PC Tips and Tricks to make your life easier

Concealing And Recovering Hard Disk Data

May 08, 2010 By: lilybird Category: Data Recovery/Security

A skilled forensics examiner should be aware of the techniques that an attacker, intruder, malicious program, computer virus, or worm is capable of utilizing. Indeed, a significant body of knowledge will be required to track down the steps taken by an adversary, piece together the puzzle of events, and successfully defend conclusions in a court of law. While not every incident investigated will be found to have been carried out by someone with the skill of an expert, automatic tools are getting more sophisticated on a daily basis and can give even a script kiddie power and capabilities that years ago did not exist.

During the commission of a crime it is quite natural, and a common human trait, to attempt to cover up, disguise, or otherwise conceal evidence of criminal activity. In some cases, hiding data is part of the master plan and helps ensure the success rate of the criminal activities. Deleting data from a hard disk can be used as a covering technique as well as a try to hide evidence.

To be successful, forensics detectives must recognize and understand these methods. Additionally, they must possess the ability to retrieve as much case related data as possible; discovering and recovering hidden and erased data. The focal points of forensic hard disk data recovery include: physical properties of a hard drive; distinguishing attributes for the FAT32, NTFS, and Ext3 file systems; techniques used to both hide and find digital data; software tools available for erasing and finding data; true data deletion; applicable regulations regarding data destruction; and digital data recovery capabilities. The subject areas are intended to provide background to the neophyte forensics practitioner or those with an interest in the field.

To learn how differences in file systems influence hard disk data concealing, erasing, and retrieval, an overview of the physical characteristics of a hard disk is essential. Particularly important is the use of magnetization, the composition of the materials used on modern disk platters, and disk layout as it relates to the organization of tracks and sectors. Disk formatting as well as the mechanism used to read and write data to the media is also meaningful background information. These data points will all be mandatory to fully grasp concepts and techniques used during investigations that a forensics inspector may be called upon to perform.

While areas of commonality exist between concealing and recovering data, individual file systems have specialties that affect operating system and software behaviors. These differences bring about variances in attainable results both for the miscreant and the investigator. Most recovery experts focus on the FAT32, NTFS, and Ext2fs file systems (arguably the most popular file systems in use today) as they relate to hiding, erasing, and recovering data. File system specifics and their structures will be used to provide additional background information as well as help in the complete understanding of the subject area.

Shortcut to important advice about the topic of traffic to website – make sure to study this web site. The times have come when proper info is really only one click of your mouse, use this opportunity.

Leave a Reply