Does anyone else find it odd that they posted their pictures and how much they make in the various news stories? Seems like useless information that would only cause grief for the two guys.
well I spent an hour on friday with an old pc.
the story ran today - http://www.rrstar.com/localnews/your_community/rockford/20031229-4783.shtml
The reporter was most interested in the temp internet files, even though I told her that the temp internet files were basic and alot of people know to delete them.
In the hours time I had no luck in restoring deleted files.....if i would have spent more time i'm sure i could have retrieved stuff, but this PC was slower than molasses in january.
Seriously, it took 10 minutes just to boot the freaking thing, and another 8 minutes just opening the temp internet files.
the story ran today - http://www.rrstar.com/localnews/your_community/rockford/20031229-4783.shtml
The reporter was most interested in the temp internet files, even though I told her that the temp internet files were basic and alot of people know to delete them.
In the hours time I had no luck in restoring deleted files.....if i would have spent more time i'm sure i could have retrieved stuff, but this PC was slower than molasses in january.
Seriously, it took 10 minutes just to boot the freaking thing, and another 8 minutes just opening the temp internet files.
That's normal. Most people know that their history can be traced, but they think deleting it would erase that. I guess that article was just to show that even the average person, with only a couple of hours spent on learning how to do it, could retrieve such information.
And to those that doubted his motive when he started this, LOL.
that wasn't very realistic, they should have allowed you to pull the HD out of the system and put it in another system with all the tools you needed.
I would have liked to pull the drive and spend more time on it, but I was given one hour....and it was "my time" (didn't get paid for it)
Nocturnal
Lifer
- Jan 8, 2002
- 18,927
- 0
- 76
The thing is, the FBI has big $ to spend on tools that can recover deleted files off a disk drive. You on the other hand do not have all the $ in the world nor the utilities needed to pull it off. I'd just stick with the temporary internet files, cookies, past sites they've visited, like what everyone else has already mentioned.
I would've showed up with my equipment in hand, ready to own, Windows 95, 98SE, Me, NT4, 2k and XP installed and ready to accept transplants of data files from any OS, and a 36" IDE ribbon and 36" power cable to get the files there without spending time to undo whatever evil mounting mechanism they used on the harddrive
The local geek backed out? Heh. Apparently he was unsuccessful in finding out how to do it.
And what's with the time limit of 1 hour? 2 hours is minimal. At least 1 hour has to be allocated to image from the suspect drive to the investigator's drive (Never work with the files on the suspect drive), and then an hour to actually go at it with the data.
As for interesting things to look at besides what's already been mentioned... Check out the recent documents. They're always interesting.
The local geek backed out? Heh. Apparently he was unsuccessful in finding out how to do it.
And what's with the time limit of 1 hour? 2 hours is minimal. At least 1 hour has to be allocated to image from the suspect drive to the investigator's drive (Never work with the files on the suspect drive), and then an hour to actually go at it with the data.
As for interesting things to look at besides what's already been mentioned... Check out the recent documents. They're always interesting.
I did the recent documents too, found mostly work stuff...but there were some personal photos there.
As for the one hour limit, anything over 1 hour was considered too much and would require compensation.
The local geek backed out, not sure why. From what I've heard, the guy has assisted the FBI with similar computer forensic investigations..........but I've never heard of FBI getting assistance from anyone.
As for the one hour limit, anything over 1 hour was considered too much and would require compensation.
The local geek backed out, not sure why. From what I've heard, the guy has assisted the FBI with similar computer forensic investigations..........but I've never heard of FBI getting assistance from anyone.
A better experiment would be for the FBI to let you delete/wipe a drive and see if THEY could recover it. 
Originally posted by: JackBurton
A better experiment would be for the FBI to let you delete/wipe a drive and see if THEY could recover it.
I'd be willing to see them try to get at one of my "erased" harddrives. You know, take a brand new factory fresh drive, put some target data on there, delete it, low level format it, gutmann wipe it, crack open the drive, scrape the platters to death, melt them, smash the PCB chips (In case any residual data is present in cache) and hand deliver the drive to them.
By the expression "local geek", you make it sound as though this guy is just computer technician or enthusiast who isn't involved in forensic computer investigation as a profession. Not likely.
First, the FBI has its own peeps for this, and they're good. When their own personnel become backlogged, the FBI calls up other government agencies (Secret Service, US Marshals, DEA, BATF, NSA, US Treasury, Customs, etc.) and asks if they have any qualified personnel to spare. If they're tapped out, the FBI contracts with professional firms and consultants with impeccable credentials.
They don't just pick a computer shop out of the yellow pages, go in and ask the tech behind the counter if he has any experience with data recovery.
Second, the person doing the evidence gathering must have the credentials to go into court and defend the soundness of his evidence gathering methods at trial or to a judge. Which excludes "the local geek" from being on any short or long list of forensic computer examiners the FBI would want to work with.
If you're going to look at EnCase go to the makers of the product - Guidance Software http://www.guidancesoftware.com/ Might also want to check out a couple of thier whitepapers and the 3rd link from the bottom on thier downloads page.
Edit - BTW I didn't know of (and don't see on thier website itself) a free version for download.
And BTW we're talking about Cyber/Computer Forensics not Data Recovery...
Edit - BTW I didn't know of (and don't see on thier website itself) a free version for download.
And BTW we're talking about Cyber/Computer Forensics not Data Recovery...
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter