In the company I work for my computer was just recently taken for examination. I have been working with the company for 3 1/2 years and they would like to make sure that I have no part in this recent "problem" they have. Well I eagerly offered my computer up to be checked because I have nothing to hide.
But this got me thinking, how far back do these things go? My OS harddrive is the original harddrive and I have reformatted a handfull of times and so on and so forth. But how far back would the information stay on the drive. I understand how to zero out the sectors and so on. But without doing that how long does information stay on the HD?
September 23rd, 2004, 05:22 AM
I would say it totally depends on how far they are willing to go with the forensics, and what kind of things were perfomed on the drive (as in defrags, formats). AFAIK it is expensive to do heavy duty forensic work and requires specialization, and it sounds like they are probably going to check trivial stuff like cookies anyway.
/me invites hog
September 23rd, 2004, 05:27 AM
formatting the drive doesn't really get rid of anything. It just gets rid of the "pointers" or partition markers. It really depends on who they are, and what they use to recover data. If the specific sectors&clusters have been overwritten then it makes recovery harder. I've personally only seen something be recovered after 4 formats but DoD standard is zeroing 7 times & fills w/ random data, and the Air force has an even more rigorous standard. If the drive hasn't been overwritten then the data is still there.