IT Forensics

Dieselboy · July 02, 2017, 11:46:02 PM

I came across this interesting video yesterday https://www.youtube.com/watch?v=NG9Cg_vBKOg

A bit old but interesting.

deanwebb · July 03, 2017, 07:08:59 PM

Great video, just finished watching it.

Moral of the story: don't steal files from work, don't violate your AUP at work, and Windows does so much "helpful" stuff in the background, it will blow your cover if you try to hack with it.

Dieselboy · July 03, 2017, 09:30:34 PM

This got me thinking about HDD data recovery as well. I understood that if a data block was deleted, as long as new data was not written to the block then you could recover the block by scanning the disk.

Is it true that even if data is written to the block, you can recover previous data on it. How is that possible? All I could think of was that the new data would not completely overwrite the previous blocks data and so you'd have some kind of ghost data still there.

deanwebb · July 04, 2017, 07:38:12 AM

It's more a matter of materials science to get those legacy writes. https://en.wikipedia.org/wiki/Data_remanence has more info on that.

To beat it, the data wipe program makes multiple writes to every part of the hard drive.

Thing is, that leaves a record of a data wipe, so if you dodge having actual evidence, you get hit with a "destruction of evidence" charge, easily proven.

IT Forensics

Dieselboy

deanwebb

Dieselboy

deanwebb