Overwritten data can apparently be recovered
79 views
Skip to first unread message
Scott Moulton
Sep 25, 2009, 4:57:57 PM9/25/09
to DataRecoveryCertification
You guys need to watch the CEO of TECHFUSION DATA RECOERY on this news page. He declares that overwritten data can be recovered and he declares they did it in a case. The guy does not seem to know the proper information, but you decide! Comments on his process accepted!
Techfusion, Alfred Demirjian speaks on City of Boston Data Deletion
http://www.techfusion.com/news.html
Thank you,
----------------------------------------------------------
Scott A. Moulton / CCFS CCFT CDRP DREC
Certified Computer Forensic Specialist
Certified Computer Forensic Technician
Certified Data Recovery Professional
Data Recovery Expert Certification
SANS Instructor for SEC606
Forensic Data Recovery
http://www.sans.org/training/description.php?mid=1237
----------------------------------------------------------
Forensic Strategy Services, LLC &
My Hard Drive Died, DBA
----------------------------------------------------------
601b Industrial Court, Woodstock, Ga 30189
Phone: 770-926-5588 Fax: 770-926-7089
DATA RECOVERY UPDATES VIA TWITTER: @scottamoulton
----------------------------------------------------------
Dave Kleiman
Sep 25, 2009, 5:21:53 PM9/25/09
to datarecovery...@googlegroups.com
Snake Oil!!!!
And it is worse than that............... now he is keynoting.....well at a conference nobody goes to...
-----------------------------------------------
The Computer Forensics Show is the “Don't miss” event of the year for all Litigation, Accounting and IT Professionals!
ATTENDEE TITLES INCLUDE:
CONFERENCE TOPICS AND GUEST SPEAKERS INCLUDE:
KEYNOTE PRESENTATION
"When No One Else Can": Data Recovery from a completely overwritten hard drives. Sample Forensic recovery from over written drive from Turkish assassination case, 2007.
PRESENTER
Alfred Demirjian – CEO at TechFusion
-----------------------------------------------
Respectfully,
Dave Kleiman - http://www.ComputerForensicExaminer.com - http://www.DigitalForensicExpert.com
4371 Northlake Blvd #314
Palm Beach Gardens, FL 33410
561.310.8801
-----Original Message-----
From: datarecovery...@googlegroups.com [mailto:datarecovery...@googlegroups.com] On Behalf Of Scott Moulton
Sent: Friday, September 25, 2009 16:58
To: DataRecoveryCertification
Subject: Overwritten data can apparently be recovered
You guys need to watch the CEO of TECHFUSION DATA RECOERY on this news page. He declares that overwritten data can be recovered and he declares they did it in a case. The guy does not seem to know the proper information, but you decide! Comments on his process accepted!
Techfusion, Alfred Demirjian speaks on City of Boston Data Deletion
http://www.techfusion.com/news.html
Thank you,
----------------------------------------------------------
Scott A. Moulton / CCFS CCFT CDRP DREC
Certified Computer Forensic Specialist
Certified Computer Forensic Technician
Certified Data Recovery Professional
Data Recovery Expert Certification
SANS Instructor for SEC606
Forensic Data Recovery
http://www.sans.org/training/description.php?mid=1237 <http://www.sans.org/training/description.php?mid=1237>
----------------------------------------------------------
Forensic Strategy Services, LLC &
My Hard Drive Died, DBA
----------------------------------------------------------
601b Industrial Court, Woodstock, Ga 30189
Phone: 770-926-5588 Fax: 770-926-7089
Web: www.ForensicStrategy.com <http://www.ForensicStrategy.com>
Web: www.MyHardDriveDied.com <http://www.MyHardDriveDied.com>
And it is worse than that............... now he is keynoting.....well at a conference nobody goes to...
-----------------------------------------------
The Computer Forensics Show is the “Don't miss” event of the year for all Litigation, Accounting and IT Professionals!
ATTENDEE TITLES INCLUDE:
CONFERENCE TOPICS AND GUEST SPEAKERS INCLUDE:
KEYNOTE PRESENTATION
"When No One Else Can": Data Recovery from a completely overwritten hard drives. Sample Forensic recovery from over written drive from Turkish assassination case, 2007.
