Salon On Computer Forensics

← Back to Stories (view on slashdot.org)

Posted by chrisd on Monday April 22, 2002 @02:16AM from the keep-those-tape-drives-handy dept.

splorf writes "Salon has a good new article on computer forensics, focusing on Lee Tydalska, a guy in Southern California who started collecting old computers and peripherals as a hobby, and now has a nice business doing data recovery from weird and obsolete media for investigators (or normal users who just need media conversion). "It hardly needs saying why this craft has grown in importance", the article says, "but if one word sums it up, it's 'Enron-itis'". Oh yes, the #1 outfit in the field is apparently a UK firm called Vogon International. You've got to love this stuff."

3 of 138 comments (clear)

Min score:

Reason:

Sort:

Re:I guess the question to ask is.... by bourne · 2002-04-22 03:04 · Score: 5, Informative
how do you as a person who is responible for dumping old equipment ensure that your company erases sensitive data so that it cannot be recovered by anyone.

I'll give you the 5-second summary:
- You can't erase it so that it can never be recovered.
- But you can make it expensive/impractical to recover.
Previous /. threads have gone on at length on the various creative ways people who care (gov't, military) destroy the hardware utterly. If you overwrite each bit on the disk several times, though, it'll require expensive hardware analysis to recover anything - which is beyond most criminals.

It's the same old issue - risk equals value times danger. The danger that someone will send your disk to hardware analysis isn't that great for most people, so wiping it a few times is probably good enough.

One good way to wipe - stick a bootable Linux CD in (I like Bootable Business Card myself) and 'dd if=/dev/random of=/dev/hda'. Lather, rinse, repeat - or better yet, put it in a bash 'for' or tcsh 'foreach' loop. It takes a while.

Want to verify you're wiping everything? Use /dev/zero instead of /dev/random for one pass, then do 'hexdump /dev/hda' which should run for a while and then report that it found nothing but 0's on the disk.
Seems to be more geared towards Industry... by BigJimSlade · 2002-04-22 03:28 · Score: 3, Informative

I love old computers too, but I lean more in the direction of the home/hobbyist computers (old Macs, Atari 8/16 bit computers, Amigas and other Commodores, etc) I found something called "The Catweasle" a while back. It plugs into an ISA slot (remember those? of course you do :) and has floppy controller ports for two drives. This thing reads *everything*. Check out the link for the full specs. Think there's a market for getting data off an Amiga 1200 disk?

The other cool "recovery" project I've seen is CAPS, which is a project to preserve exact copies of Amiga games. It's a typical abandonware project, except they are going out of their way to keep all copy protection intact. They are even going so far as to reverse engineer the copy-protection so they can make an exact copy of the original disk!
Re:Secure Deletion of Data by afidel · 2002-04-22 03:57 · Score: 3, Informative

Nope, won't do it. I remember reading a master thesis on data recovery and retention a couple years ago from an anapolis grad that was going into the upper echelon's of the militaries infosec group. Basically with a SEM and some time he could ALWAYS recover some data even after 20 passes with multiple types of data, eg patterns, all 0's, all 1's, and psudorandom noise. He also used a degaussing coil that they use on ship hulls, still able to retrieve some data. His conclusion was that for anything topsecret or above the only viable method to dispose of the hdd was incineration.

p.s.
sorry can't find the link right now =(

--
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.