Slashdot Mirror

← Back to Stories (view on slashdot.org)

Salon On Computer Forensics

Posted by chrisd on from the keep-those-tape-drives-handy dept.

splorf writes "Salon has a good new article on computer forensics, focusing on Lee Tydalska, a guy in Southern California who started collecting old computers and peripherals as a hobby, and now has a nice business doing data recovery from weird and obsolete media for investigators (or normal users who just need media conversion). "It hardly needs saying why this craft has grown in importance", the article says, "but if one word sums it up, it's 'Enron-itis'". Oh yes, the #1 outfit in the field is apparently a UK firm called Vogon International. You've got to love this stuff."

7 of 138 comments (clear)

  1. vogon international by Atilla · · Score: 5, Funny

    "we can recover any data, even punch cards from a planet blown to pieces to make a path for a new hyperspace bypass"

    --
    --- sig moved for great justice.
  2. Overture/Goto ad pricing by realdpk · · Score: 4, Interesting

    Data recovery is one of the most expensive search results on Overture that I've seen.

  3. I guess the question to ask is.... by 8127972 · · Score: 4, Interesting

    Now that we know that companies like this exist, how do you as a person who is responible for dumping old equipment ensure that your company erases sensitive data so that it cannot be recovered by anyone. You have to believe that there have to be one or two people out there who are looking to do something "bad" with the data they find on disposed computers.

    --
    This is my opinion. To make sure you don't steal it, it's covered by the DMCA.
    1. Re:I guess the question to ask is.... by bourne · · Score: 5, Informative

      how do you as a person who is responible for dumping old equipment ensure that your company erases sensitive data so that it cannot be recovered by anyone.

      I'll give you the 5-second summary:

      • You can't erase it so that it can never be recovered.
      • But you can make it expensive/impractical to recover.

      Previous /. threads have gone on at length on the various creative ways people who care (gov't, military) destroy the hardware utterly. If you overwrite each bit on the disk several times, though, it'll require expensive hardware analysis to recover anything - which is beyond most criminals.

      It's the same old issue - risk equals value times danger. The danger that someone will send your disk to hardware analysis isn't that great for most people, so wiping it a few times is probably good enough.

      One good way to wipe - stick a bootable Linux CD in (I like Bootable Business Card myself) and 'dd if=/dev/random of=/dev/hda'. Lather, rinse, repeat - or better yet, put it in a bash 'for' or tcsh 'foreach' loop. It takes a while.

      Want to verify you're wiping everything? Use /dev/zero instead of /dev/random for one pass, then do 'hexdump /dev/hda' which should run for a while and then report that it found nothing but 0's on the disk.

  4. Secure Deletion of Data by ltsmash · · Score: 4, Interesting

    I'd be interested to hear what the Lee Tydalska has to say about secure deletion of data (i.e. how can you be sure you have destroyed data on a harddrive/cd-rom/floppy/etc). Peter Gutmann wrote a paper on how to destroy data. In the paper, he argues that by overwriting your harddrive multiple times with highly sophisticated patterns, it will be almost impossible to recover the data. I wonder if industry people agree with him.

  5. When I retired an old fileserver.... by dmaxwell · · Score: 5, Funny

    I once had to retire a Mac LC II was the building fileserver. This thing had financials, the private records of students; you name it. I low-leveled the drive and wrote 0's to it. Once that was done, I drilled several holes through the platters. I broke the bit off the drill in the process. The drive with drill bit stub stuck in it looks like Count Datatula with a spike through his heart. We keep the spiked carcass around to show people how to make sure that sensitive data gets destroyed.

  6. And my friends mock me ... by Splat · · Score: 4, Interesting

    They will never make fun of my QIC-120 tape drive mounted below my 24x burner again ..

    Case in point:

    Friend of mine used to run a very successful BBS (gasp?! A BBS?!) in this area I helped out with. At it's peak we had 48 telephone lines, an office, and 600 or some users.

    Not to bore you with the details but a partnership was formed, dissolved, and eventually he basically ran out of money.

    Fast forward 5 years later:

    I'm at his house on an unrelated matter. We start talking about the BBS. He mentions how he's got backups of it somewhere but they're on old 120 meg tapes. So I convince him to ransack his room (and we literally do). Eventually we come up with 5 QIC-120 tapes. What to do? Nobody owns one of these drives anymore.

    Ah - but I do! Being a geek who collects old obscure, out of date hardware pays off. I slap the tape drive into my system, collect it to the floppy interface (bleck!) and proceed to load the Coloraod Restore software.

    Tape 1 - Bad
    Tape 2 - Bad
    Tape 3 - Bad
    Tape 4 - Good

    I restored the data to my hard drive, burned it onto a CD-R, copied the system to another computer, tweaked the broken backup until it worked, and brought it up.

    Let's do the timewarp, again - a BBS from 1997 was up in the year 2002 via telnet. I was a god among the users :)

    Moral of the story is data mediums age faster then you think! We're only talking 1997 technology here and no one around me had the capabilities to restore it!