Salon On Computer Forensics 138
splorf writes "Salon has a
good new article on computer forensics, focusing on Lee Tydalska, a guy in Southern California who started collecting old computers and peripherals as a hobby, and now has a nice business doing data recovery from weird and obsolete media for investigators (or normal users who just need media conversion). "It hardly needs saying why this craft has grown in importance",
the article says, "but if one word sums it up, it's 'Enron-itis'". Oh yes, the #1 outfit in the field is apparently a UK firm called Vogon International. You've got to love this stuff."
It's all about the hardware... (Score:3, Interesting)
Re:It's all about the hardware... (Score:1)
Good, bad, or ugly?
Re:It's all about the hardware... (Score:2)
If its Mac OS X I wouldn't be surprised at all...
It was indeed OS X.
My Dell Inspiron 8100 has Firewire... if anyone wants to donate an external disk I'll research how well it works on XP and Linux... ;>
vogon international (Score:5, Funny)
Re:vogon international (Score:1)
Vogon International Data Recovery [vogon-data-recovery.com]
Re:vogon international (Score:1)
Re:vogon international (Score:2)
Re:vogon international (Score:2)
What do you mean by recover? Is the drive damaged or just unreadable because you don't have anything that understands FFS?
If the later is true, Linux can read Amiga file systems very well. Before I retired my A500, I mounted the drive (80MB Connor :) on my Linux box and archived everything.
Re:vogon international (Score:2)
Re:vogon international (Score:1)
Re:Forget the data recovery, (Score:1)
It's just a USB drive with fingerprint recognition.
Try here
http://www.trekstorusa.com/thumbdrive_touch
McK
Re:Forget the data recovery, (Score:2)
Might you be able to help me? (Score:2, Funny)
Anyone know what they might be and how I could go about reading them them?
Re:Might you be able to help me? (Score:2)
Anyone seen one of these? Should I just fold it in half and put it in my CD burner? Or maybe I have to take the plastic coating off the outside... hmm.
Re:Might you be able to help me? (Score:1)
Re:Might you be able to help me? (Score:2, Funny)
You on the left, me on the right [pdp8.net]
More info on the drive [pdp8.net]
Re:Might you be able to help me? (Score:3, Funny)
Perhaps you know where I could find a tape player that can run this [www.emse.fr]??
Re:Might you be able to help me? (Score:2)
Is it a 7 track? 9 track? HDDR? Looks like a european tape.
Heck, I've even worked with 21track tapes, and Russian SDS ones as well.
Pan
Re:Might you be able to help me? (Score:2, Insightful)
It clearly shows that the moderators are too young and never saw a 8" floppy disk. Ah, youngsters of today don't value old hardware anymore.
Re:Might you be able to help me? (Score:2)
Re:Might you be able to help me? (Score:1)
Re:Might you be able to help me? (Score:1)
Re:Might you be able to help me? (Score:3, Funny)
In order to restore these disks for use in a modern computer system, may I suggest that you carefully take apart the disk, ensuring you dont loose the little spring
Once you have removed the black bit from inside, it needs to be renovated
a coating of nail varnish works quite well
scatter ground up matchstick heads over the top of the disk and put it back together
Your computer should then be able to read it
if it still doesnt work, try a more expensive computer
Re:Might you be able to help me? (Score:1)
Dear God, I wish I had some mod points today... moderators, please mod this up!
What's it been, six years since I looked over my old Anarchist's Cookbook files? Too bad this is an AC post; it shot me straight down memory lane... I'm off to do some "data recovery" now
Re:Might you be able to help me? (Score:1)
Re:Might you be able to help me? (Score:1)
For a light snack, I eat a bowl of tape (you used to be able to play Frogger on the Timex Sinclair 1000 with a audio cassette player... good times, good times...) with some soya sauce and crushed red pepper sprinkled on top.
They are tastier than punch cards with cheese and little slices of pepperoni on them
A slightly different business... (Score:2)
sPh
Slightly OT but..... (Score:1)
preloading systems with mis-directing and/or mis-incriminating evidence and planting them in places that investigators are sure to "find"
Slightly OT... /. poster a while back who opened several web e-mail accounts in the names of known criminals and terrorists. :-)
I recall reading a
He sent random crap encrypted with PGP between them all
And no, dont critisise me for doing this!
Obsolete Computers (Score:2, Interesting)
better resource (Score:3, Interesting)
I used to visit the obsoletecomputermuseum and it's a great site.
But recently i discovered http://www.old-computers.com [old-computers.com] and now i'm addicted.
This site is like a community. Everybody can add a piece to the museum, write reviews,... There are polls, links et. It's just a great site and it's al lot more updated and lively than the (olso great!) obsolutecomputermuseum.
"Awareness of computer security..." (Score:2, Insightful)
"Awareness of computer security as a whole is kind of on the upswing," says Laura Koetzle, an analyst with Forrester Research. "As mainstream companies get more interested in computer security and realize that they don't know very much about it, there's more of a market for it."
You would think that watching their software products get constantly infected by viruses would have brought this about?
Oh well, maybe with a heightened sense of security they might get their software patched more often or perhaps switch to an operating system that isn't such a target to script kiddies.
Yes! (Score:1, Funny)
Overture/Goto ad pricing (Score:4, Interesting)
Re:Overture/Goto ad pricing (Score:1)
Re:Overture/Goto ad pricing (Score:2)
If I was a competitor, I would just spend all day repeatedly clicking on their link...
Re:Overture/Goto ad pricing (Score:1)
Re:Overture/Goto ad pricing (Score:1)
However, I would imagine the link would automagically disappear after this limit was reached (if they set it up properly).
Also, they (Overture, Google) supposedly use sophisticated user tracking to prevent multiple clickthroughs by the same person. It remains to be seen how well that works though, especially under a
Re:Overture/Goto ad pricing (Score:2)
Pan
Re:Overture/Goto ad pricing (Score:1)
corporate automated deletion (Score:1)
Re:corporate automated deletion (Score:3, Interesting)
What all these companies who have time delayed deletion of historical email seem to fail to catch onto is that they usually have a long term backup methodology in place.
I've raised this issue with one operation who have a 60 day deletion policy for company security reasons only to be looked at blankly by the HR manager and board directors and then asked, "does anyone doing data recovery ever ask for that sort of thing?".
At that point I nearly cracked up in hysterics myself.
I guess the question to ask is.... (Score:4, Interesting)
Re:I guess the question to ask is.... (Score:5, Informative)
how do you as a person who is responible for dumping old equipment ensure that your company erases sensitive data so that it cannot be recovered by anyone.
I'll give you the 5-second summary:
Previous /. threads have gone on at length on the various creative ways people who care (gov't, military) destroy the hardware utterly. If you overwrite each bit on the disk several times, though, it'll require expensive hardware analysis to recover anything - which is beyond most criminals.
It's the same old issue - risk equals value times danger. The danger that someone will send your disk to hardware analysis isn't that great for most people, so wiping it a few times is probably good enough.
One good way to wipe - stick a bootable Linux CD in (I like Bootable Business Card [lnx-bbc.org] myself) and 'dd if=/dev/random of=/dev/hda'. Lather, rinse, repeat - or better yet, put it in a bash 'for' or tcsh 'foreach' loop. It takes a while.
Want to verify you're wiping everything? Use /dev/zero instead of /dev/random for one pass, then do 'hexdump /dev/hda' which should run for a while and then report that it found nothing but 0's on the disk.
Re:I guess the question to ask is.... (Score:3, Funny)
Want to verify you're wiping everything? Want to be really sure? take the platters out of your hard disk and grind them into powder, then mix them into cement blocks and drop them off a pier
Re:I guess the question to ask is.... (Score:2)
Pan
Re:I guess the question to ask is.... (Score:1)
I really like that idea - Major kudos to a tech support dude that goes out and fixes a multitude of computer problems - using nothing except their knowledge and a business card =)
/dev/random is overkill (Score:2)
For that,
Oh, and be certain that you do a "sync" between passes. That may not be an issue on a hard drive, but with smaller media (like, say, a zip disk), you want to make certain that the computer doesn't cache the writes.
When I retired an old fileserver.... (Score:5, Funny)
Re:I guess the question to ask is.... (Score:1)
Re:I guess the question to ask is.... (Score:1)
You think you can be safe by destroying it? (Score:2)
So you think that data is gone forever? Let's assume there was no van across the street studying van-eck emissions and no keyboard loggers, etc...
Chances are your email was relayed through a few servers before it got to your destination. Those web pages made it through a proxy server, a few routers, and the logs of the GET and PUT requests may have been stored, backed up, and the tapes may have been sorted on a weekly rotation schedule.
Not to mention some tapes are retired and put on the back shelf. Not all these servers were in the same building. Just how many of these tapes are there and where could they all be? Say, a word of panic gets around the company, its partners, and providers as law enforcement gets around asking questions. Darnit, this stuff keeps showing up. Where do these tapes keep coming from? Its like cleaning a dirty house, killing a cockroach, and 10 more pop up.
Electronic evidence breeds and multiplies. A networked approach to data sharing encourages information to branch out be copied countless times.
The only way to be safe is to carefully consider the method of how information is being delivered.
Why people are so afraid of "dumb" workstations that use a single server for processing is interesting. These are not just black and white terminals any more, but now have mice and color monitors. All the maintenance and information is neatly on one server. Software upgrades and projects would not expand the distribution of sensitive information in a closed system like this.
Re:You think you can be safe by destroying it? (Score:1)
Re:I guess the question to ask is.... (Score:2)
Gasoline. Lots and lots of gasoline. :)
Secure Deletion of Data (Score:4, Interesting)
Re:Secure Deletion of Data (Score:2)
Physically shred it and then incinerate it. If I had something I didn't want ANYONE to be able to get, that's the only method I'd trust. If you want to talk about people going to ANY extreme to recover your erased data, you can do microscopic analysis of the residual magnetic fields. You're talking thousands of hours and possibly millions of dollars to recover the data on a portion of a hard drive, but that's the only way to be SURE.
Re:Secure Deletion of Data (Score:1)
What overwriting 35 times with pseudorandom data does do is make your computer pretty much invulnerable to the ex-cop who "learned computers" that'll run Encase over an image of your disk if Scientology decides to sue you.
Re:Secure Deletion of Data (Score:3, Informative)
p.s.
sorry can't find the link right now =(
Re:Secure Deletion of Data (Score:1)
I agree that this topic has been discussed, but I personally have never seen a story where someone has proved it does or does not work. Eveyone just says physical destruction is the only way...or I've "heard" of overwrite patterns in the 20s not being secure. So any have anything that is not heresay??
need help (Score:2, Funny)
He's an unrepentant money-grubbing leech! (Score:3, Interesting)
And I love him for it. Geek hobby success -- truly, qualities to aspire to...
- (Second page, first paragraph)
I've got it, you need it, now pay up! Ha!Tydlaska is prone to gloating about his sometimes invaluable skill. "People go into audit a company and they need to see its 'hysterical data,' as I like to call it -- 'hysterical' because of the prices they pay me to see it. They say, 'But there's nothing wrong with the tape! If I had the equipment I could restore the data myself.' And I say, you're right! If you had it, you could! But you can't buy it, and you can't reproduce it, so it's either worth my exorbitant fee or not. I mean, let the IRS believe you've got the data!"
I've got some old tape drives... an Exabyte 8mm, a few DAT (Wang, I think...) drives, a couple circa-1995 pre-Travan QIC plugs-into-the-floppy-controller anachronisms. I even have a one-piece combo 5¼- and 3½-inch floppy drive! Perhaps I ought to start "Joe's Cut-Rate Data Recovery and Money Removal Service."
Hmmm....
Re:He's an unrepentant money-grubbing leech! (Score:2)
eventhough chances to recover data from floppy get slimmer by the year (sigh). oh! some inventive cabling [euronet.nl] required ;-)
another side of the coin... (Score:3, Interesting)
Riksarkivet (National Archives of Sweden) [www.ra.se] is by law required to obtain, store and display for the public all documents and other entities produced by governmental agencies in Sweden, as well as committees and such since 1618 (some older, as well) for all future time. As the latest 30 years or so has seen a large surge in computerized documents/-ation this gives quite a few spectacular and very interesting examples of deliveries from agencies present or extinct with odd hardware requirements and zillions of different software solutions originally used, many homegrown.
Not only is the archive responsible for 'old' data, its is also responsible for migrating non-computerized material onto a computerized from for future public display, which is no easy process since there is a goal of course not to lock the information onto media, hardware or software designs that are extremely short-term.
In short, it's an area of a heck of a many problems, lots of questions, few people and little interest from the field (I mean, how interesting can it be to design excel spreadsheets for bank applications? Really?)
As for Vogon International, I'm sure that it's a company full of geniuses, but I would prefer if they answered the calls we make for ordering and requesting features promised in the manual in their software, which we need ASAP! It's no fun being stuck in a dos/windows95 edition of software for the sole reason of not getting replies from a genius/vendor.
Forensics anyone?
Seems to be more geared towards Industry... (Score:3, Informative)
The other cool "recovery" project I've seen is CAPS [caps-project.org], which is a project to preserve exact copies of Amiga games. It's a typical abandonware project, except they are going out of their way to keep all copy protection intact. They are even going so far as to reverse engineer the copy-protection so they can make an exact copy of the original disk!
Re:Seems to be more geared towards Industry... (Score:1)
Salon's Ads (Score:1)
I'm just wondering how prevelent these invasive ads are in Salon.
24 inch tapes? (Score:1)
Re:24 inch tapes? (Score:1)
IBAS (Score:1, Interesting)
http://www.ibas.com [ibas.com]
These guys have some severely cool toys!
Vogon International? (Score:1)
Gee, i hope they don't do poetry...
Re:Vogon International? (Score:2)
Bloody hell, I can't believe no-one said that yet...
Any good geek does this (Score:2)
Why? because I have made over $1000.00 over the past year alone on them. (2 jobs, data recovery)
This is why I also have other older drives that were popular 15-20 years ago.
Yes 99.7% of the time it takes up space in my heated storage room.... but all it takes is ONE person to need it and then I get big $$$. The best part is data-recovery from working media is easier now cince linux supports most every filesystem and partition known to be in popular use..
Basically, if you can get working old-stuff like that for free, GRAB IT.. but dont pay for it, that would be silly.
here's what doesn't work (Score:2)
Radio Shack's Tape demagnetizer doesn't erase floppies and zip disks.
CRT Degaussing coils screw up zip disks but I can't tell whether everything is erased. So I don't trust it. I haven't tried hexdump. This coil didn't erase the floppy I tried so I don't have confidence that it will reliably erase media.
Re:here's what doesn't work (Score:1)
I have some rather large neodimium magnets and I'd be more than happy to demonstrate how they can.
Re:here's what doesn't work (Score:2)
You'd think
Re:here's what doesn't work (Score:2)
Oh, and I think while most speaker magnets have nice range they don't have the intensity of the neodymiums I have. I wouldn't be surprised if my largest one could pick me up 'n shit.
And my friends mock me ... (Score:4, Interesting)
Case in point:
Friend of mine used to run a very successful BBS (gasp?! A BBS?!) in this area I helped out with. At it's peak we had 48 telephone lines, an office, and 600 or some users.
Not to bore you with the details but a partnership was formed, dissolved, and eventually he basically ran out of money.
Fast forward 5 years later:
I'm at his house on an unrelated matter. We start talking about the BBS. He mentions how he's got backups of it somewhere but they're on old 120 meg tapes. So I convince him to ransack his room (and we literally do). Eventually we come up with 5 QIC-120 tapes. What to do? Nobody owns one of these drives anymore.
Ah - but I do! Being a geek who collects old obscure, out of date hardware pays off. I slap the tape drive into my system, collect it to the floppy interface (bleck!) and proceed to load the Coloraod Restore software.
Tape 1 - Bad
Tape 2 - Bad
Tape 3 - Bad
Tape 4 - Good
I restored the data to my hard drive, burned it onto a CD-R, copied the system to another computer, tweaked the broken backup until it worked, and brought it up.
Let's do the timewarp, again - a BBS from 1997 was up in the year 2002 via telnet. I was a god among the users
Moral of the story is data mediums age faster then you think! We're only talking 1997 technology here and no one around me had the capabilities to restore it!
Re:Enron-itis? (Score:1)