PRESENTER
Alfred Demirjian – CEO at TechFusion
-----------------------------------------------
Respectfully,
Dave Kleiman - http://www.ComputerForensicExaminer.com - http://www.DigitalForensicExpert.com
4371 Northlake Blvd #314
Palm Beach Gardens, FL 33410
561.310.8801
-----Original Message-----
From: datarecovery...@googlegroups.com [mailto:datarecovery...@googlegroups.com] On Behalf Of Scott Moulton
Sent: Friday, September 25, 2009 16:58
To: DataRecoveryCertification
Subject: Overwritten data can apparently be recovered
You guys need to watch the CEO of TECHFUSION DATA RECOERY on this news page. He declares that overwritten data can be recovered and he declares they did it in a case. The guy does not seem to know the proper information, but you decide! Comments on his process accepted!
Techfusion, Alfred Demirjian speaks on City of Boston Data Deletion
http://www.techfusion.com/news.html
Thank you,
----------------------------------------------------------
Scott A. Moulton / CCFS CCFT CDRP DREC
Certified Computer Forensic Specialist
Certified Computer Forensic Technician
Certified Data Recovery Professional
Data Recovery Expert Certification
SANS Instructor for SEC606
Forensic Data Recovery
----------------------------------------------------------
Forensic Strategy Services, LLC &
My Hard Drive Died, DBA
----------------------------------------------------------
601b Industrial Court, Woodstock, Ga 30189
Phone: 770-926-5588 Fax: 770-926-7089
Web: www.MyHardDriveDied.com <http://www.MyHardDriveDied.com>
jag
Sep 25, 2009, 5:34:56 PM9/25/09
to DataRecoveryCertification
Never answers how they recover from wiped area?
Says when it is wiped they can recover part of the data, which means
may be recovering from non wiped area, may be from prev bad sectors !!
Cheers
-Jag
DATABACX Pte Ltd
Singapore
On Sep 26, 5:21 am, Dave Kleiman <d...@davekleiman.com> wrote:
> Snake Oil!!!!
>
> And it is worse than that............... now he is keynoting.....well at a conference nobody goes to...
>
> -----------------------------------------------
>
> The Computer Forensics Show is the “Don't miss” event of the year for all Litigation, Accounting and IT Professionals!
>
> ATTENDEE TITLES INCLUDE:
>
> CONFERENCE TOPICS AND GUEST SPEAKERS INCLUDE:
>
> KEYNOTE PRESENTATION
>
> "When No One Else Can": Data Recovery from a completely overwritten hard drives. Sample Forensic recovery from over written drive from Turkish assassination case, 2007.
>
> PRESENTER
>
> Alfred Demirjian – CEO at TechFusion
>
> -----------------------------------------------
>
> Respectfully,
>
> Dave Kleiman -http://www.ComputerForensicExaminer.com-http://www.DigitalForensicExpert.com
> ----------------------------------------------------------- Hide quoted text -
>
> - Show quoted text -
Says when it is wiped they can recover part of the data, which means
may be recovering from non wiped area, may be from prev bad sectors !!
Cheers
-Jag
DATABACX Pte Ltd
Singapore
On Sep 26, 5:21 am, Dave Kleiman <d...@davekleiman.com> wrote:
> Snake Oil!!!!
>
> And it is worse than that............... now he is keynoting.....well at a conference nobody goes to...
>
> -----------------------------------------------
>
> The Computer Forensics Show is the “Don't miss” event of the year for all Litigation, Accounting and IT Professionals!
>
> ATTENDEE TITLES INCLUDE:
>
> CONFERENCE TOPICS AND GUEST SPEAKERS INCLUDE:
>
> KEYNOTE PRESENTATION
>
> "When No One Else Can": Data Recovery from a completely overwritten hard drives. Sample Forensic recovery from over written drive from Turkish assassination case, 2007.
>
> PRESENTER
>
> Alfred Demirjian – CEO at TechFusion
>
> -----------------------------------------------
>
> Respectfully,
>
>
> - Show quoted text -
iamnowonmai
Sep 25, 2009, 7:02:16 PM9/25/09
to datarecovery...@googlegroups.com
Saying you recovered overwritten data on a case in Turkey is like saying
"I have a girlfriend, she's from Niagara Falls - you've never heard of her."
Chuck Snipes
Sep 25, 2009, 8:38:54 PM9/25/09
to datarecovery...@googlegroups.com
I have read scientific papers that say even the electron scanning microscope doesn't work well enough to recover a large amount of data. I tend to believe them a lot more than this guy!
Charles Snipes
VP, CDS Ventures, LLC
http://www.datatriangle.com
Bachelor of Science, Regent's College
Certified Computer Examiner
Certified Data Recovery Professional
Charles Snipes
VP, CDS Ventures, LLC
http://www.datatriangle.com
Bachelor of Science, Regent's College
Certified Computer Examiner
Certified Data Recovery Professional
Dave Kleiman
Sep 25, 2009, 9:30:23 PM9/25/09
to datarecovery...@googlegroups.com
Do you mean this paper Chuck? ;)
Overwriting Hard Drive Data: The Great Wiping Controversy
Source: Lecture Notes In Computer Science; Vol. 5352 archive
Section: Biometrics, Forensics and Steganography
Pages: 243 - 257
Year of Publication: 2008
ISBN:978-3-540-89861-0
Authors:
Craig Wright BDO Kendalls, Sydney, Australia
Dave Kleiman ComputerForensicExaminer.com, Florida, US
Shyaam Sundhar R.S. Symantec, USA
Publisher - Springer-Verlag Berlin, Heidelberg
Respectfully,
Dave Kleiman - http://www.ComputerForensicExaminer.com - http://www.DigitalForensicExpert.com
http://www.sans.org/training/description.php?mid=1237 <http://www.sans.org/training/description.php?mid=1237>
----------------------------------------------------------
Forensic Strategy Services, LLC &
My Hard Drive Died, DBA
----------------------------------------------------------
601b Industrial Court, Woodstock, Ga 30189
Phone: 770-926-5588 Fax: 770-926-7089
Web: www.ForensicStrategy.com <http://www.ForensicStrategy.com>
Web: www.MyHardDriveDied.com <http://www.MyHardDriveDied.com>
Overwriting Hard Drive Data: The Great Wiping Controversy
Source: Lecture Notes In Computer Science; Vol. 5352 archive
Section: Biometrics, Forensics and Steganography
Pages: 243 - 257
Year of Publication: 2008
ISBN:978-3-540-89861-0
Authors:
Craig Wright BDO Kendalls, Sydney, Australia
Dave Kleiman ComputerForensicExaminer.com, Florida, US
Shyaam Sundhar R.S. Symantec, USA
Publisher - Springer-Verlag Berlin, Heidelberg
Respectfully,
Dave Kleiman - http://www.ComputerForensicExaminer.com - http://www.DigitalForensicExpert.com
----------------------------------------------------------
Forensic Strategy Services, LLC &
My Hard Drive Died, DBA
----------------------------------------------------------
601b Industrial Court, Woodstock, Ga 30189
Phone: 770-926-5588 Fax: 770-926-7089
Web: www.MyHardDriveDied.com <http://www.MyHardDriveDied.com>
Semyon Roitman
Sep 25, 2009, 10:40:21 PM9/25/09
to datarecovery...@googlegroups.com
Does it make any difference if data has been wiped out by software (even using some obscure math algorithms) or hardware, such as DeepSpar or some other equipment? It shouldn't i think...--
Respectfully,
Sam Roitman
President
Rescue Your Data Corporation
Empire State Building
350 Fifth Avenue, 59th Floor
New York, NY 10118
866-460-4518-toll free
917-399-8207-cell
www.RescueYourData.com
in...@RescueYourData.com
Respectfully,
Sam Roitman
President
Rescue Your Data Corporation
Empire State Building
350 Fifth Avenue, 59th Floor
New York, NY 10118
866-460-4518-toll free
917-399-8207-cell
www.RescueYourData.com
in...@RescueYourData.com
Chuck Snipes
Sep 25, 2009, 10:42:46 PM9/25/09
to datarecovery...@googlegroups.com
Very funny! Sorry Dave, I don't think I caught you were one of the authors when I read it!
Chuck Snipes
On Fri, Sep 25, 2009 at 9:30 PM, Dave Kleiman <da...@davekleiman.com> wrote:
Tim Farren
Sep 25, 2009, 10:47:50 PM9/25/09
to datarecovery...@googlegroups.com
Ah.. You guys are just jealous that you don't have the magic process of recovering the supposed "data". I have some oceanfront property available in colorado if anyone's interested..
-Tim
-Tim
Dave Kleiman
Sep 25, 2009, 10:48:18 PM9/25/09
to datarecovery...@googlegroups.com
I probably devalued it for you now Chuck ;)
Respectfully,
Dave Kleiman - http://www.ComputerForensicExaminer.com - http://www.DigitalForensicExpert.com
Respectfully,
Dave Kleiman - http://www.ComputerForensicExaminer.com - http://www.DigitalForensicExpert.com
Dave Kleiman
Sep 25, 2009, 10:49:40 PM9/25/09
to datarecovery...@googlegroups.com
That is funny because it just so happens I have my house on top of a mountain here in Florida....
Respectfully,
Dave Kleiman - http://www.ComputerForensicExaminer.com - http://www.DigitalForensicExpert.com
Respectfully,
Dave Kleiman - http://www.ComputerForensicExaminer.com - http://www.DigitalForensicExpert.com
Dave Kleiman
Sep 25, 2009, 10:50:50 PM9/25/09
to datarecovery...@googlegroups.com
As long as it wipes the Physical drive, it does not make a difference. Now some file erasers and such are not so efficient.
The Data Hero
Sep 27, 2009, 3:56:19 AM9/27/09
to DataRecoveryCertification
That was pretty funny :) A "regular" recovery would cost less than
$5,000 and a "sophisticated" recovery will cost $50,000.
Pretty big statements to make on TV. I think he's full of you know
what :)
On Sep 26, 12:50 pm, Dave Kleiman <d...@davekleiman.com> wrote:
> As long as it wipes the Physical drive, it does not make a difference. Now some file erasers and such are not so efficient.
>
> Respectfully,
>
> Dave Kleiman -http://www.ComputerForensicExaminer.com-http://www.DigitalForensicExpert.com
> i...@RescueYourData.com- Hide quoted text -
$5,000 and a "sophisticated" recovery will cost $50,000.
Pretty big statements to make on TV. I think he's full of you know
what :)
On Sep 26, 12:50 pm, Dave Kleiman <d...@davekleiman.com> wrote:
> As long as it wipes the Physical drive, it does not make a difference. Now some file erasers and such are not so efficient.
>
> Respectfully,
>
>
> 4371 Northlake Blvd #314
> Palm Beach Gardens, FL 33410
> 561.310.8801
>
>
>
> -----Original Message-----
> From: datarecovery...@googlegroups.com [mailto:datarecovery...@googlegroups.com] On Behalf Of Semyon Roitman
> Sent: Friday, September 25, 2009 22:40
> To: datarecovery...@googlegroups.com
> Subject: Re: Overwritten data can apparently be recovered
>
> Does it make any difference if data has been wiped out by software (even using some obscure math algorithms) or hardware, such as DeepSpar or some other equipment? It shouldn't i think...
>
> 4371 Northlake Blvd #314
> Palm Beach Gardens, FL 33410
> 561.310.8801
>
>
>
> -----Original Message-----
> From: datarecovery...@googlegroups.com [mailto:datarecovery...@googlegroups.com] On Behalf Of Semyon Roitman
> Sent: Friday, September 25, 2009 22:40
> To: datarecovery...@googlegroups.com
> Subject: Re: Overwritten data can apparently be recovered
>
> Does it make any difference if data has been wiped out by software (even using some obscure math algorithms) or hardware, such as DeepSpar or some other equipment? It shouldn't i think...
>
> On Fri, Sep 25, 2009 at 9:30 PM, Dave Kleiman <d...@davekleiman.com> wrote:
>
> Do you mean this paper Chuck? ;)
>
> Overwriting Hard Drive Data: The Great Wiping Controversy
>
> Source: Lecture Notes In Computer Science; Vol. 5352 archive
>
> Section: Biometrics, Forensics and Steganography
> Pages: 243 - 257
> Year of Publication: 2008
> ISBN:978-3-540-89861-0
>
> Authors:
>
> Craig Wright BDO Kendalls, Sydney, Australia
>
> Dave Kleiman ComputerForensicExaminer.com, Florida, US
>
> Shyaam Sundhar R.S. Symantec, USA
>
> Publisher - Springer-Verlag Berlin, Heidelberg
>
> Respectfully,
>
> Dave Kleiman -http://www.ComputerForensicExaminer.com-http://www.DigitalForensicExpert.com
>
> Do you mean this paper Chuck? ;)
>
> Overwriting Hard Drive Data: The Great Wiping Controversy
>
> Source: Lecture Notes In Computer Science; Vol. 5352 archive
>
> Section: Biometrics, Forensics and Steganography
> Pages: 243 - 257
> Year of Publication: 2008
> ISBN:978-3-540-89861-0
>
> Authors:
>
> Craig Wright BDO Kendalls, Sydney, Australia
>
> Dave Kleiman ComputerForensicExaminer.com, Florida, US
>
> Shyaam Sundhar R.S. Symantec, USA
>
> Publisher - Springer-Verlag Berlin, Heidelberg
>
> Respectfully,
>
>
> 4371 Northlake Blvd #314
> Palm Beach Gardens, FL 33410
> 561.310.8801
>
> -----Original Message-----
>
> From: datarecovery...@googlegroups.com [mailto:datarecovery...@googlegroups.com] On Behalf Of Chuck Snipes
> Sent: Friday, September 25, 2009 20:39
> To: datarecovery...@googlegroups.com
> Subject: Re: Overwritten data can apparently be recovered
>
> I have read scientific papers that say even the electron scanning microscope doesn't work well enough to recover a large amount of data. I tend to believe them a lot more than this guy!
>
> Charles Snipes
> VP, CDS Ventures, LLC
> http://www.datatriangle.com
> Bachelor of Science, Regent's College
> Certified Computer Examiner
> Certified Data Recovery Professional
>
> 4371 Northlake Blvd #314
> Palm Beach Gardens, FL 33410
> 561.310.8801
>
> -----Original Message-----
>
> From: datarecovery...@googlegroups.com [mailto:datarecovery...@googlegroups.com] On Behalf Of Chuck Snipes
> Sent: Friday, September 25, 2009 20:39
> To: datarecovery...@googlegroups.com
> Subject: Re: Overwritten data can apparently be recovered
>
> I have read scientific papers that say even the electron scanning microscope doesn't work well enough to recover a large amount of data. I tend to believe them a lot more than this guy!
>
> Charles Snipes
> VP, CDS Ventures, LLC
> http://www.datatriangle.com
> Bachelor of Science, Regent's College
> Certified Computer Examiner
> Certified Data Recovery Professional
>
GD.UK
Sep 27, 2009, 11:39:28 AM9/27/09
to DataRecoveryCertification
Guy seems full of it.. I doubt very much he has got an MFM, and, if he
has it would take him a least a year to read in raw and remap for a
small drive, assuming he can find the correct encoding of that exact
drive. and dont get me started on defrag! lol.. Its as Dave says: its
a bad wiping software. (assuming the whole drive was done) and,
perhaps he knows how to reverse the pattern because its calculable,
very much doubt it tho. Or there are other copies of the data which he
can carve out from unallocated etc - Even clearing the g list and
imaging is never going to get exactly what u want back. But it will
hold up the argument that if u didn't erase properly, then you can say
that it is possible to get data back from a wiped drive.. Nice
marketing job bud!
G
On Sep 27, 3:56 am, The Data Hero <adr...@datahero.com.au> wrote:
> That was pretty funny :) A "regular" recovery would cost less than
> $5,000 and a "sophisticated" recovery will cost $50,000.
>
> Pretty big statements to make on TV. I think he's full of you know
> what :)
>
> On Sep 26, 12:50 pm, Dave Kleiman <d...@davekleiman.com> wrote:
>
> > As long as it wipes the Physical drive, it does not make a difference. Now some file erasers and such are not so efficient.
>
> > Respectfully,
>
> > Dave Kleiman -http://www.ComputerForensicExaminer.com-http://www.DigitalForensicExp...
has it would take him a least a year to read in raw and remap for a
small drive, assuming he can find the correct encoding of that exact
drive. and dont get me started on defrag! lol.. Its as Dave says: its
a bad wiping software. (assuming the whole drive was done) and,
perhaps he knows how to reverse the pattern because its calculable,
very much doubt it tho. Or there are other copies of the data which he
can carve out from unallocated etc - Even clearing the g list and
imaging is never going to get exactly what u want back. But it will
hold up the argument that if u didn't erase properly, then you can say
that it is possible to get data back from a wiped drive.. Nice
marketing job bud!
