Related topic: Lois Lerner's very convenient computer crash.
Many computer users, including some who should know better, are unaware that deleted files can be
recovered — undeleted — and can yield information which can be used against the
person who deleted them. This information can be as common as a deleted email message or as
important as sensitive business records or government transactions. Those who are less technically
astute may assume that if a file doesn't show up in a directory (or folder), it's gone forever. Few
people know that deleted files are not erased; the data is just hidden, and the files can be undeleted.
Still fewer users know how to undelete files, either to recover from accidental deletion or to "go fishing"
for interesting data. It is unlikely that your little sister can undelete your files, but there
are several US government agencies which — if properly motivated — could perform
some amazing feats with your old computer.
Apparently there are many security-conscious individuals -- even some who own paper shredders -- who don't know
or don't care about residual information from their deleted computer files. But there have been many
public figures in recent history who have learned about this issue the hard way. That's how U.S. Senate
investigators got evidence on Col. Oliver
messages that North believed to be deleted were found and used against him in
total of 758 e-mail messages were sent, involving him in the Iran-Contra affair, and every one of them was
this problem becomes more difficult if you
make backup copies
of everything on your computer, as you should. And of course, if information escapes onto
the internet, it's free to wander around forever.
"Computer forensics" is the term for recovering other people's deleted or "lost" data. This can be
done as a favor to you, when your computer has crashed, (where the word "favor" means a commercially available
service which costs a lot of money), or it can be done by a law enforcement agency when your computer has been
seized as evidence. In the latter case, you can be sure that anything embarrassing that is found on your
computer can and will be used against you, whether or not it pertains to your alleged criminal conduct.
Files and subdirectories can be hidden, too, although this was easier to accomplish under
MS-DOS than it is with Windows.
Usually the originator of a hidden file (or subdirectory) is the
only one who knows that it exists. However, merely hiding a file offers no
protection once the file has somehow been discovered. Hiding a file makes no
difference after the file has been deleted, since all deleted files are hidden, to some extent.
If you use an Apple computer running OS X, and you store files on a removable USB device,
also known as a jump drive or a thumb drive (see below), you might be somewhat surprised to see all the hidden
files you're creating in the course of your everyday work. Take that removable device to a
computer running Windows NT, Windows 7 or a newer version of Windows, and you'll see those
Encryption can be used to protect files whether they are deleted or
not. Encryption products are available in various strengths, for
particular levels of security, but that is another topic altogether.
Simple deletion of a file is adequate if your only goal is to reduce
clutter and make more space available on the disk drive (or floppy),
and this is the quick and easy thing to do if the deleted files are of
no interest to anyone else. However, before you sell or give away
an old computer, you should seriously consider wiping the entire hard drive,
especially if the hard drive has ever contained sensitive information
from your business or personal life. Just putting an old computer in
the trash dumpster behind your place of business can result in the
compromise of all your "company confidential" files, trade secrets,
and proprietary data.
Recovery of a file through software is impossible after the file has been subjected to a single overwrite
with other data; however, the original file must be overwritten by something with the same or larger file
size (see "Slack Space" below). Recovery through more elaborate techniques is generally thought
to be impossible after ten or twelve passes with random data rewriting the same sector of the disk.
So it's safe to say that wiping a file one time is enough to destroy it, for almost all practical
purposes. Your disgruntled employees, nosy family members, and small-town private eyes won't be able
to recover a wiped file.
The primary hazard associated with the use of file wipers is that you may accidentally
erase a file that you wish you hadn't. If that happens, give it up. Your
file is gone. If you use file-wiping power tools, be sure you know what
you are doing, because it is possible to do a lot of permanent damage.
In theory at least, after a file has been wiped, examination of the disk with an electron
microscope can still reveal the previous contents of the wiped area, because the
obliterating bytes are not written in exactly the same tracks as the original data and
there is still a little of the original data left around the edges. For this reason,
government-grade wiping involves multiple passes, typically writing ones and zeros on
alternate passes, and perhaps finishing by writing random bits.
Even after wiping a disk, if you are protecting data from a foreign
government (or your own government), you may have lingering doubts about
the destruction of your most sensitive files. Let's say, for example,
that you are an orchid grower in Houston, and you suspect that
a heavy-handed investigation by
the Fish and Wildlife Service is about to get underway, and your computer could be used
as evidence against you. You might want to consider physical destruction of your
computer's hard drive, or the shredding of a floppy disk.
Please note that the information on this page is provided for educational, entertainment and
information purposes only, and is not intended to facilitate any unlawful activity. As
a condition of your use of this web site, you warrant to us that you will not
use this web site for any purpose that is unlawful or prohibited by the terms,
conditions, and notices in our
all-inclusive Disclaimer. The
entire risk arising out of your use of this web page is assumed by you. Regardless
of any appearance to the contrary, we do not warrant, guarantee, or make any
representation regarding the correctness, accuracy, timeliness, veracity,
appropriateness or suitability of the information on this page. As I always say,
any actions you take based on whatever you saw, or think you saw, on this site are
entirely your own responsibility.
Mass erasure of magnetic media (tape or disks) is called bulk erasing or degaussing. People who work in
radio and TV stations often bulk erase tapes before reusing them. Once in a while, the bulk eraser is
also used to obliterate the contents of floppy disks, DAT tapes, or other media. Computer hard drives
can be erased this way as well; however, the magnetic forces in an industrial-strength bulk eraser are so
strong that the platters and other components of a hard drive are likely to be mechanically damaged in the
process, so this is recommended only for drives that are about to go into the trash.
Do not degauss ZIP disks if you have any intention of reusing them. ZIP
disks are shipped with a magnetic servo pattern recorded on the disk. Bulk erasing
or degaussing a ZIP disk will make it unusable. A ZIP disk cannot be reformatted
after it has been bulk
disks are rapidly becoming unpopular, since CD-ROM and DVD-ROM drives are now
affordable. (Before you purchase a ZIP drive, you might want to read
this also.) Depending
on the make and model, it may also be true that hard drives are not reusable
after bulk erasing them with an electromagnet, because degaussing wipes out
the low level formatting (track and sector markings) of the
In the case of floppy disks, the magnetic medium is easily extracted from
the shell of the disk, and it slides easily into a paper shredder. In an
emergency, if you are away from your shredder, you could remove the
magnetic film from a floppy disk, stuff it into an empty aluminum beverage
can, crush the can, and drop it into the trash. Preferably in someone
else's trash can. This technique works well for small scraps of paper, too.
A few words about "jump drives"
The recent development and popularity of removable solid-state storage devices, called "Jump drives", "Thumb
drives", "Flash drives", "Keychain drives", and so on, have opened up another aspect of the
emergency disposal problem. As in the case of floppy disk media (when extracted from the shell),
most solid-state USB drives can be stuffed quickly into a soda can and dropped in the trash, if you
really don't want to be caught with the drive and its contents, or if you just want to dispose of the
device without someone else exploiting it. The drives are already quite inexpensive, and if they keep
getting cheaper, they could be considered disposable. Keep in mind that a trash can is often the safest
place to store something for a few minutes: Trash cans aren't emptied more than once a day, at least
where I work.
The widespread use of "jump drives" creates a new and very large privacy risk: If you use such
a device at work, someone could "borrow" your jump drive while you're away from your desk, explore it,
copy it and return it -- without your knowledge!
Please remember -- regardless of what you may have read in the preceding paragraphs -- the management of
akdart.com does not condone or endorse industrial espionage or unprofessional conduct in the workplace.
Hard drives are a little tougher to destroy than floppies, and obviously more expensive
to replace. A good method of destruction might involve a few blows from a
sledgehammer, an hour or more in a very hot fire, or — if you like chemistry — an
acid bath. Perhaps even a "cement overcoat" and a trip to the nearest lake or really
deep river. It pays to be creative.
There is a reason for all this extra care in disposing of hard drives: There are people whose
hobbies include dumpster
diving in search of things like old computers. Remember, even if the hard
drive's electronics are destroyed, data remains on the disk platters until they are also
physically destroyed. I have actually seen an old disk drive in the trash (at work)
from which the platters had been removed, so I'm not the only one who is cautious.
As you may recall, a U.S. Navy EP-3 military surveillance plane was forced
down by the Chinese in April of 2001, and according to news reports, the crew
hastily zeroized the
disk drives on the plane before the crew and the plane were taken into
custody. Evidently they did a good job, because the Chinese government let the
matter drop a few days later. As far as I can determine, the plane is still
in the hands of the Chinese
Slack space is another problem, if there has ever been anything on your computer's hard drive that
you don't want anyone to discover. When a large file is deleted from a disk drive, and then a smaller
file is stored in the same place on the disk drive, the contents of the large file – except for
the part covered by the smaller and newer file – still remains on the disk and can be
recovered. If the newer file is really small, and sometimes files are only a few bytes,
the chances of recovering almost all the contents of the large file are very good. Disk space
is allocated in clusters of as much as 32k-bytes. As long as the newer and smaller file is
not deleted, the information in the slack space will stay on the disk. This is a rich
source of information – in bits and pieces – for "investigators"
with various motives.
Good file wiping programs usually include provisions for wiping slack space on individual files, as well as
clearing out all the unused space on a disk drive.
For more routine civilian purposes, all this deleting and file wiping may seem like a lot of trouble.
But if your old computer has ever held sensitive files that could ruin your reputation, crush
your business, or send you to prison if the files fell into the wrong hands, it is worth the effort to make
sure the files are really gone. In many countries around the world, there are those for
whom the stakes are even higher.
It would be difficult to list all the products that are available to wipe out
computer files as they are deleted. By listing only a few, like
and obsolete products like good old
(for DOS), you might get the idea that I have tried them all, or
that I am endorsing one product instead of another. Of course that is not the case; the
information on this page is provided for information only. The large number of products
available for this task shows that permanent file deletion is a non-trivial problem.
However, I would like to mention an article called Covering tracks on your
hard drive, which explains what a swap file wiper is and why you need one. It
was written by Craig Christensen, author of two programs called
Mutilate File Wiper and
Mutilate Swapfile Wiper. I
used both of Craig's programs frequently, when I was primarily running Windows 98, even
though I'm not paranoid and I have nothing to hide. (Really!) These days I'm using a
Power Mac G5 with OS X, so I recently purchased a product
called ShredIt X.
Please note that the links below are provided as a courtesy, and no representation is made
regarding these products or the information provided about them (regardless of the
statements immediately above). If you have questions, complaints or claims related to these
programs, you must direct them to the appropriate software vendor.
This is an original
compilation, Copyright © 2017 by Andrew K. Dart
Other file-wiping or data recovery products:
This is not a comprehensive list of such products, but most of these products are available
as freeware. The ones that carry a price tag are usually affordable and (as far as I
can tell) worth the investment. Of course, there are exceptions.
Any mention of commercial products or reference to commercial organizations is for
information only; it does not imply recommendation or endorsement by akdart.com nor does it imply
that the products mentioned are necessarily the best available for the purpose. Unless
specifically stated below, I have not tested any of these products or services.
These links are listed in no particular order. Notice that some of these products pertain to the
recovery of lost data, while others are for those who want to prevent data recovery.
Sure Delete offers two utilities that work to
permanently delete data from a hard drive. When you need to shred sensitive information, Sure Delete ensures that it's
done right. Rather than simply deleting file references on your computer, the program actually destroys the data
itself. Sure Delete goes much further than the Windows Recycle Bin, and ultimately makes the data irretrievable.
Best of all, the process is virtually effortless.
Webroot® Window Washer®.
"Window Washer is internet privacy software that cleans all aspects of your browser activity, including Internet
history, address bar, cache, cookies, and more."
Hard Drive Eraser is powerful and compact software that allows you to
destroy all data on hard and floppy drives completely, excluding any possibility of future recovery of deleted files
and folders. It's a hard drive and partition eraser utility.
Darik's Boot and Nuke (DBAN) is a self-contained boot
floppy that securely wipes the hard disks of most computers. DBAN is appropriate for bulk or emergency data
How do I remove sensitive
information from a disk? It's a wise precaution to remove sensitive data from computer disks before the
disks are either transferred from one area to another or discarded. The process is referred to as disk sanitizing,
cleaning, purging, or wiping. The method you choose to sanitize a disk should depend on the security requirements
of your organization.
MediaWiper: You could give away your
complete personal identity on a single carelessly discarded diskette. Most financial programs will back up data to
removable media such as diskettes, memory cards, and more. Removable media often has the habit of getting misplaced
or discarded. Identity thieves know this and make it an easy target.
Disk Wipe completely and permanently overwrites
and destroys all existing data on a hard disk, overwriting every physical byte of the disk. Once Disk Wipe has been
run, all data from every sector will have been eliminated.
Drive Cleanser: Getting rid of an
old PC, upgrading to a new hard drive, returning a leased computer, or redeploying a PC within your company? It is
truly imperative to completely destroy all data from the old hard disk.
cyberCide: Whether your data is sent to the recycle bin or
your entire drive is formatted and repartitioned, the chance of unauthorized discovery is very real and poses issues of risk
and liability. Securely wipe hard drives and overwrite, delete and destroy privileged data with cyberCide.
Declasfy: Drive wiping with Declasfy can serve
many purposes where information security is a concern. For example: preparing drives for internal reuse;
securing private information prior to retirement or donation of a drive; securing private information for compliance with
HIPAA and other regulatory requirements. The program is designed to "wipe" hard disks to meet Department of Defense
standards from the Rainbow series concerning declassification (wiping) of hard disks and cleansing of floppy disks.
R-Wipe & Clean is a complete solution to wipe useless files and keep your
computer privacy. Irretrievably deletes private records of your on- and off-line activities, such as temporary
internet files, history, cookies, autocomplete forms and passwords, swap files, recently opened documents list, Explorer
MRUs, temporary files, etc., traces from more than 300 third-party applications, and free up your disk space. The
utility wipes files and unused disk space using either fast or secure erase algorithms.
QuickWiper is a Windows security program. If you are worried
about coworkers going to recover files, remember — simple deletion is not secure enough because anybody can
recover your sensitive files. QuickWiper lets you to delete files with simplicity and ease. You can choose a
fast single pass, or the most secure NSA erasure algorithm.
Disk Redactor is a WIPE utility that lets you
securely erase any old (deleted) files and prevent them from being recovered. All your private sensitive insecurely
erased information will be wiped from free unused space on your drives to ensure complete data destruction. This is
necessary because when you delete a file, it is not gone forever, and any file removed from the Recycle Bin can be easily
(See HTML <!-- comments -->)
Extremely powerful data recovery tools designed to restore files that have been accidentally deleted, have become
unreadable due to media faults, or were stored on a drive before it was re-initialized or formatted. It is
device and file system independent, allowing the users to recover files from a normal Mac OS hard drive, USB key,
Linux disk, Windows drive, FLASH card, scratched CD, and almost any other media or file system that can be
recognized in Mac OS X.
A complete suite of forensics and analysis tools in one cohesive software package. Combining the power
of many individual functions into one application in order to provide a single solution for law enforcement
professionals and digital forensic investigators.
TestDisk is a powerful free data recovery
software! It was primarily designed to help recover lost partitions and/or make non-booting disks
bootable again when these symptoms are caused by faulty software, certain types of viruses or human error
(such as accidentally deleting your Partition Table).
ShredIt X: Whether you deal with confidential
data on an ongoing basis or just want to protect yourself from identity theft when disposing of a computer,
ShredIt has the features you want, for the computer you use.
The Editor says...
I purchased a copy of Shredit X in January, 2007, and so far it appears to be quite good.
I'm using it on a Power Mac G5, and most of the time I just use it to scrub my USB jump drive.
"The easiest and most affordable way to recover lost photos from your digital camera, memory card or thumb
drive. CardRaider's familiar Mac OS X interface makes it simple to detect and unerase lost
[Yes, but sometimes you might want those pictures to get lost. CardRaider apparently also
includes a mechanism to "permanently erase photos so they can no longer be recovered."]
Digital Shredder: Anonymizer
Digital Shredder is the easiest way to keep your PC clean and running smoothly. It erases
cookies, cached files and history archives that are left on your computer every time you surf.
drive sterilization on a bootable floppy. (Great idea, if you have a floppy drive.)
BCWipe is designed to securely delete
files from the disk. Standard file deletion leaves the contents of
the "deleted" file on your disk. Unless it has been overwritten by files
subsequently saved, it can be easily recovered using standard disk utilities. BCWipe
is fully integrated into the Windows Shell and efficiently shreds data in files
so that they can not be recovered by any means.
Drive Scrubber: With
DriveScrubber, you can completely wipe all the contents of a drive, or you can just wipe a drive's free
space. Wiping everything from the hard drive is ideal before you reassign your PC. Wiping
the free space is ideal for regular computer maintenance; this process erases all remnants of deleted
data, while keeping the existing files and operating system intact.
Kill Disk: KillDisk - Hard Drive Eraser is powerful and
compact software that allows you to destroy all data on hard and floppy drives completely, excluding any
possibility of future recovery of deleted files and folders. It's a hard drive and partition eraser
Eraser is an advanced
security tool (for Windows), which allows you to completely remove sensitive data from
your hard drive by overwriting it several times with carefully selected patterns. Works
with Windows 95, 98, ME, NT, 2000, XP and DOS. Eraser is FREE software and
its source code is released under GNU General Public License.
R-Tools Technology Inc. has tools for Data Recovery,
File Undelete, File Encryption, E-Mail Recovery, Disk Cleaning, etc.
Pandora Recovery: Find and recover deleted files of any type.
R-Studio Data Recovery Software.
Disk Internals: Numerous
other tools to get back lost or deleted files.
SIM Recovery Pro: You can now recover
data and text messages from cellular phones using the SIM (Subscriber Identity Module) Recovery Pro. Using
this device allows you to save, edit and delete your phone book and short messages. Aside from recovery and
retrieve, even of deleted data, an added advantage is to back the information up on your computer.
SIM Recovery Pro capabilities:
Allows user to find deleted text. Allows user to view up to last 10 numbers dialed. Transfer data
from one SIM card to another. Edit SIM card information on your computer. Back up phone numbers and
Cell Phone Spy Data Extractor:
Save, edit and delete your phone book and short messages (SMS) stored on your SIM card using the Recovery PRO
software and SIM Recovery Pro Reader with your computer and ANY standard SIM card from a standard cell phone
which supports removable SIM cards.
PS/2 Mini Key Logger:
The Mini Key Logger 64K is the world's smallest Key Logger. It's only 4cm long and records over 64,000
keystrokes including e-mail, chat, IM, Web Site Addresses and other computer activity. Find out which
Web Sites your employees are visiting while working on your computer. This Key Logger is perfect for
home or professional use.
Pro Data Doctor: File recovery software for Windows,
USB drives, removable media, digital cameras, iPods and SIM cards.
GetDataBack Data Recovery Software: Runtime Software's data
recovery software will help you rescue your lost or inaccessible files from any imaginable data recovery
disaster. Data Recovery is possible more often than you might think — even without having to
send your hard drive to a data recovery service.
My Hard Drive Died! When you absolutely,
positively need your data back!
More Software Products and
information about data recovery.
More secure deletion
Professional recovery services:
In extreme cases, you could ship a damaged drive to a lab for data recovery. For example,
Secure Data Recovery dot com
Data Recovery dot com
First Advantage Data Recovery Services
ECO Data Recovery
Vantage Data Recovery
Data Recovery Group
CBL Data Recovery Technologies Inc.
Professional data destruction services:
Enterprise Boot and Nuke: You
have data to destroy on dozens (if not hundreds or thousands) of hard-drives and you're looking for a way to
get it done quickly, economically, and effectively. In addition, you need accurate reports for legal
compliance. Techway Services has three proven solutions to meet your needs. ... All of Techway Services
solutions employ our class-leading, proprietary software EBAN, which is U.S. Department of Defense 5220.22M
Other privacy protection products:
Here is a list of Useful Products. A
number of useful software programs that can help you manage and protect your privacy online.
Disk Investigator (Freeware) helps
you to discover all that is hidden on your computer hard disk. It can also help you to recover lost
data. Display the true drive contents by bypassing the operating system and directly reading the raw
drive sectors. View and search raw directories, files, clusters, and system sectors. Verify the
effectiveness of file and disk wiping programs. Undelete previously deleted files.
The Secure Erase Command:
How to REALLY erase a hard drive: HDerase.exe
accesses an ATA disk drive's internal Secure Erase commands to wipe a disk clean. ... Secure Erase is
built into all ATA-compliant disks drives since 2001. This functionality is recognized by the US
Government's National Institute of Standards and Technologies (NIST) as equivalent to magnetically wiping a
drive (degaussing) or physically destroying it. NIST also rates the secure erase commands as more secure
than external host-based drive wiping utilities such as Boot and Nuke. Secure Erase complies with HIPAA,
Personal Information Protection and Electronic Documents Act (PIPEDA), the Gramm-Leach-Bliley Act (GLBA), and
California Senate Bill 1386 for data destruction.
Secure Erase: data security you already own.
Secure Erase is built into virtually all P/SATA drives built since 2001, when it became part of the ATA
standard. It is virtually unknown however, because many BIOSes block the command and some even lock the
drive to keep the data safe from Murphy's-law-abiding citizens. Not to mention evil virus writers.
There's even a Secure Erase Newsletter.
Tutorial on Disk Drive Data Sanitization:
Complete eradication of user data off drives can be accomplished by running data Secure Erasure utilities such as
the freeware "HDDerase". It executes the Federally-approved (NIST 800-88) Secure Erase command in the
ATA ANSI standard, which is implemented in all recent ATA drives greater than 15-20 GB. A similar command
in the SCSI ANSI standard is optional and not yet implemented in drives tested. Normal Secure Erase takes
30-60 minutes to complete. Some ATA drives also implement the standard Enhanced Secure Erase command that
takes only milliseconds to complete.
Hillary Clinton's use of file-wiping software:
Clinton acted 'with criminal intent'. Former New York City Mayor Rudy Giuliani claimed Sunday that Democratic
presidential nominee Hillary Clinton "acted intentionally and with criminal intent" in regard to the private email server she
used while secretary of state. Giuliani, a Donald Trump surrogate and former United States attorney for the Southern
District of New York, said in a statement released by Trump's campaign that Clinton's "powerful evidence of criminal intent"
was how she deleted 33,000 emails and erased them with "expensive BleachBit software" that he claims is "used by criminals
seeking to hide evidence from law enforcement."
The Editor says...
Bleachbit is not expensive software; in fact, it seems to be surprisingly affordable if not free.
Emails: Soaked in Bleach. [Scroll down] When questioned about the contents of the emails that
Hillary and her team deleted and that have never been turned over to investigators as mandated, the company line that she and
her team have stuck to is that they were mostly related to Hillary's yoga classes (anybody else not buy that Hillary does
yoga?) and Chelsea's wedding and other such banalities irrelevant to the state. If that's true, then why the BleachBit?
Sure, the software makes it easy, but make no mistake: using BleachBit is an extreme measure.
may not have been able to detect software used to scrub Clinton servers. The developer of the Bleachbit
software told the Daily Caller that the FBI may not have been able to detect its use in scrubbing the private email server
used by Hillary Clinton. [...] It seems probable that many of the 14,900 emails recovered by the FBI were from sources other
than the server.
strength data-erasing software company BRAGS that Hillary Clinton used their product to 'wipe' her email
server. A software company that sells a brute-force data erasure program is boasting that its technology gave
Hillary Clinton the power to 'wipe' her private homebrew email server before it fell into the hands of the FBI.
Application developer Andrew Ziem wrote in a Thursday night [8/25/2016] press release that his BleachBit software prevented the FBI
from accessing emails that Clinton deleted. 'Last year when Clinton was asked about wiping her email server, she joked, "Like
with a cloth or something?" It turns out now that BleachBit was that cloth.'
Clinton BleachBits her past. While Hillary Clinton was preparing to deliver a big speech portraying Donald
Trump as a racist, a figure from Clinton's recent unhappy past — Rep. Trey Gowdy, chairman of the House
Select Committee on Benghazi — added a new word to the 25-year vocabulary of Clinton scandals: BleachBit.
That is the name of a publicly-available utility used to delete material from a computer's hard disk. And it's not just
for casual, quickie deletes of junk mail. It's for when a user really wants to destroy material on a computer so that
no one will be able to recover it. According to Gowdy, BleachBit is what Clinton and her legal team used, or
at least part of what her team used, to destroy the 30,000 or so emails on her secret system that she deemed "personal"
from her years as secretary of state.
Clinton Deleted Emails Using Program Intended To 'Prevent Recovery'. Hillary Clinton's team of aides and
lawyers deleted emails from her private server using a software program intended to "prevent recovery" and hide traces of
deleted files. South Carolina Rep. Trey Gowdy revealed the information during an interview on Thursday [8/25/2016] on Fox
News. Citing notes that FBI investigators took during their probe of Clinton's private email server, Gowdy said that Clinton's
team used open source software called BleachBit to remove tens of thousands of emails from her server.
Clinton used special tool to wipe email server. [Congressman Trey] Gowdy (R-S.C.) said the use of BleachBit,
computer software whose website advertises that it can "prevent recovery" of files, is further proof that Clinton had
something to hide in deleting personal emails from the private email system she used during her tenure as secretary of
state. Clinton has long said that the deleted emails were all of a personal nature, relating largely to yoga and her
daughter's wedding, but Gowdy said he did not know whether the Democratic nominee considered emails pertaining to the Clinton
Foundation to be personal.
team used special program to scrub server, Gowdy says. Hillary Clinton's team used more than just a "cloth" to
scrub her private server — employing a special program known as BleachBit to delete her private emails and try to
prevent their recovery, a senior Republican on the House oversight committee who has read the FBI's investigative file told
Fox News. [...] The account is striking considering that Clinton, at a rare press conference last year in Las Vegas, seemed
to claim ignorance when asked by Fox News whether she wiped her server. "What, like with a cloth or something?" Clinton
quipped, adding: "I don't know how it works digitally at all." Yet Gowdy said her team was using BleachBit,
which is like an electronic shredder that permanently scrambles data.
Additional related information:
Vegas Massacre Exposé: What Really Happened? Vegas has video cameras everywhere. After NYC terror
attacks we had videos on TV within hours. In this case, in hotels covered by hundreds of [cameras], 6 months later
we've never seen one video of the killer walking through the hotel. Why? [...] Police say they found child porn on
Paddock's computer. But it was announced after the shooting, Paddock's hard drive was gone. Removed from his
computer. Nowhere to be found. So how did police find child porn? Not one journalist questioned this
development. No one ever asked, "Did the hard drive miraculous re-appear?" Police never said a thing. First it
was gone. Then they found child porn. Strange. But if in fact child porn was found (on another computer
removed from his home, or office) wouldn't it make sense to investigate the connection to ISIS and the Philippines, where
child sex trafficking is a primary mode of funding for Islamic terror groups?
police can find your deleted text messages. Smartphone forensics experts can retrieve just about anything from
any phone. Police will often seize and analyze phones for evidence of things such as indecent photos and videos, what
calls were placed when and to whom, browser history, calendar events and explanations of a suicide or murder. All of
that can be uncovered whether or not a user deleted it from their phone.
When the World Wears a Wire. The text
exchanges between FBI agent Peter Strzok and his associate Lisa Page have recently been in the news. Most of the coverage has focused
on its politically controversial content. What they say about Hillary, Trump and Obama. Relatively less has been written about
how the texts were "lost" and then "recovered" by the DOJ in the first place. That is a perhaps a more important story in itself, but
one no one is anxious to talk about. There are three known ways the text messages could have been recovered after they were
[#1] From the device itself;
[#2] From the retained records of the communications
[#3] Pulled from the archives of the National Security Agency or some similar law enforcement organization.
Forensic Experts Retrieve
'Ghost Texts'. The Inspector General has recovered the Samsung 5 cellphones of two embattled FBI agents at the
center of ongoing Department of Justice and Congressional investigations. The two agents are under scrutiny for their
involvement in the Special Counsel's investigation into President Trump and alleged collusion with Russia during the 2016
election. The DOJ's Inspector general is now retrieving some of the missing five months of crucial text messages
exchanged between the pair of FBI agents using forensic experts to track 'ghost texts,' left behind even after they are
deleted from the devices, former and current law enforcement officials told this reporter.
recovers missing text messages between anti-Trump FBI agents Strzok and Page. The Department of Justice has
recovered missing text messages between anti-Trump FBI officials Peter Strzok and Lisa Page, the DOJ's inspector general said
Thursday [1/25/2018]. In a letter sent to congressional committees, Justice Department Inspector General Michael Horowitz
said his office "succeeded in using forensic tools to recover text messages from FBI devices, including text messages between
Mr. Strzok and Ms. Page that were sent or received between December 14, 2016 and May 17, 2017." "Our
effort to recover any additional text messages is ongoing," Horowitz said.
DOJ Has Found and Is Recovering Missing FBI Text Messages. According to a Fox News exclusive report the
Department of Justice has found the missing text messages between Agent Peter Strzok and FBI Attorney Lisa Page, and is in
the process of recovering them.
A modern photocopier is basically a computer with a scanner and printer attached. This computer has a hard drive, and
scans of images are regularly stored on that drive. This means that when a photocopier is thrown away, that hard drive
is filled with pages that the machine copied over its lifetime. As you might expect, some of those pages will contain
know how that data breach happened? Three words: eBay, hard drives. Users are unwittingly selling
sensitive and unencrypted data alongside their devices through the likes of eBay and Craigslist. Secure data erasure
firm Blancco Technology Group (BTG) purchased 200 second-hand hard disk drives and solid state drives before conducting a
forensic analysis to find out what data was recoverable. Two-thirds (67 percent) contained personally identifiable
information and 11 percent contained sensitive company information, it said. The data found includes social security
numbers, CVs, company emails, CRM records, spreadsheets containing sales projections and product inventories. Blancco
experts found company emails on nine per cent of the drives, followed by spreadsheets containing sales projections and
product inventories (five percent) and CRM records (one percent). Two in five of the drives (36 percent) showed evidence
of an attempt to delete data (either by dragging files to the Recycle Bin or using the delete button). Such data is
easily recovered as is, with a little more difficulty, data from drives that have been reformatted.
Campaign Made Payments to Hard Drive and Document Destruction Company. The Hillary Clinton campaign made
multiple payments to a company that specializes in hard drive and document destruction, campaign finance records show.
The payments, which were recorded in February and March of 2016, went to the Nevada-based American Document Destruction,
Inc., which claims expertise in destroying hard drives or "anything else that a hard drive can come from." "Our hard
drive destruction procedures take place either at your site or at our secure facility in Sparks, NV," the company's website
states. "This decision is yours to decide based on cost and convenience to you. In either situation, the hard
drive will be destroyed by a shredding."
How to Hack an Election.
When [Enrique] Peña Nieto won, [Andrés] Sepúlveda began destroying evidence. He drilled holes in flash
drives, hard drives, and cell phones, fried their circuits in a microwave, then broke them to shards with a hammer. He
shredded documents and flushed them down the toilet and erased servers in Russia and Ukraine rented anonymously with
Bitcoins. He was dismantling what he says was a secret history of one of the dirtiest Latin American campaigns in
recent memory. For eight years, Sepúlveda, now 31, says he traveled the continent rigging major political
campaigns. With a budget of $600,000, the Peña Nieto job was by far his most complex. He led a team of
hackers that stole campaign strategies, manipulated social media to create false waves of enthusiasm and derision, and
installed spyware in opposition offices, all to help Peña Nieto, a right-of-center candidate, eke out a victory.
Clinton Email — Deleted or Not? First, and this is important, emails (by definition) cannot be
deleted. Either you receive an email or you send one. Which means complete copies are sitting in the sender's sent folder and
in your inbox, or complete copies are sitting in your sent folder and in the recipient's inbox. In other words, there is a
copy of every email you've ever sent or received somewhere that is not in your control, so deleting your copies will (again
by definition) only solve half of your problem. No matter which type of email system you use (POP3 or IMAP), there is also
a copy sitting on the server. So, in practice, emails don't really come in pairs; they always live in at least three places.
to Securely Remove All Data From Your Mobile Phone. Are you thinking about recycling or selling your old mobile
phone? It's a good idea; but there are some serious security concerns you need to be aware of first. Whether you are
recycling, selling, or giving your phone away, you need to make sure that all personal data is securely removed first. Simply
deleting the information on the phone will not remove the data securely enough. Even factory resetting the phone may not do
the job. Time after time, security experts have shown that the data removed by deleting and factory resetting is still easily
recoverable using simple software that anyone can get and use. Easy-to-use tools such as PhotoRec can recover deleted personal
information in just a few steps. This writer personally used PhotoRec to recover all the files and folders on a 1TB hard drive
after mistakenly deleting all partitions and formatting the wrong drive. It took awhile because of the size of the drive, but
eventually everything was recovered.
Hillary's Wiping Her E-mail Server Clean Matters More than It Might Seem. Casual users of modern computers do
not realize that, until a hard disk is deliberately and comprehensively wiped clean — "overwritten" in the correct
parlance — it will retain a good amount of useful, accessible, intact information. On almost every system
available, what appears to the user's eye to have been "trashed" is in fact kept around unblemished until such time as the
space it's taking up is needed for something else. From the point of view of the person controlling the operating system,
files that have been "erased" may indeed be inaccessible. For a person who knows what he is doing, however, those files can
often be easily retrieved.
Seven Misconceptions about
E-mail. [Misconception:] Emails can be deleted. Reality: By using utilities or by
checking recipients' workstations, they can almost always be recovered.
Drives Are a Game Changer for Deleted Files. For years, people have been trying to
cover their tracks by deleting incriminating files from their computers. The recovery of this kind
of evidence from magnetic drives has been the bread and butter of digital forensics for years, but
those days may very well be coming to an end. The traditional magnetic drives that we are
accustomed to using are being replaced more and more by solid-state drives (SSDs). Traditionally,
magnetic drives afford examiners the ability to recover significant amounts of user-deleted data. As
we'll see, SSDs store data in a completely different way than their magnetic cousins, and, as a result,
these drives don't afford forensic examiners the same opportunities when it comes to deleted file
recovery and acquisition verification.
Serial Killers: The 6 Worst
Hard Drive Destroyers. There are four basic types of hard drive failures. Software or
firmware damage may cause the disk to become unreadable, resulting in the inability to interact
properly with the computer. Problems with the controller board on the hard disk may result in
electronic failure. Mechanical failure can occur when components on the disk become faulty. And
logical corruption may occur when there is a problem with the information on the disk. Hard
drive serial killers are the destructive forces that threaten to destroy your hard drive. The six
worst hard drive destroyers are simpler than you might think.
Data Was Deleted From Flight Simulator
of Malaysia Airlines Flight 370 Pilot. Malaysian investigators have found that some data from a flight simulator taken
from the home of the missing Malaysia Airlines Flight 370's pilot was deleted. "Some data has been deleted from the simulator.
Forensic efforts are on to retrieve the data," Hishammuddin Hussein, Malaysia's acting transport minister told reporters on Wednesday
Hard Drives Exposed.
We bought or salvaged ten used drives and found sensitive business and personal data on all but one.
Sensitive Data Left on Old Hard Drives.
Reports of sensitive data being left on old PCs are set to persist as companies continue to expose themselves to the potential
risks of data getting into the wrong hands. Many companies erroneously think that formatting a hard disk removes and destroys
its data. In fact this data, which can be highly confidential, can still be retrieved from these drives.
Computer's worth of data left on hard
drives. 100 second-hand hard drives were bought. 24 of these still contained private information, 13 of them just
plug it in and turn it on and it's there. Four of the 24 were from high schools.
[Synopsis provided by
the RISKS forum.]
Laptop could contain important bombing
clues. "Let's face it, there is everything in the universe potentially on that drive," [Jared] Stern told WTOP on Thursday
[5/2/2013]. "For over 99 percent of the population, it is nearly impossible to cloak your historic activities on your computer
completely. You can do things and probably make a dent in it. But the forensic tools available to investigators these days
are so powerful, you would have to engage in full-volume encryption all day every day — you almost couldn't have a job."
Iranian computers targeted by new malicious
data wiper program. Iranian computers are being targeted by malware that wipes entire disk partitions clean, according to an advisory issued by that
country's Computer Emergency Response Team Coordination Center. Dubbed Batchwiper, the malware systematically wipes any drive partitions starting with the
letters D through I, along with any files stored on the Windows desktop of the user who is logged in when it's executed, according to security researchers
who independently confirmed the findings.
Can I recover pictures I accidentally deleted on my camera? Most likely you can recover
pictures you deleted on your camera or USB thumb drive. First thing is do not do anything else to the camera or USB drive. Do not
take any pictures or save any files. There are a number of programs available that will let you recover files from the memory card or
USB drive. Most cost, but at least one is free.
Be careful about those computer 'deals'. A series of "consent
agreements" has been proposed for companies that rented computers to consumers — and delivered the units with installed software to capture
private email messages, passwords for social media websites, details about financial transactions, Social Security numbers, medical records and "webcam
pictures of children, partially undressed individuals and intimate activities at home."
Demand for photo-erasing
iPhone app heats up sexting debate. A free and increasingly popular iPhone app called Snapchat allows users to take a picture, send it and control how the
message is visible — between 1 and 10 seconds. After that, the picture disappears and if the recipient tries to use an iPhone feature that
captures an image of whatever is on the screen, the sender is notified, The New York Times reports.
How small does the disk chunk have to be?
Quoting an article about drive destruction, Fred Cohen disagreed with the adequacy of Canada's tax agency cutting disk
drives into pieces "no bigger than the width of a pencil", saying the pieces "will have to be small enough to make the
content on one chunk of no utility. At the density of a HDD, a pencil width holds quite a bit of data."
The Editor says...
This item refers to an earlier article, here.
Data Recoverability. In a data loss
scenario the most important question is: Are the files still recoverable? This answer depends on
what action needs to be taken, whether to pursue the data recovery or to develop strategies of coping with the
data loss. The situation is often very difficult to judge. Sometimes it is not fully clear what
caused the data loss in the first place. Some technician might have already tried to solve the problem.
Also, the effect of common remedies, such as Microsoft's "Checkdisk", on the recoverability is quite unknown.
How To Recover deleted files: If you
have deleted files from your hard drive, don't panic! As long as you use the right unerase software, your deleted
files can be recovered very easily. Success is more or less guaranteed if you act as soon as you realize that the
files are missing. Even if your files have been overwritten or corrupted, if the disk they were stored on has been
formatted or repartitioned, or if you don't know how they were lost, it's still likely that you can recover them.
Deleted File recovery software:
Most of the time we come across a situation of data loss where data may be inaccessible, missing or deleted. Data
might be lost due to a system crash or accidental deletion. It may be a relief knowing there is a good possibility
of getting your deleted files back if you act quickly and logically.
Undelete Your Files: Here's How To Do It. The
undelete process is something that happens to most people that work on a computer regularly...and who doesn't these
days? Get distracted for even a few seconds, and you can accidentally delete a file. The key thing to remember
is: In most cases, you can undelete files, but the determining factor is whether other data has overwritten the
deleted file you are trying to recover. Using a utility or hiring an expert is the only way to find out.
File deletion and file undelete strategies for FAT based
file systems: If a file is deleted on the FAT file system the first character of a file name in the directory
entry is replaced by a special character (E5h) causing the operating system (e.g.. Windows, DOS) to ignore the file.
Also, all clusters allocated to the file are marked 'available' in the File Allocation Table (FAT for short).
Deleted Files Software.
Reviews of several file recovery programs.
How to Recover Deleted
Files — A Few Useful Tips. Everyone has accidentally deleted an important document or file and
needed to know how to recover deleted files. It is important not to panic as most deleted files can be recovered.
If you act immediately after the deletion occurs you have a very high probability of retrieving your files. Files can
even be recovered from corrupted files or sections of the hard drive that has been overwritten.
File Deletion: Fact or Fiction? When Microsoft Windows-based operating systems need
additional random access memory, they utilize "virtual memory" by using the hard drive as a memory area.
In Windows, Windows 95 and Windows 98, this storage area is called the Swap File. ... What makes the
Swap File such a dangerous source for losing proprietary information is that it is dynamic, and every time
Windows is started, a new swap file is created. Because of this, multiple swap files could still exist
on a hard drive.
Secure Deletion of Data from Magnetic
and Solid-State Memory. With the use of increasingly sophisticated encryption systems, an attacker
wishing to gain access to sensitive data is forced to look elsewhere for information. One avenue of attack
is the recovery of supposedly erased data from magnetic media or random-access memory. This paper covers
some of the methods available to recover erased data and presents schemes to make this recovery significantly
Evaluating Commercial Counter-Forensic
Tools. Digital forensic analysts may find their task complicated by any of more than a dozen commercial
software packages designed to irretrievably erase files and records of computer activity. These
counter-forensic tools have been used to eliminate evidence in criminal and civil legal proceedings and
represent an area of continuing concern for forensic investigators. In this paper, we review the
performance of six counter-forensic tools and highlight operational shortfalls that could permit the
recovery of significant evidentiary data.
Sensitive Information: Why Hitting Delete Isn't Enough. From failed .com pc liquidations to
home users selling or giving away their machines most know that it isn't smart to leave personal information on
the hard drive for the next owner to find and use as they see fit. Client lists, payroll information and
company secrets all constitute things that even a failed company owes its former employees and clients to keep
confidential. From the home side it can range from address books, to financial information.
Why Undelete Utilities
Fail: The more work you do on your computer after you accidentally delete a file,
the lower the odds that the undelete utility can get your data back safely. But how exactly
are you going to purchase and download that undelete file utility? Downloading a file
obviously creates new data on your disk, and could overwrite your undeleted data. But
just browsing the web to locate a utility causes new temporary files to be created —
another threat to your data.
Tools: It's important to protect your company's data. But how do you know whether what you think
you've erased is actually unrecoverable?
Forensic tools are fast becoming a staple of civil lawsuits between
corporations and in disciplinary proceedings against employees. These days, it seems, whenever there's a
chance that somebody has deleted a file to hide evidence of wrongdoing, some forensics expert is standing by to
recover that file for a fee.
A Critical Evaluation
of the Treatment of Deleted Files in Microsoft Windows Operation Systems: A perceived security
risk is associated with the file management system's policy of allowing deleted data to remain intact.
Some argue that lingering traces associated with deleted files should not exist. An alternative view
perceives usefulness from the ability to retrieve accidentally deleted data. This view is also held
from within the forensic computer science field. This presents a dilemma for software designers
seeking to provide operating systems that meet the security desires of society.
Persistence of Deleted File Information: Computers delete files frequently. Sometimes
this happens on explicit request by a user. Often, information is deleted implicitly when an application
discards some temporary file for its own internal use. Examples of such implicit file-deletion activity
are text editor temporary files, files with intermediate results from program compilers, and files in Web
browser caches. As you use a computer system, you unwittingly leave behind a trail of deleted
information. Computer systems have minds of their own, too, leaving their own trails of deletion as
a side effect of activity that happens in the background.
Secure File Deletion, Fact or
Fiction? From a user's standpoint, applications create files that are stored on the
hard drive or removable media. When the user no longer needs a particular file, the user deletes
it and moves on. As far as the user is concerned, any information contained in that file is gone
forever, unable to be recovered by the user. However, because of the way operating systems and
applications work, that file may be recoverable and if that file is not recoverable, the data it
contained may be found in other files.
Deleting Sensitive Information: Why
Hitting Delete Isn't Enough. A quick look through some of the Windows folders will show a
myriad of temporary files, each file storing session information, a snapshot of what is happening on the
PC at a particular moment in time. Applications such as Word will auto save temporary versions of
a document at regular intervals to save users the heartache of losing that important paper due to a sudden
loss of power to the PC. ... Unfortunately just tracking down all the necessary files and assigning them to
the trashcan is only akin to placing a veil over the data, it still very much exists.
How To: Recover deleted files.
When a file is deleted from your computer, it is not really deleted. It is simply removed from the list
of files in the folder. If you're using Windows, and deleted the file using Windows Explorer, the file
will normally have been moved to the Recycle Bin. While it is in the Recycle Bin, the file can easily be
restored in its entirety, with no problem at all.
Recovering Deleted Files After You Have Emptied the Recycle
Bin: When first learning Windows 95, I relied very heavily on the extra layer of Recycle Bin
recovery built into Norton Utilities.
So I understand how data loss can occur, and the unhappy place
it can leave you. Pre-FAT32, the old UNDELETE utility in DOS also was a life-saver a time or two but,
once Win95B and FAT32 came into play, that one was history.
Recovering deleted files: The
Recycle Bin may be a marvel — one which most of us take for granted — but it does have its limits.
For starters, the Recycle Bin does not catch every file you delete. All files deleted from the desktop
or Windows Explorer end up there, as do files deleted from within compliant programs. Files deleted
at the DOS prompt, though, bypass the Recycle Bin
Secure Deletion of Data from Magnetic
and Solid-State Memory. With the use of increasingly sophisticated encryption systems, an attacker
wishing to gain access to sensitive data is forced to look elsewhere for information. One avenue of attack
is the recovery of supposedly erased data from magnetic media or random-access memory. This paper covers
some of the methods available to recover erased data and presents schemes to make this recovery significantly
more difficult. [Includes a long list of interesting references.]
Data Back From the Dead: Sometimes, a failing hard drive will screech like nails on a
chalkboard. Other times, its death will be eerily quiet. Either way, years of
work — documents, digital photos and music, save games, e-mail archives and your
address book — can be gone in an instant.
Columbia disk drives survived the shuttle accident. "When we got it, it was two hunks of metal stuck together.
We couldn't even tell it was a hard drive. It was burned and the edges were melted," said Edwards, an engineer at
Kroll Ontrack Inc., outside Minneapolis. "It looked pretty bad at first glance, but we always give it a shot."
The confirmation by an international forensics team that laptops and hard drives captured by Colombia originated in a camp of FARC
terrorists ought to open a new era in relations between the democratic world and Hugo Chávez's Venezuelan government.
computers and drives contain a staggering 610 gigabytes of data, according to Interpol, including 983 encrypted files opened by
File wiping on
journaling file systems. Many modern operating systems ... have the ability to use a journaling
file system that makes complete erasure of data unlikely. Journaling file systems are used to increase
the integrity of data in case of failures. To accomplish this, the file systems keep metadata and logs
in various places known to the file system; most file systems can also journal all data, but turn this
functionality off by default. The metadata and logs will not be securely wiped with a file
Why a normal delete is not sufficient:
A normal "delete" command does not actually delete files at all. But even with more advanced "file wiping"
utilities, some data may remain that is very useful for a forensic investigator. In particular, the magnetic
properties of a hard disk can be exploited to recover data.
Deleting and wiping files: Another
difficulty occurs with so-called journaling filesystems (JFS) or log-structured file-system (LFS). Such
filesystems store the data in a different way so that the data can always be recovered after a crash.
Attempting to wipe a file using traditional means will not be successful with such filesystems.
Wiping swap files: On many
multi-tasking systems, a swap file is used to emulate RAM. The swapfile contains data from programs that
are currently running. This data may include personal files as well as passwords. To avoid leaking
this data, wiping the swapfile is a good idea. However, this is difficult because the swapfile is
constantly being used. Special programs are available for this purpose.
It's now a crime to delete files:
International Airport Centers sues former employee, claiming use of a secure file deletion utility violated
federal hacking laws.
The spies among
us. American high-tech industries are a key target. Every year, economic espionage costs
American businesses billions of dollars. Spies recruit company insiders, form joint ventures, and even
engage in "dumpster diving" for discarded proprietary data.
Securing Your Deleted Files. I
know more than one person who rarely, if ever, empties their Recycle Bin. … If you don't feel that
security is an issue because you don't have any personal or sensitive information on your machine to
delete, there is another reason for keeping your Recycle Bin emptied. Space. Those files you hold
in your Recycle Bin needlessly take up space on your hard drive. … Our second security issue comes
to light the moment you click the command to "Empty Recycle Bin." You may be under the impression
that those files are now gone for good and cannot be recovered by anyone. This is not true.
Can your PC be subpoenaed?. As
people commit an ever-growing pile of information to computers, their hard drives are becoming a digital mother
lode for lawyers. The issue moved into the spotlight when Kenneth Starr's prosecutors scavenged Monica
Lewinsky's computers and published what they found, including e-mail messages to friends and unsent drafts
Junta hunts dissidents on UN
computers. Burma's ruling junta is attempting to seize United Nations computers containing information on
opposition activists in the latest stage of its brutal crackdown on pro-democracy demonstrations, The Times has learnt.
UN staff were thrown into panic over the weekend after Burmese police and diplomats entered its offices in Rangoon and
demanded hard drives from its computers.
Angry Employee Deletes All of Company's
Data. When Marie Lupe Cooley, 41, of Jacksonville, Fla., saw a help-wanted ad in the
newspaper for a position that looked suspiciously like her current job -- and with her boss's
phone number listed -- she assumed she was about to be fired. So, police say, she went to
the architectural office where she works late Sunday night and erased 7 years' worth of
drawings and blueprints, estimated to be worth $2.5 million.
New Texas Law Limits Computer Repair To Licensed Private Investigators Under the new law enacted in 2007,
Texas has put computer repair shops on notice that they had better watch their backs any time they work on a
computer. If a computer repair technician without a government-issued private investigator's license
takes any actions that the government deems to be an "investigation," he may be subject to criminal penalties
of up to one year in jail and a $4,000 fine, as well as civil penalties of up to $10,000. The definition
of "investigation" is very broad and encompasses many common computer repair tasks.
Gear: Deleted files can be recovered with software tools such as Norton Utilities,
DIBS, or PowerQuest Corp.'s Lost & Found. After the files are located, they should be listed and
reviewed for relevance to the investigation. EnCase, DIBS, and NTI's FileList are well-suited
for this purpose. … Evidence in all of the slack space on the entire hard drive or other
storage media can be retrieved quickly with tools such as NTI's GetSlack and Filter_I software
utilities. GetSlack grabs all slack space and places it into a single file.
File Scavenger goes well beyond simple undelete
action. It has successfully restored items even after the drive was formatted and in another case,
where the operating system was overwritten from a recovery disk
v2.5.14. Restoration can rescue your accidentally deleted files and permanently
delete the files you want good-and-gone. It can live on a floppy, so it leaves no trace
of its activities.
Delete, Baby, Delete. During
the controversy over the Iran-contra affair, in 1986, Lieutenant Colonel Oliver North attempted to erase all
the relevant e-mail messages on his computer; he repeatedly pressed the DELETE button, thinking that he was
thereby expunging the messages. "Wow, were we wrong!" he later observed. North didn't know that
pressing DELETE doesn't result in complete deletion. He also didn't know about the existence of a
backup data-storage system.
your disk. A list of freeware programs to wipe files.
Personal Info Fills Junked Hard
Drives: Over two years, Simson Garfinkel and Abhi Shelat bought 158 used hard drives at
secondhand computer stores and on eBay. Of the 129 drives that functioned, 69 still had recoverable
files on them and 49 contained "significant personal information" — medical correspondence, love
letters, pornography and 5,000 credit card numbers.
Don't be Smug in Thinking Personal Data has
been Erased. Whether you recycle your old computer, sell it, give it away or take it to the
dump, you may also be giving away personal information, even if you think you erased everything on your hard
drive. Two MIT graduate students bought 158 used disk drives on the secondary market and found many
"had not been properly sanitized."
Gathering the E-Evidence:
"The best way to get rid of computer data is to take the hard drive and pound it with a hammer and throw it in a
furnace," said John Patzakis, president of Guidance Software, which makes forensic software that helps police find
No Thanks for the
Memories: Personal computers have a way of hanging on to "deleted" data that may surprise
you — and could get you into a heap of trouble if you're not careful.
of Things Past: Data is not physical, not something that you can lock away
today and hope you'll be able to access in 10 or 20 years. Large collections of data are
almost impossible to safely maintain—especially over long periods. At the same time,
data is just as difficult to dispose of properly. [PDF format]
Find a Way to Steal Encrypted Data. A group led by a Princeton University computer
security researcher has developed a simple method to steal encrypted information stored on computer
hard disks. The technique, which could undermine security software protecting critical data on
computers, is as easy as chilling a computer memory chip with a blast of frigid air from a can of dust
Detectives: Specialists in uncovering lost or hidden data are fast becoming
strategic legal weapons.
Enron can't shred electrons. Even
the act of deleting documents can in itself be revealing. Not only can computer forensic investigators
recover documents, they can tell when and how they were deleted. In some cases, they can even determine
whether a deletion was an innocent act -- part of company policy -- or if there was a more devious motive.
Still more remarkable, using an electron microscope, computer forensic teams can read information from the individual
magnetic spots on the surface of a hard disk that has been intentionally erased. This costly technique,
originally a tool of the intelligence world, has been used successfully in big legal cases.
Securely Deleting Files: If
and when you ever dispose computer equipment or disks that have contained sensitive information, be sure to
take precautions to ensure that all information is not only deleted, but it is completely destroyed.
Simply deleting a file is not sufficient to prevent a clever user from undeleting the file and recovering
sensitive information. Some highly sophisticated techniques are available that may be able to recover
information from a disk even after it has been overwritten. If your information is highly sensitive you
may need to take additional steps such as physically destroying the disk or degaussing the drives.
Deleting Temporary Internet Files:
Ever looked at your Temporary Internet files and wondered what they are? Ever wonder
what these cookies that you keep hearing about are good for? Maybe you should Explore the possibilities
that you are wasting a lot of hard disk space with unnecessary file storage.
Cookies — Exploitations
and Invasion of Privacy. Over the years, cookies have garnered a bad
reputation as being able to scan PC hard drives, take over systems by stealing valuable
information such as passwords, and passing viruses. These myths are untrue, but
cookies have been used to collect information on browsing habits, browser specifications,
system information, and web-based spending and viewing habits.
Cookies to Crumbs.
To put it simply, a cookie is a small text file that is saved on your hard drive by a Web server. It
cannot be executed as code or deliver viruses. It can only be read by the server that gave it to you.
A cookie can save you time by personalizing pages, or remembering information that you enter when you register
for products or services.
Why a normal delete is not
sufficient: It is in the nature of a computer, to always be updating one file or another.
Every time a file is updated or "saved", new copies are created and written wherever there is sufficient
space. Applications can create huge numbers of such files. When a file is eventually deleted, only
the last image is accounted for. All other images appearing as free disk space, unseen, unsuspected.
That is until a disk is viewed with the appropriate software; then is all is revealed. Even when
partially overwritten, these files can make interesting reading!
The Unintentional Disclosure of Digital
Data: A perspective of how much data is worth, an overview of how data is written to magnetic media,
why data erasure (deletion) is insufficient to avoid data recovery, how the data may be resurrected, and
identification of known and unknown perpetrators.
Annual list of top 10 data
disasters. The list was compiled by data recovery firm OnTrack which handles
more than 100,000 requests a year for help to piece together information from damaged
Firms become digital
detectives. Digital data can be fragile and businesses must exercise
care if they are to avoid damaging or even deleting potentially useful information.
Gone for good? "In
some aspect an e-mail can exist indefinitely," says Mr Dearsley. "Subject lines, times and dates
can all be pieced together. I have retrieved some that have been years old."
