Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Digital Evidence Question - What is an effective Windows hard -disk search tool?

From: "Benjamin A. Okopnik" <ben () callahans org>
Date: Mon, 30 Jun 2003 20:46:20 -0400
On Fri, Jun 27, 2003 at 08:06:52PM -0700, Jack Crone wrote:


If anyone on the list is aware of an actual, documented recovery I
would really like to know about it. Demonstrations which show how to
retrieve a few bits don't count. Neither do the claims of some data
recovery companies who, when pressed, admit that they didn't really
mean it.


Well, I can't claim that I've actually seen a _documented_ recovery as
such, or that I have *absolute* proof, but - having worked for
$LARGE_AEROSPACE_COMPANY where this was a concern, I'm aware of two
techniques that were supposedly in actual use then. One of them, at
least, returns several highly relevant Google hits:

"magnetic media microscopy"

There are at least two companies that claim to be using it for data
recovery:

<http://www.1stdatarecovery.com/QA_UK.htm#Q17>
<http://www.savemyfiles.com/>

The last one claims NASA and Harvard Med school as clients - and is,
incidentally, quoted in this connection on SecurityFocus (small world,
ain't it?)

The other technique supposedly required a SQUID (Superconducting QUantum
Interference Detector); all I'd heard about it was that a local guru
(this was in Los Angeles) was the only guy in the US that was using one
that way at the time. Oh, and charging ~$60k per HD.

None of the above were ever claimed to recover anything that was
overwritten (as opposed to simply formatted); the company finally
decided that 7x overwrites with random garbage was sufficient for their
purposes.


Ben Okopnik
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
If you're not making any mistakes, you're probably not building anything.
 -- Terry Sumner

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: