Archive for category Computer Forensics

Data Recovery: Retrieving Lost Information

Posted by admin in Computer Forensics on January 15, 2012

Most people, especially those who are not technically minded, consider a data file to be deleted when the Delete button is pressed on a computer system.

In most cases, data deleted by normal methods can be easily recovered, depending on how exactly the data in question has been erased.

There are typically three ways that data can be deleted from a computer system, these are as follows:

  • Delete to Recycle Bin (Windows operating systems only)
  • ‘Permanent deletion’
  • Secure erasure by overwriting data

Deleting data by using the first method does not actually delete files at all, it just moves them to a different part of a hard disk, in a folder called the Recycle Bin. These files can be restored by going into the Recycle Bin, right-clicking on the relevant file, and choosing the Restore File option.

Files that have been ‘permanently deleted’ are actually just marked as deleted by the operating system, with the space that the file occupies being marked as available for use by other files.

This means that files deleted in this fashion are actually still there until overwritten by the operating system. To recover these files, you need to use a data recovery software program.

It is vital that this program is ran from a different device to the one that you are recovering lost data from, i.e. a software solution could run from a USB device or CD-ROM drive.

Also, in order to prevent data corruption on the device being analysed, it is equally important that any files recovered are saved to a different device as well.

Most data recovery programs have different options for recovering data, which means that in some cases you may need to manually select the most thorough scanning mode in order to get your files back. In most programs of this type, this mode is usually labelled as Deep Scan.

Files that have been deleted by secure erasure, which is where the data is overwritten in addition to files being marked as deleted, cannot usually be recovered. This is unless any automated backup copies of files exist within the device.

An example of such backups are sometimes taken automatically by the System Restore application (on Windows operating systems), if the computer in question has this setting enabled.

Such backups can also be created by the automatic file save feature in Microsoft Office. This only applies to files created using this application, however, for those files, this can be invaluable when it comes to recovering lost data.

By default, applications within this suite of programs save recovery backups every 10 minutes or so, meaning that at the most, users would lose a minimal amount of work should they encounter a system failure.

If such a document is accidentally deleted, it can sometimes be recovered by opening the relevant application and following the on-screen prompts. This is possible because when an automatic recovery file exists, the relevant application detects and prompts the user automatically. Read the rest of this entry »

, , ,

No Comments

Computer Forensics in Military Intelligence

Posted by admin in Computer Forensics on January 15, 2012

Have you ever played that game called Stratego? It’s a lot more fun than checkers, and not as mind taxing as chess, and it’s simpler than RISK, but the object of the game is to capture your enemy’s flag and you win. In the real world if you can capture your enemy’s computer, and decipher the cryptonics then you can win. The other day I was talking to a retired military intelligence officer, who stayed in the military after the Vietnam War and retired within a ten years, but has followed things closely ever sense.

We got on the topic of the treasure trove of intelligence captured from Osama bin Laden’s million dollar compound in Pakistan. Yes, going in and getting Osama bin Laden personally using special forces paid off didn’t it? Now then, it is quite possible we could have blasted him very easily with hellfire missiles from a drone, one after another until the compound was completely pulverized. Perhaps we could’ve sent in a Stealth fighter aircraft and put a 500 pound J-Dam on top of the compound.

However, collecting all that military intelligence was a great find. And it was noted that the amount of data collected was that of a small community-college library, wow, that’s a lot of information to go through. And the media explained that we had our intelligence people going through it, and I was talking to my acquaintance about this at Starbucks, and he said yes, but how much of it is pornography, as it was also reported that Osama bin Laden had a rather sizable stash of pornographic material.

Many might be surprised at this, but it is quite common in that region of the world, even for a man who claims he is a devout religious fellow. My acquaintance said that they were sure to get more volunteers to go through all the intelligence after making the statement that much of it was pornography. Indeed, I laughed, but it would be my guess that the best tactic moving forward would be to take all the kids at the Quantico, Virginia in FBI Academy, at US Marine Corps base, and at the CIA up the road, along with all the kids in Annapolis studying naval intelligence and divide them up into teams, to go through it all. Read the rest of this entry »

, , ,

No Comments