G
On Sep 27, 3:56 am, The Data Hero <adr...@datahero.com.au> wrote:
> That was pretty funny :) A "regular" recovery would cost less than
> $5,000 and a "sophisticated" recovery will cost $50,000.
>
> Pretty big statements to make on TV. I think he's full of you know
> what :)
>
> On Sep 26, 12:50 pm, Dave Kleiman <d...@davekleiman.com> wrote:
>
> > As long as it wipes the Physical drive, it does not make a difference. Now some file erasers and such are not so efficient.
>
> > Respectfully,
>
>
> > 4371 Northlake Blvd #314
> > Palm Beach Gardens, FL 33410
> > 561.310.8801
>
> > -----Original Message-----
> > From: datarecovery...@googlegroups.com [mailto:datarecovery...@googlegroups.com] On Behalf Of Semyon Roitman
> > Sent: Friday, September 25, 2009 22:40
> > To: datarecovery...@googlegroups.com
> > Subject: Re: Overwritten data can apparently be recovered
>
> > Does it make any difference if data has been wiped out by software (even using some obscure math algorithms) or hardware, such as DeepSpar or some other equipment? It shouldn't i think...
>
> > On Fri, Sep 25, 2009 at 9:30 PM, Dave Kleiman <d...@davekleiman.com> wrote:
>
> > Do you mean this paper Chuck? ;)
>
> > Overwriting Hard Drive Data: The Great Wiping Controversy
>
> > Source: Lecture Notes In Computer Science; Vol. 5352 archive
>
> > Section: Biometrics, Forensics and Steganography
> > Pages: 243 - 257
> > Year of Publication: 2008
> > ISBN:978-3-540-89861-0
>
> > Authors:
>
> > Craig Wright BDO Kendalls, Sydney, Australia
>
> > Dave Kleiman ComputerForensicExaminer.com, Florida, US
>
> > Shyaam Sundhar R.S. Symantec, USA
>
> > Publisher - Springer-Verlag Berlin, Heidelberg
>
> > Respectfully,
>
> > Dave Kleiman -http://www.ComputerForensicExaminer.com-http://www.DigitalForensicExp...
> > 4371 Northlake Blvd #314
> > Palm Beach Gardens, FL 33410
> > 561.310.8801
>
> > -----Original Message-----
> > From: datarecovery...@googlegroups.com [mailto:datarecovery...@googlegroups.com] On Behalf Of Semyon Roitman
> > Sent: Friday, September 25, 2009 22:40
> > To: datarecovery...@googlegroups.com
> > Subject: Re: Overwritten data can apparently be recovered
>
> > Does it make any difference if data has been wiped out by software (even using some obscure math algorithms) or hardware, such as DeepSpar or some other equipment? It shouldn't i think...
>
> > On Fri, Sep 25, 2009 at 9:30 PM, Dave Kleiman <d...@davekleiman.com> wrote:
>
> > Do you mean this paper Chuck? ;)
>
> > Overwriting Hard Drive Data: The Great Wiping Controversy
>
> > Source: Lecture Notes In Computer Science; Vol. 5352 archive
>
> > Section: Biometrics, Forensics and Steganography
> > Pages: 243 - 257
> > Year of Publication: 2008
> > ISBN:978-3-540-89861-0
>
> > Authors:
>
> > Craig Wright BDO Kendalls, Sydney, Australia
>
> > Dave Kleiman ComputerForensicExaminer.com, Florida, US
>
> > Shyaam Sundhar R.S. Symantec, USA
>
> > Publisher - Springer-Verlag Berlin, Heidelberg
>
> > Respectfully,
>
Madmex
Sep 28, 2009, 12:19:29 AM9/28/09
to datarecovery...@googlegroups.com
This is total BS... One person taking advantage of an uneducated
public and the media hype on a big case...
public and the media hype on a big case...
News article 1: "Demerjian said engineers would make a copy of his
hard drive and then run its data recovery software on that drive,
looking for deleted files."
