Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Data Recovery

from [Greg Kelley] Network Security [Permanent Link]
Subject: RE: Data Recovery
Date: Tue, 31 Oct 2006 09:02:44 -0500 
Nice article, Kurt, but this issue is not confined to just NTFS
formatted volumes.  With Windows, and other operating systems,
propensity to create temp files and use memory paging, I would never
trust a wiping application to remove all evidences of a file by just
wiping the file itself.  A complete erase of the disk is the only way to
insure that the data is gone.

Greg Kelley, EnCE
Vestige Digital Investigations
Computer Forensics | Electronic Discovery | Corporate Surety
46 Public Square, Ste 220
Medina, OH 44256
(330)721-1205 x5432
(330)721-1206 Fax
http://www.vestigeltd.com


-----Original Message-----
From: Kurt Seifried [mailto:bt@seifried.org] 
Sent: Monday, October 30, 2006 3:10 PM
To: Russell Aspinwall; forensics@securityfocus.com
Subject: Re: Data Recovery



In response to data recovery after 57+ formats query

The UK magazine Computer Shopper carried a feature article "Recovery
Position" in its March 2006 issue, which can be found here
http://www.computershopper.co.uk and search for Recovery Position. It 
appears that disk erasing programs do not delete the data, if you have

the 

right tools for recovery; however a hammer does work.


No surprise there.

http://www.seifried.org/security/advisories/kssa-003.html

Pretty much all the programs fail with NTFS alternate data streams,
files 
that are hosted in the NTFS MFT, or simply fail to wipe normal files at
all.


--
Regards

Russell


-Kurt
[More messages with this same subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Hardware Based Disk Encryption, bsmathers
Next by Date:  GUID Partition Table (GPT) Recovery, Thomas Matthews
Previous by Thread:  Re: Re: Data Recovery, Steve Friedl
Next by Thread:  RE: Data Recovery, Steve Hickey
Indexes:  [Date] [Thread] [Top] [All Lists]