recovered by anyone. You have to believe that there have to be one or two people out there who are looking to do something "bad" with the data they find on disposed computers.
This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
I'd be interested to hear what the Lee Tydalska has to say about secure deletion of data (i.e. how can you be sure you have destroyed data on a harddrive/cd-rom/floppy/etc). Peter Gutmann wrote a paper on how to destroy data. In the paper, he argues that by overwriting your harddrive multiple times with highly sophisticated patterns, it will be almost impossible to recover the data. I wonder if industry people agree with him.
Can these guys help me recover a term paper I made on my old Coleco ADAM computer? Its on the a cassette tape. My paper was due July 1984 perhaps I can still get partial credit!
And I love him for it. Geek hobby success -- truly, qualities to aspire to...
- (Second page, first paragraph)
I've got it, you need it, now pay up! Ha!Tydlaska is prone to gloating about his sometimes invaluable skill. "People go into audit a company and they need to see its 'hysterical data,' as I like to call it -- 'hysterical' because of the prices they pay me to see it. They say, 'But there's nothing wrong with the tape! If I had the equipment I could restore the data myself.' And I say, you're right! If you had it, you could! But you can't buy it, and you can't reproduce it, so it's either worth my exorbitant fee or not. I mean, let the IRS believe you've got the data!"
I've got some old tape drives... an Exabyte 8mm, a few DAT (Wang, I think...) drives, a couple circa-1995 pre-Travan QIC plugs-into-the-floppy-controller anachronisms. I even have a one-piece combo 5¼- and 3½-inch floppy drive! Perhaps I ought to start "Joe's Cut-Rate Data Recovery and Money Removal Service."
Hmmm....
"...America's great minds of today, teaching America's great minds of tomorrow. Poor bastards." -- A Beautiful Min
I once had to retire a Mac LC II was the building fileserver. This thing had financials, the private records of students; you name it. I low-leveled the drive and wrote 0's to it. Once that was done, I drilled several holes through the platters. I broke the bit off the drill in the process. The drive with drill bit stub stuck in it looks like Count Datatula with a spike through his heart. We keep the spiked carcass around to show people how to make sure that sensitive data gets destroyed.
"Atrophy of the Enron" isn't quite trendy and layman enough.
Well, that's this page fucked with NetNanny then.
Riksarkivet (National Archives of Sweden) is by law required to obtain, store and display for the public all documents and other entities produced by governmental agencies in Sweden, as well as committees and such since 1618 (some older, as well) for all future time. As the latest 30 years or so has seen a large surge in computerized documents/-ation this gives quite a few spectacular and very interesting examples of deliveries from agencies present or extinct with odd hardware requirements and zillions of different software solutions originally used, many homegrown.
Not only is the archive responsible for 'old' data, its is also responsible for migrating non-computerized material onto a computerized from for future public display, which is no easy process since there is a goal of course not to lock the information onto media, hardware or software designs that are extremely short-term.
In short, it's an area of a heck of a many problems, lots of questions, few people and little interest from the field (I mean, how interesting can it be to design excel spreadsheets for bank applications? Really?)
As for Vogon International, I'm sure that it's a company full of geniuses, but I would prefer if they answered the calls we make for ordering and requesting features promised in the manual in their software, which we need ASAP! It's no fun being stuck in a dos/windows95 edition of software for the sole reason of not getting replies from a genius/vendor.
Forensics anyone?
I love old computers too, but I lean more in the direction of the home/hobbyist computers (old Macs, Atari 8/16 bit computers, Amigas and other Commodores, etc) I found something called "The Catweasle" a while back. It plugs into an ISA slot (remember those? of course you do :) and has floppy controller ports for two drives. This thing reads *everything*. Check out the link for the full specs. Think there's a market for getting data off an Amiga 1200 disk?
The other cool "recovery" project I've seen is CAPS, which is a project to preserve exact copies of Amiga games. It's a typical abandonware project, except they are going out of their way to keep all copy protection intact. They are even going so far as to reverse engineer the copy-protection so they can make an exact copy of the original disk!
Cryonics is really all about storing data for eventual recovery.
This post is protected under the DMTA (Digital Millemium Trolling Act). It is illegal to moderate it as a troll.
3.25 inch floppies? Thaz right, three and a QUARTER inch floppies? They look like 5.25 floppies shrunk down.
How about stringy floppies from the '80s?
I bet I can out-obscure this guy!
Then takes the ashes and bits in an aircraft and scatter them over a 100 mile area.
So you think that data is gone forever? Let's assume there was no van across the street studying van-eck emissions and no keyboard loggers, etc...
Chances are your email was relayed through a few servers before it got to your destination. Those web pages made it through a proxy server, a few routers, and the logs of the GET and PUT requests may have been stored, backed up, and the tapes may have been sorted on a weekly rotation schedule.
Not to mention some tapes are retired and put on the back shelf. Not all these servers were in the same building. Just how many of these tapes are there and where could they all be? Say, a word of panic gets around the company, its partners, and providers as law enforcement gets around asking questions. Darnit, this stuff keeps showing up. Where do these tapes keep coming from? Its like cleaning a dirty house, killing a cockroach, and 10 more pop up.
Electronic evidence breeds and multiplies. A networked approach to data sharing encourages information to branch out be copied countless times.
The only way to be safe is to carefully consider the method of how information is being delivered.
