Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Help with a dissertation idea

  1. #11
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi,

    andrewsco ,

    Here is a link to a tutorial I wrote a while back that may have some relevance.

    http://www.antionline.com/showthread...hreadid=248897

    I would suggest that you look at the posts by groovicus in the forensics forum. I recall he did some testing of data erasure and recovery.

    Cheers

  2. #12
    Junior Member
    Join Date
    Mar 2005
    Posts
    18
    Thanks for all your help guys. This is a really interesting topic...one which i myself am interested in, and there is a good scope for interviews with employees on thier policy, linking it to business - whilst also stressing the importance of this for a home user. The stats would be could, and i'm sure would bring up some interesting results.

    I will look into other tools, (I know some people who work in law enforcement and are invloved that way, so maybe I can use that angle. Maybe i can use a copy of Encase from one of them...who knows.

    I could also show techniques for secure deletion of data, and actually demeonstrate how it works. The only other thing I was considering was the use of how hard drives can be encrypted, how would this effect getting information off the drive (obviously it needs to be unencrypted) but I hear that there are some encryption that is impossible to break. Does anyone have any info on encryption of hard drives, the best programs to use, and how someone would go about decrypting it?

    A really good idea, I have a lot to discuss with my tutor!

    Andy
    \"Get busy livin\', or get busy dyin\'...\" Come visit www.computer-tutorials.org

  3. #13
    Originally posted here by andrewsco
    Thanks again for the reply's. One thing; I tried to google on what a 'degaussing ring' is, but couldn't find any info on actually using it to wipe an entire drive...could you explain please?

    Gostmachine: I will have a look into that thanks, that would be really interesting if i could put some programming into my dissertation somehow. I dont suppose there are any tutorials you know of explaining this in a bit more detail?

    Andy
    Yes there are many, have a google search on "assembly language" on the net and you will find many.good luck

  4. #14
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    I think Sony already use some form of encryption on there disk (magic gate i beleive) but thats to prevent priracy of the disks, so that only there stuff can be used in there products.

    Check out the nintendo ds for information on media encryption, --> delsinux.org

    there many open source disk encryption drivers

    http://www.netbsd.org/guide/en/chap-cgd.html

    try google.

    i2c

  5. #15
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Didn't XP include this in SP2, the option to encrypt the hdd data ? I was wanting to say it came up in the forensics class I was in and although I don't think it will have/cause any issues with actually copying the data off the disk (you are just transferring bytes, which is irrespective of the data content; however, it was mentioned you would need the key to be able to access anything...
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  6. #16
    Originally posted here by andrewsco
    Second thing - How exactly can data be recovered. I know that programs such as Encase are used, but i have also read that data can be recovered, even after being re-written a number of times (I gather this has to do with the hardware?) Does anyone know any more on this, and where I could find some information?

    Thanks
    Andrew
    Hi, Andrew,
    I've confirmed, using before-and-after direct disk view software, that at least one program does indeed wipe data: Eraser 5.7 (open source software). That includes wiping small files that reside in the Master File Table (MFT).

    However, there's a catch: on NTFS systems, there is journaling data temporarily stored in a file called $LogFile. This system file, which essentially serves as a short-term record of what's written to the disk so that the system can recover should power be lost, consists of a bunch of 4kB records. That can include information that's from a file you wanted to wipe.

    The good news, from a privacy point of view, is that the $LogFile is routinely overwritten, so any information stored there has a very limited shelf life (perhaps less than 24 hours during normal computer use, or less with heavy disk access activities).

    However, there are other places for file recovery programs like Encase to find data. When disks are defragmented, files shortened or data moved from one disk to another, old data is frequently left in its old positions on the disk, data which is now orphaned. The computer's pagefile and hibernation file can both leave lots of data behind, too. If disk freespace is not routinely overwritten, there can be a surprising amount of info left through normal use. And, of course, Encase can find all sorts of info in obscure, non-deleted files.

    Encase isn't magic. It can't recover data that's been overwritten. But you'd better make sure that there aren't other copies or fragments of copies lying around on the disk, or it can find them.

  7. #17
    On the topic of encryption, a program I've been experimenting with is Truecrypt 3.1a (also open source). It incorporates basically unbreakable on-the-fly encryption in several ways, has quite a few clever options and can even be used, with an add-on, to encrypt a user's entire profile on disk.

    In addition to the above, I use both WinPT and Enigmail, which use GnuPG public-key encryption.

    All of these are open-source programs that are available for Windows XP.

    Eraser (website is down this evening, presumably temporarily):
    http://www.heidi.ie/eraser/

    Truecrypt:
    http://www.truecrypt.org/

    WinPT:
    http://www.stud.uni-hannover.de/~twoaday/winpt.html

    Enigmail (plug-in for Mozilla and Mozilla Thunderbird email programs):
    http://enigmail.mozdev.org/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •