Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: Am I right?

  1. #11
    Junior Member zodiac's Avatar
    Join Date
    Jul 2001
    Posts
    22
    Originally posted here by gore
    That's not fool proof.
    You are correct, according to this :

    http://en.wikipedia.org/wiki/Gutmann_method

    However, I've read that formatting a drive isn't foolproof either.

  2. #12
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    NIST states that seven passes is sufficient to prevent recovery of residual data.

    Note that while it is rare, I have seen cases where even this has not been enough.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #13
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    And I've seen a bullet go through a HD and Data recovered from it.

  4. #14
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Try BC Wipe. It'll do Guttman wipes (35x) but it takes forever. It has one nice feature: you can encrypt your swap file. I wouldn't swear by the effectiveness of wiping software though.

    The only sure way to foil a forensic recovery is...clean living.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  5. #15
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Well, our data center, as part of their removable media destruction policy, melt down the HD platters. As long as our procedure is followed, there is zero chance of recovery.

    Note that this is done on HDs that held data at a specific classification level. No one is melting down HDs that came in from kiosks, etc.

    --Th13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #16
    Okay...all this 'wiping' and 'erasing' is making me a little nervous.

    Mainly I just wanted to know if my friend could find his old deleted emails without paying some computer guy a small fortune. If this isn't something he can easily do without the wipe and erase method, please tell me because I already told him it couldn't be done at all. Sounds like from you guys I'm definitely wrong about that. Dalek sent me this link to an interesting spot where you can find the dat files, but you can't read any deleted emails from what I could find on my own computer. So still kind of confused on exactly what this computer guy thinks he might be able to find.

    I do find the wiping and erasing threads interesting...I looked at eraser and it sounds like you can erase only some parts you want without erasing the whole hard drive. Now THAT sounded interesting! Is the same true with the 'wiping' program? Or would that entail wiping the entire hard drive?

  7. #17
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Oh it most certainly can be done and as thehorse13 mentioned, it is trivial. Not to indicate that I am simple , but I thought I'd go ahead and explain the basic file deletion process.

    When someone retrieves a precious file that we may have inadvertently deleted, we are probably going to be impressed or at least thankful. Regardless, Windows file deletion/recovery is not magic, so that doesn't make them 'uber'. Since we are already aware that we can restore files that are placed in the Recycle Bin, this is Post-Recycle Bin.

    I believe the first thing we need to know is that after we delete a file and it is placed into the Recycle Bin, if we then empty the Bin or delete the individual file(s) while it is in the Recycle Bin, the Windows OS (95 thru XP) does not have a feature to recover the file. It's probably safe to assume that they have already given us ample opportunities and warnings to prevent non-deliberate file deletion.

    In this particular case, to recover the file(s) third party software will be required. There are many out there so I'm not going to specifically list any. However, as a caution I would use one that can be employed from a CD vice downloading one. The reason will be more apparent soon, but obviously we don't want to overwrite a file you are attempting to recover. The exception being if the recovery program was already installed on the hard disk before you deleted the file(s).

    Since files can be recovered obviously they are not really deleted. What does happen to them is this. The logical path (the reference) to the file and the file name is changed and the original path and filename is tucked away into another file. With the reference to that particular disk space removed, the operating system may now assign another file or data to that space. Thus the overwriting of the original data may commence. The extent the file is overwritten will determine what file fragments can be recovered. Even with fragments you may (Law Enforcement can) reconstruct the file.

    So where is the original reference and file name? There are hidden In the Recycled Directory. To locate the specific folder ("INFO" or "INFO2" for XP), obtain a Command Prompt and change directories to the RECYCLED Directory.


    Start > All Programs > Accessories > Command Prompt

    or

    Start > Run > type in "cmd.exe" and hit enter.


    At the Command Prompt, type in CD \RECYCLED and then press enter. It should look like:

    C:\RECYCLED>


    To make the file visible type in: ATTRIB -H INF* and press enter. Then type in: DIR and press enter. The file "INFO" or "INFO2" should now be visible. That's where they are stored! Within that same directory you will also notice any files names that are currently listed in the Recycle Bin but have not been "emptied" or "deleted". Before you exit, to restore the original attributes to the file type: ATTRIB +H INF* and press enter.

    That's as far as we can go since the info in that file is only the original path and filename. This is where the third party software takes over. It will restore the path and filename to the specific location of the file data on the hard drive.

    cheers
    Connection refused, try again later.

  8. #18
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    I use Hotmail and always via a webbrowser, so the emails never make it to my harddrive except a temporary internet files. You're going to have a lot of data to sort out recovering those. If he was running his Hotmail thru a client like Outlook Express it'd be a bit easier.

    My guess is the computer guy is going to find out which pocket your friend keeps his wallet in...

    “Everybody is ignorant, only on different subjects.” — Will Rogers

  9. #19
    Hey Relyt,

    I triedn those dos commands you gave me, got to the recycled dir then typed in the attrib -h inf* command and got nothing. Am I doing something wrong or is there nothing recoverable on my harddrive?

  10. #20
    Senior Member Spekter1080's Avatar
    Join Date
    Oct 2005
    Location
    Iowa
    Posts
    101
    Originally posted here by gore
    There is a chance he's right. When you log into hotmail it puts a cookie on your computer. I have apps here that allow me to find images I've viewed online months ago and if he has data recovery tools, he'd be able to find them long after they have been deleted.

    This is how Hackers sometimes get caught.They delete the files they took, but unless you overwrite that part of your HD like 50 times, someone can still dig it up long after it's been deleted.
    However, if the attacker gets into a descent server, it should have raid hard drives and backup images............right? *trying to think logically*
    there's always a way in...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •