Posted on 07/13/2006 6:09:50 PM PDT by LouAvul
Tulsa - A computer company is being used to fight high-tech crimes in Tulsa. Some of the cases involve child pornography, where information is retrieved from the accused's computer, some of which may have been deleted. NewsChannel 8's Burt Mummolo reports on the company that specializes in recovering hidden information.
Have you tried to cover your tracks with the click of a mouse? Erasing the evidence of embezzlement or an online affair? Too late. Digital forensics has made the delete key obsolete.
"What we do is we take a computer, throw it up against a wall and frisk it," says Gavin Maines, President of Oklahoma Digital Forensics, computer sleuths with x-ray vision. "We see everything. You can't hide from us on a computer. And, if you do hide, we'll know you're hiding."
If part of your hiding involves hitting delete, Digital Forensics has a patent on a program to undelete.
"We spent six months to a year investigating in that area and figured out how to do it."
We also spoke with a man who used to be an agent with the federal government. Today he's a private investigator, with several cases involving computers.
"People just kind of get addicted to them," he says. "They think its anonymous. As Gavin was saying, you hit the delete button and its gone. But it's not."
Contract disputes, embezzlement schemes, even jilted husbands looking for evidence of illicit affairs.
"Lo and behold we find very risque photos of the soon-to-be ex-wife, e-mails, airline reservations to Los Angeles, California."
Hidden from the heart, but not the hard drive. So remember, if it's not something you wouldn't want your mother to know...
"You can never delete something from a computer, no matter how many times you hit the delete key, it's never going away."
It isn't cheap -- roughly one thousand dollars to recover deleted data that the guys will testify to in court. Have a hard drive with three holes in it? It'll cost you upwards of 100-thousand.
Even parents have hired people to do digital forensics when their children have been solicited online. Their job? Delete the child's online profile to stop further problems.
Imagine that. And they charge an arm and a leg, and get to feel really powerful and important, too. Must be a geeks utopia.
It has always fascinated me, though, what you actually see when you look at hard drive with an electron microscope. Little red X's?
This could be both useful and dangerous, depending on who uses it.
Oh, bullshit it's never going to go away. How stupid do these idiots think we are? All it takes is for a file to be overwritten and it's gone forever, else hard drives would have infinite capacity.
Talk is cheap, but I don't know of any method yet that can uncover data on a disk that has been wiped and fully rewritten to.
Is that still the case or not folks?
Actually you can delete data permanently (though not from the FBI) by zeroing out the the disk (writing zeros at every single address).
Hitting "delete" simply tells the computer that that space is available. It doesn't actually "delete" the data. The space may or may not get overwritten by new data the next time you save something new to disk.
The FBI has a technique that can actually uncover (by checking the magnetic flux of the disk) how many times a one or a zero has been written there. Time consuming, expensive, and not likely to be used unless super-dooper important.
That is not the case.
Well, you can sometimes recover data off the physical surface of a disk, as I understand it.
But, if you fill a whole drive with 1's and 0's, I can't imagine being able to recover anything coherent afterwards.
I mean, hell, look at how minor corruption messes up files. A drive entirely overwritten should, basically, be next to impossible to recover from. I mean - schools and companies overwrite drives like that. If records can really be recovered from them for $1000, we've got some real problems.
Well, you can sometimes recover data off the physical surface of a disk, as I understand it.
But, if you fill a whole drive with 1's and 0's, I can't imagine being able to recover anything coherent afterwards.
I mean, hell, look at how minor corruption messes up files. A drive entirely overwritten should, basically, be next to impossible to recover from. I mean - schools and companies overwrite drives like that. If records can really be recovered from them for $1000, we've got some real problems.
I'll take your word for it, but I do find that hard to believe. Thanks.
defibrillating those HD Discs with real electricity or melting them always works.....if I had something real bad on one, I don't think a demagnetizer would let me sleep well.
Merely hitting the delete key delinks the file. Even reformatting a HD doesn't get rid of the data. To actually erase it, they do have programs which will write over all the free space of the HD. The only problem, is that it does take some time to do this.
I'm wondering if you get that service for a thousand dollars. More likely you get a standard recovery program that reconstructs the file allocation table.
I can do that, but it'll cost you a thousand dollars. I've recovered a disk with the partitions deleted with nothing lost at all.
Not so with files that have been overwritten. That takes some professional hackers.
Big Brother comes to mind.
Well that was my take as well. If you fill up the drive with new data, even perhaps several times, I don't see how anyone could use x-rays, a neutron microscope or anything else to figure what was there in the twice removed series of 0s and 1s.
If a person just deletes the file, sure folks can restore it, like every 12 year old doesn't know that...
If these guys are so good, they should have no problem recovering the 18-and-a-half-minute gap on the Nixon tapes.
If you have overwritten the disk with a program designed for the job, you don't have to worry about anyone recovering the data for a thousand dollars. The FBI might get something out of it, but it will cost them.
I'm pretty sure that's still the case. I have a piece of freeware that doesn't just "delete" files, it erases them by overwriting the space on the hard drive where they were stored. I can specify as little as three overwrites, or as many as 128 overwrites. I actually think one overwrite is all that it would take to make previous data permanently irretrievable, but what the heck. I usually keep it set to 27 overwrites, just to be safe. That sounds like a good number. I also make sure I completely format all old hard drives several times before I get rid of them, just to make sure there isn't still some little file on there with my checking account number or ssn or something.
And then periodicly copying what isn't to be deleted to a new flash drive, and whacking the old one with a hammer a few times
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.