Computer with e-mail evidence may have been damaged (NJ corruption)

injersey.com ^ | 5-4-2003 | SANDY MCCLURE

[Cagey]

TRENTON -- Employees at the state Parole Board and the Attorney General's Office are talking about how state investigators, who are looking into whether the governor's office was involved in the parole of reputed mobster Angelo Prisco, damaged a computer believed to contain evidence in the case, sources have told the Gannett State Bureau.

[Coleus]

How do you do it properly?

[lelio]

So does the FBI.
And when you send it to the FBI you get the bonus plan where you ask them what you want to find on the hard drive and it will magically appear.

[Coleus]

Slime is a compliment.

[jaz.357]

NJ...corruption??

IM shocked...

SHOCKED!

[Gritty]

I can't imagine such an "unfortunate" thing happening in New Jersey!

Isn't this the State that threw out their own Constitution so they could elect Loutenberg?

[proxy_user]

Yes, Yev, but if you follow the DOD standard (7 x overwrite) usually some bits are unrecoverable. This leaves you with te t wi h let rs miss ng, so what was there has to be reconstructed. It's absolutely hopeless for binary files, such as most databases, spreadsheet, and word processing programs produce.

[ohmage]

Amazing. They can fix an election but they can't fix a hard drive.

[supercat]

With the density and sophistication of controllers, the odds of what you describe are pretty long in this day and age. Don't you think?

Not really. Drives are designed to be cheap. This means they are designed so that data will be written as accurately as necessary to ensure sufficient read margins. There's no benefit to being more precise than that, so drives generally aren't.

That being said, writing random data repeatedly makes it difficult to distinguish which bits of magnatism were the random overwrites and which bits were there before.

[supercat]

Send me the damn thing. I'll get their data for them. And I prefer a temperate climate for my relocation in the witness protection program. And I want my name to be really cool and end in a vowel.

How do you recover from someone taking a hammer to the hard drive?

[Incorrigible]

Ha! Ha! Good one!

What's with these conservatives who continue to live in NJ? ;-)

[Calpernia]

Yes, that is low level formatting. But, that takes hours to do. Well, with a server anyway.

[Calpernia]

Ah! I think you are RIGHT! Didn't think of that.

[Calpernia]

Does that include low level formatting?

[Lael]

Even after erased and written over, data can be retrieved. The only sure way of ensuring data cannot be retrieved is to place the hard drive in a furnace and reduce it to molten metal.

The NSA reports that a commercial data recovery outfit has retrieved files overwritten 8 times.

The NSA can retrieve perhaps twice that, or 16 times.

However, ERASER, available as FREEWARE on the Web, can be configured to use the 35 pass Gutman wipe, or, in the alternate, 99 pass random overwrites for compressed drives.

I'm surprised they didn't have a "file destruction" policy in place!!

[cynwoody]

Yup. I bet they overwrote the data with 0's.

That would be suboptimal. It would be better to make several passes, with alternating 1s and 0s, alternating 0s and 1s, and then one or more random bit passes.

[cynwoody]

End-to-end encryption works. It's a little extreme for most people, and there are all sorts of gotchas in implementation to worry about, but if you have the need you can afford the solution.

This is true. You just have to make sure the wrong people don't find out the pass phrase.

[yevgenie]

Yes, Yev, but if you follow the DOD standard (7 x overwrite) usually some bits are unrecoverable. This leaves you with te t wi h let rs miss ng, so what was there has to be reconstructed. It's absolutely hopeless for binary files, such as most databases, spreadsheet, and word processing programs produce.

I am aware of the process and its limitations. A former employer and dataset were more sensitive than even DOD standards. I was just making a point for the less "sophisticated" among us.

[cynwoody]

The problem is that many HDD's are not quite so precise

...odds of what you describe are pretty long in this day and age. Don't you think?

Then again, maybe the good guys might get lucky. E.g., the incriminating data is written when the drive is at its normal operating temperature. Then, when the political temperature starts to rise, panicky crooks sneak in in the wee hours of the morning and power on a cold computer and immediately run the wipe utility.

In that case, the erasure bits might not fully cover up the original data. Then, if you took the drive out of the computer, you might be able to manipulate its control electronics to ease the read head directly over what's left of the original data and possibly recover it.

Similar results might be possible if the evidence was written on a new drive, but the erasure was done after the drive had aged while in service.

[ohmage]

---

What's with these conservatives who continue to live in NJ? ;-)

---

I don't know. They're incorrigible?

[cryptical]

All part of the implementation :)

Key management, tokens for authentication, hardening systems and auditing hardware and software regularly, etc.

There was that mob boss that was using encryption out on the east coast. Got busted when the FBI did a black bag job on his home PC, pursuant to a wiretap warrant and got his passphrase.

The problem for the perp in that scenario is that when they get the passphrase for the key, all the traffic sent using that key is compromised. It costs next to nothing to store a bunch of encrypted traffic forever if required, hoping that a key turns up in the future.