Number 8
Exactly how did a bottle of wine being spilt over a keyboard cause data loss? How much data was actually stored in the keyboard at the time?
Computer forensics experts need a talent for data recovery. Crooks are increasingly becoming aware of the possibility that digital evidence might condemn them, raising the likelihood that devices containing potentially sensitive information will wind up being destroyed. For example, data recovery firm Disklabs successfully …
Despite what you might hear to the contrary, a bottle of wine is very very unlikely to cause damage to your data when poured over the keyboard - or anywhere else for that matter.
Funny how the last 3 items lacked the detail of the first seven; perchance someone made them up to an even 10?
... maybe they can accept this challenge:
http://16systems.com/zero/index.html
A normal fully functioning drive overwritten with 0s
Not exactly hard to do.
Getting back data from an accidentally damaged drive is one thing - a criminal with a bit of tech savvy OTOH.
Mind you a disaster recovery firm who can recover data from a PC after spilling wine on the keyboard. Wow! They must be good.
"Pulling data from a mobile phone that had been smashed into 11 pieces"
11? That's not exactly 'smashed' in my book; What's the betting 10 of those pieces were the screen?
"Scratched DVD made by a father of his daughter’s birth. "
But how was it scratched? Most scratches are easy to recover.
"Recovery of data from a RAID server of an aircraft components distribution firm. The kit fell through the floor during a huge fire. The hard disk drives were delivered to Disklabs Data Recovery, still smelling of burning electrics, plastic and water from the fire service."
The smell of water? I hear the smell is what kills the electrics! Replaced logic board; job done.
"Bottle of wine spilled over keyboard."
Keyboard does not necessitate data recovery. Orange juice is far worse, lager is more common.
Seriously though, if that's all they can find to mention they can't have been very busy for the last year!!!
Wow. Not much going on in the world of data recovery, is there?
One would expect a few more difficult things, like recovering data from the hard drive(s) of a hacker that had been USDoD wiped by a dedicated wiper upon the entry to his flat by some Federal task force ... or recovering data from the platters (all that remained) of a government laptop hard drive that had been stolen and then broken into its composite pieces by someone intent on destroying any evidence that they had obtained the unit.
I mean ... wine on a keyboard? What's to recover?
Is this about the top X of jerks being too daft to destroy data? If there is enough time, you will get rid of it. You zero it what, 35? times, then you physically destroy the drive, best with a shredder, taking good care of the platters, and — if you are not the type who keeps a bucket of hydrochloric acid nearby or cannot find out how to make thermite — you then proceed to spread the remains. A trip over a halfway wide waterway should do *oops!*. All that if you have no degausser nearby, so if you KNOW you will have to nuke that drive, why not get one of those in the first place. If there's no time, well then there's no time, your bad. If you pour acid over your notebook as the cops kick down your door, you have other trouble anyway.
"Incriminated data pulled from the hard disc of a suspected paedophile, after the kit was thrown at arresting police"
WTF If your a god damn kiddie fiddler WTF are you doing throing the god damn evidence of your crime AT THE FUCKING POLICE??
"Hey John you think this computer we just got lobbed at us has pictures and videos on it? Lets find out since the suspect apparently doesnt want it"
# Pulling data from a mobile phone that had been smashed into 11 pieces
Now this one has me impressed, some serious reconstruction going on there.
/Paris because even shes wondering about the first one.
Other than technical (chip and platter) recoveries some of the above are rather noddy items that I would be ashamed to consider recovery work.
I assume if you are paying for an advert such as this, you want a "top-ten" but come on if you dont have 10 decent jobs in the past year, fillling the list with CD/DVD recovery etc does nto impress.
"A normal fully functioning drive overwritten with 0s. Not exactly hard to do."
???!!?? Not hard to do??? If they manage this one, even with a very powerful SEM and a few years, I pay them a beer or ten.
Anyway, this company should probably have limited the list to 3 items (1, 2 and 7), the others make them look like clowns.
The NSA can, allegedly, recover data from a hard drive that has been completely overwritten seven times, so it's not unlikely data recovery labs can do this to some extent as well. This apparently has to do with the fact that writes don't perfectly align every time, so traces remain of previous writes. This is why secure delete programs will overwrite a deleted file repeatedly with zeros, ones, and random data.
The data in a mobile phone are saved in a Flash memory (in very seldom case there are two on the board and/or a mobile storage device is offered) anyway - it is possible to desolder
the Flash from the board (or piece of the board), "reball"
and place into a socket to have access to the data with a proper interface.
Unless the memory is broken into two pieces, i.e. the die of the memory is broken,
it is not a problem for an average lab
"The NSA can, allegedly, recover data from a hard drive that has been completely overwritten seven times, so it's not unlikely data recovery labs can do this to some extent as well. This apparently has to do with the fact that writes don't perfectly align every time, so traces remain of previous writes. This is why secure delete programs will overwrite a deleted file repeatedly with zeros, ones, and random data."
It's mostly a legend methink. As I said, given the area density of drives these days, you'd need a very powerful SEM (scanning electron microscope) and a huge amount of time, especially as you have no way of knowing the order of the non-overlapping bits (i.e. which is older than which) so you have no idea of which bit goes with which. I strongly doubt the NSA can do that (but they wouldn't tell anyway, would they?) and I am almost 100% sure that no commercial data recovery company can either. The "overwrite 7 times" is a better-safe-than-sorry policy (similar to the "no liquid on planes" one). It does serve well as a pitch for *hem* "secure delete" software salesdroids.
If you feed /dev/random or /dev/zero to dd, you replace all the bits with pseudo-random data or zeroes. But what happens if you use /dev/null instead? do you create billions of tightly packed tiny black holes? Can they destroy the planet? Is the NAS able to read the blackholes to retrieve your data?
You don't need fancy degaussers, just a set of Torx screwdrivers. Open the case (usually T9 screws, IIRC, a few are hidden under labels) and remove the platters from the spindle. Take one of the powerful magnets that control the motion of the armature and wipe it across the platters. That will re-align the magnetic fields nicely. Then give it a good scrubbing with #4 steel wool, which will do horrors to the platter surfaces.
Incidentally, the platters are extremely flat and nearly perfect mirrors, which makes them useful in optics experiments. I've bounced lasers off them and been unable to see where the beam hits the surface - there's no light scattering.
I always preferred to use /dev/urandom (although obviously this can be distro-dependant - I'm a gentoo man). /dev/random attempts to be closer to 'true' random (if there is such a thing) by seeding from mouse movement, keypresses etc. Unless the machine is being actively used it runs out of numbers pretty quickly, and even when under heavy use it's unlikely you'll be able to get enough numbers generated to overwrite even a small HDD. When it runs out of numbers your process just stalls until some new ones are generated.
How do you think the LHC works? It's a 286 desktop with 8Mo of RAM running «dd if=/dev/null of=/dev/hda» in loop, from a bootable 5"1/4 floppy. All the site around is a recycling plant for the cardboard, styrofoam chips and bubblewrap in which the parts for the box were sent (yes, HP won the deal). The delay caused by the alleged He leak was in fact due to some dumb summer student sticking a Ready-for-Vista fridge magnet on the box to, I cite, "make it look rad". There is a heated controversy among specialists on whether the failure was due to the the magnetic field or to the computer's overwhelming shame.