So.. if you make a copy.. there is no way you are going to do any
super ultra-dope double-secret proprietary platter bit carving...
Also, it doesn't seem like that much of a technical miracle from a
forensics standpoint. User gets emails, deletes them, then empties
his deleted items folder before the server can do a backup at
midnight.. ok, the emails are either in unallocated space, or if those
areas get overwritten you might find fragments in file slack. I
really don't think the user ended up trying to "scrub" or overwrite
anything on purpose, but I guess those details will eventually get
revealed.
Also, the "famous" case that techfusion dealt with was one in which
the smoking gun (awful pun I know) was pictures. Every forensics
person on this list knows that pictures, depending on how they were
viewed and stored can easily leave traces everywhere. View them in a
browser, they could leave temp artifacts.. there are thumbnail.db
files, depending on what software he used to edit them it could leave
traces as well, last time I researched Picassa it made a new image
anytime you did any digital effects processing on it and left the
original intact, and so on. From the interview you can tell they most
likely did file carving, since he states that the pictures had "dots",
which I can only assume means artifacts from carving that didn't
result in pictures that were 100% intact.
Lastly, did he honestly say that his secret data recovery methods were
so secret that they don't write them down, and try not to have any
turnover and that they keep this stuff in their employees heads?!?
Even the Colone's 11 herbs and spices and the recipe for Coke is
written down.. Hard to write a recipe for snake oil.. \
Lastly I do have to share a bit of humor.. I found his on his testimonials page:
“Thanks for your speedy and helpful data recovery services! You helped
me save years' worth of data. I'll definitely call you again if I have
another hard drive emergency."
-Cassandra
Dr. Cassandra Extavour
Harvard University
I love that they never say things like, "I'll always backup my data
from now on!!" Ahh customers.. God bless them!
Karlo Arozqueta, EnCE, CISSP
Serge Shirobokov
Sep 28, 2009, 9:07:28 AM9/28/09
to DataRecoveryCertification
Data recover companies do things like this from time to time for
marketing purposes. Whether it is being able to recover overwritten
data or having practical platter reading devices...
marketing purposes. Whether it is being able to recover overwritten
data or having practical platter reading devices...
Bud
Oct 2, 2009, 10:11:15 AM10/2/09
to DataRecoveryCertification
An update, the recovery was successful apparently, by another company,
maybe everyone in Boston uses the same witch Doctor.... or maybe the
files were just deleted not overwritten :)
http://news.bostonherald.com/news/politics/view/20090924forensic_experts_recover_4286_city_hall_e-mails/srvc=home&position=recent#
maybe everyone in Boston uses the same witch Doctor.... or maybe the
files were just deleted not overwritten :)
http://news.bostonherald.com/news/politics/view/20090924forensic_experts_recover_4286_city_hall_e-mails/srvc=home&position=recent#
The Data Hero
Oct 4, 2009, 3:44:45 AM10/4/09
to DataRecoveryCertification
I dare say they were just deleted. Lets face it, not many people
really know what they are talking about when it comes to DR...well not
the general public anyway. Including journalists.
On Oct 3, 1:11 am, Bud <b...@reclamere.com> wrote:
> An update, the recovery was successful apparently, by another company,
> maybe everyone in Boston uses the same witch Doctor.... or maybe the
> files were just deleted not overwritten :)http://news.bostonherald.com/news/politics/view/20090924forensic_expe...
really know what they are talking about when it comes to DR...well not
the general public anyway. Including journalists.
On Oct 3, 1:11 am, Bud <b...@reclamere.com> wrote:
> An update, the recovery was successful apparently, by another company,
> maybe everyone in Boston uses the same witch Doctor.... or maybe the
>
> On Sep 28, 9:07 am, Serge Shirobokov <sshirobo...@deepspar.com> wrote:
>
>
>
> > Data recover companies do things like this from time to time for
> > marketing purposes. Whether it is being able to recover overwritten
> > data or having practical platter reading devices...- Hide quoted text -
> On Sep 28, 9:07 am, Serge Shirobokov <sshirobo...@deepspar.com> wrote:
>
>
>
> > Data recover companies do things like this from time to time for
> > marketing purposes. Whether it is being able to recover overwritten
Reply all
Reply to author
Forward
0 new messages