Why people are so afraid of "dumb" workstations that use a single server for processing is interesting. These are not just black and white terminals any more, but now have mice and color monitors. All the maintenance and information is neatly on one server. Software upgrades and projects would not expand the distribution of sensitive information in a closed system like this.
Did anyone else get a flash-based ad for MS that covered most of their browser window.
I'm just wondering how prevelent these invasive ads are in Salon.
From their corp site:
"Our data conversion services ensure that companies retain total access to stored information at all times. All operating systems are supported, from legacy systems to the most recent including WIN 2000."
Wow, sounds impressive!
P
Did anyone notice this near the end of the article: "We see everything from floppy disks to small tapes to the old-style 24-inch reel tapes you see in the movies..." I used to work with those tapes and they definitely were not 24 inches in diameter! More like 24 millimeters. A tape 24 inches across would be the size of a large pizza.
I used to visit the obsoletecomputermuseum and it's a great site.
But recently i discovered http://www.old-computers.com and now i'm addicted.
This site is like a community. Everybody can add a piece to the museum, write reviews,... There are polls, links et. It's just a great site and it's al lot more updated and lively than the (olso great!) obsolutecomputermuseum.
IBAS is another company that offers data recovery.
http://www.ibas.com
These guys have some severely cool toys!
Gee, i hope they don't do poetry...
I still have 2 working Bernulli drives a 9 track tape reader(and ISA card interface) a magneto-optical drive AND to top it off a 8 inch floppy drive with a standard floppy drive interface adapter scabbed onto it.
Why? because I have made over $1000.00 over the past year alone on them. (2 jobs, data recovery)
This is why I also have other older drives that were popular 15-20 years ago.
Yes 99.7% of the time it takes up space in my heated storage room.... but all it takes is ONE person to need it and then I get big $$$. The best part is data-recovery from working media is easier now cince linux supports most every filesystem and partition known to be in popular use..
Basically, if you can get working old-stuff like that for free, GRAB IT.. but dont pay for it, that would be silly.
Do not look at laser with remaining good eye.
Strong magnets don't erase floppies, zip disks, etc..
Radio Shack's Tape demagnetizer doesn't erase floppies and zip disks.
CRT Degaussing coils screw up zip disks but I can't tell whether everything is erased. So I don't trust it. I haven't tried hexdump. This coil didn't erase the floppy I tried so I don't have confidence that it will reliably erase media.
Wansu, th' chinese sailor
you have to break a few eggs...
Beauty is truth, truth beauty. That is all ye need to know on Earth, besides TCP/IP.
They will never make fun of my QIC-120 tape drive mounted below my 24x burner again ..
:)
Case in point:
Friend of mine used to run a very successful BBS (gasp?! A BBS?!) in this area I helped out with. At it's peak we had 48 telephone lines, an office, and 600 or some users.
Not to bore you with the details but a partnership was formed, dissolved, and eventually he basically ran out of money.
Fast forward 5 years later:
I'm at his house on an unrelated matter. We start talking about the BBS. He mentions how he's got backups of it somewhere but they're on old 120 meg tapes. So I convince him to ransack his room (and we literally do). Eventually we come up with 5 QIC-120 tapes. What to do? Nobody owns one of these drives anymore.
Ah - but I do! Being a geek who collects old obscure, out of date hardware pays off. I slap the tape drive into my system, collect it to the floppy interface (bleck!) and proceed to load the Coloraod Restore software.
Tape 1 - Bad
Tape 2 - Bad
Tape 3 - Bad
Tape 4 - Good
I restored the data to my hard drive, burned it onto a CD-R, copied the system to another computer, tweaked the broken backup until it worked, and brought it up.
Let's do the timewarp, again - a BBS from 1997 was up in the year 2002 via telnet. I was a god among the users
Moral of the story is data mediums age faster then you think! We're only talking 1997 technology here and no one around me had the capabilities to restore it!
Skip the concrete, pour the powder right into an outgoing rip tide.
The real irony here is that Joan Feldman left her employer, Electronic Evidence Discovery, to set up shop on her own. When she did so, she took a bunch of their technology with her to get started.
EED ended up settling their lawsuit for reasons which remain murky; had they used their own specialty against her, they'd have probably gotten better results. Now EED is well behind the curve because of their reliance on out of date technology and a 90% annual personnel attrition rate. The only stability is in the front office, sales, and upper management--mostly because management grinds their people to dust and/or sacrifices a tech whenever a law firm complains about things.
Having dealt with both, Joan's company is MUCH easier to deal with, gets better results, and has a much better reputation these days.
For these purposes, you don't need a complete stream of cryptographically secure random data, you just need to make certain that the various passes are sufficiently different from each other.
/dev/urandom will do the trick, and you won't have to wait for your entropy pool to be rebuilt every few thousand bytes. Of course, it'll still take a long time (nothing can speed up that physical disk access), but you can also then let it run unattended on a machine that's disconnected from the rest of the world (and therefore isn't refilling its entropy pool through randomness)
For that,
Oh, and be certain that you do a "sync" between passes. That may not be an issue on a hard drive, but with smaller media (like, say, a zip disk), you want to make certain that the computer doesn't cache the writes.
Someday I will make money off these things
sitting in a corner.
zip 100
jaz 1 gb
pd
MO drive
soon to be DVD ram.
Maybe I'll keep my OS/2 cd's now.
great job turd juggler, post anonymously, then reply to your post to be the first... h00t h00t!