Odd mishaps cause computer
grief. Data recovery experts are the technological doctors and nurses of desktop
or laptop hard drives. Using increasingly sophisticated techniques, "lost" files or
information can be rescued and rebuilt into a usable format. This can happen in a matters
of hours through remote access, but in more serious cases computer patients may have to be
admitted to the lab.
Is It Really Gone? (A Look at Data
Deletion). When the delete command is used it doesn't actually touch the data recorded on the
media. It only removes the index entry and pointers to the actual data so that it appears as if the
file has been removed.
Recovering Deleted Files After You Have Emptied the Recycle
Bin. The first rule is: Stop using that computer immediately! … Use another computer
to get the recovery tool you will need. This is also one of the places where well-planned partitioning of
your hard drive has a huge advantage.
You Really Erase Those Files? Make sure your trash disappears permanently.
Deleted Files - Still There: With
the right software, it is relatively easy to recover deleted files from your hard drive. Some file recovery
software can even work over a network connection.
Thought DELETE Meant DELETE! A High Level Overview of File Deletion.
your sources: The provisions of the new Terrorism Act and of the Regulation
of Investigatory Powers (RIP) Act 2000 give the authorities wide-ranging powers to seize
computer files and to imprison you if you fail to produce "plain text" for any that are
protected by "encryption".
There is also some discussion of this in "Erased
Disk used against Brazilian President", part
of Risks, Volume 13, Issue 87.
The Use And Retention
Of Emails: Some Legal Lessons From The Field. Corporate counsel often instruct corporate
employees about the dangers of writing down every errant thought about the company's products and conduct.
But that instruction may have particular urgency for electronic communication. Because of the spontaneous
and reflexive nature of electronic communication – the words do not remain on a printed page to be
contemplated, and perhaps revised – many users often treat e-mail, and similar transmissions,
casually, not carefully.
The "E" in E-mail Often Stands for
Evidence: "It's like the gift that keeps on giving," said Tom Greene, a deputy attorney general
in California, one of the states suing Microsoft Corp. in an antitrust case built largely on computer
messages. "People are so chatty in e-mail."
Sues Microsoft After FBI Finds Sex Videos On His PC. A man awaiting trial for alleged gun crimes
is suing Microsoft for privacy violations after FBI agents seized his home computer during a raid and found
files containing sexually explicit videos of him and his girlfriend and evidence that he frequented
pornographic Web sites. Michael Alan Crooker, currently in jail in Connecticut, says security features
advertised by Microsoft and its business partners should have kept federal agents from accessing the files on
Houston shipping company. FBI agents searched two buildings and loaded dozens of boxes into a
truck Wednesday [10/10/2007] as part of what has been called "international" antitrust investigation involving
several companies. One is Eagle Global Logistics, based in Houston. Some of the agents were from
the Greater Houston Computer Forensics Laboratory. They've been looking at computer hard drives.
The FBI isn't talking on the record about what it's looking for and neither is the Justice Department.
Privacy and Your E-mail Box: Realize
that e-mail is forever. Witness the pain suffered by Microsoft recently when internal e-mail hit the
courts. Remember Oliver North? [He's the] Poster-boy for e-mail messages surviving the delete key
and rising up to slap you with court subpoenas.
E-mail and the courts: This appears to be a
compendium of legal cases in which e-mails play a significant role. It includes several cases where
deleting e-mail has cost companies large amounts of money, even when the e-mails were not recovered.
Smoking E-Mails: KPMG's
tax shelters weren't too bright. Its internal memos on the shelters were really dim-witted.
Federal Court Turns When E-mails
Contradict Deposition Testimony. As electronic discovery becomes more commonly used,
e-mails are proving to be a gold mine of information in corporate legal disputes.
implications of self-destructing e-mail. According to an article by Laurie Varendorff,
an Australian records management expert, Microsoft and IBM have developed software that enables creators
of e-mail messages to have tremendous control over their messages, even after they have been sent.
Experts try to resurrect SAIF
files. Experts in computer forensics often can resurrect computer files that seemed to disappear,
but the deleted e-mail of former SAIF Corp. President Katherine Keene might remain a mystery.
triggers e-mail hunt. King County [Washington] officials, responding to a lawsuit from the
owner of a Maury Island gravel pit, hired a consulting firm to help search for deleted e-mails on the
computers of County Executive Ron Sims and other officials.
Somewhat related: Hidden Text in Computer
Documents. During the manhunt for the DC sniper, a letter was left for
the police by the sniper that included specific names and telephone numbers. Perhaps
in order to persuade the panicking public that the police were in fact doing something, they
allowed the letter to be published — in redacted form — on the Washington Post's
Web site. Unfortunately, they implemented the redactions by the completely pointless
method of placing black rectangles over the sensitive text in the PDF. A simple script
was able to remove these boxes and recover the full PDF.
Data files erased at Aznar Government
systems. Aznar Government deleted all the Spanish Government Presidency computer systems
in "La Moncloa" Official Palace after the elections (three days after the terrorism attacks in
Madrid-Atocha train station). There is a 12 thousand Euros bill just for deleting everything,
even data back-ups. … As far as we know, in USA is not possible to do anything like that, and even Henry
Kissinger files will be known in the years to come. I mean that USA presidents can encrypt and legally
protect that information, but they can not erase as Aznar did.
Second hand camera contains
top secret MI6 terrorist records and pics. A second-hand camera sold on eBay by a top
MI6 agent held secret records used in the fight against al-Qaeda terrorists. Names, snaps,
fingerprints and suspects' academic records were found in the memory of the digital device. Alongside
them were photos of rocket launchers and missiles which spooks believe Iran is supplying to Osama Bin Laden's
henchmen in Iraq.
More about Recovering
lost camera images.
iPhone 2.0 adds secure wipe.
AppleInsider is reporting that iphone software v2.0 will add a secure wipe feature. The screenshot ... shows
the text "this will take about an hour" added to the normal erase feature. This time is used to overwrite
data to the disk multiple times. The need for secure phone erasure came to light after a researcher was
able to recover personal information from a refurbished iphone using forensic tools. Since then, a few
people have published techniques for obliterating personal data using either the gui or the more thorough
command line method.
Top 10 Ways to Lock Down Your
Data. With the right software tools and a little Advanced Common Sense, you can secure your
data so that even if someone did get onto your computer or into your email, they'd find nothing but headaches
England's NHS loses patient data.
Bad news: A National Health Service employee lost a flash drive containing personal information of up
to 6,360 patients. Good news: The data on the flash drive was encrypted. Bad news: The
password was written on a sticky-note attached to the drive.
Security and SOX.
Nearly everyone who works with a computer has gotten some version of the 'Password Memo'. The Password
Memo lays out lots of rules for passwords — i.e., they must be at least eight characters long; they
must include numbers, upper and lower case, and punctuation; they shouldn't be your user name, names of family
members or pets; they shouldn't be (or even include) dictionary words; and they should never be reused.
Oh, and you should never ever write them down and you should plan on coming up with a new one every thirty
hard drive missing from archives. A massive amount of sensitive, national security-related
information from the Clinton administration has gone missing from the national archives. The Inspector
General of the National Archives and Records Administration (NARA) told congressional committee staffers
Tuesday [5/19/2009] that a hard drive containing over a terabyte of information — the equivalent of
millions of books — went missing from the NARA facility in College Park, Md., sometime between
October 2008 and March 2009.
U.S. National Archives offers reward
for missing hard drive. The U.S. National Archives on Wednesday [5/20/2009] said it is offering
a $50,000 reward for information leading to the recovery of a missing hard drive that contains personal
information of former Clinton administration staff and visitors. The small portable hard drive was
being kept as a backup, the National Archives explained in a question-and-answer document on its Web site.
It held copies of about 113 four-millimeter tape cartridges of "snapshots" of hard-drive contents of employees
who left the Executive Office of the President.
is no guarantee in online postings. Jeff Camacho uses an online handle when he spouts off about five
times a day on the comment boards of newspaper Web sites. But the computer repairman realizes one of the
often-overlooked truths of posting: His identity is easily uncovered.
Framed for Child Porn — by a
PC Virus. Of all the sinister things that Internet viruses do, this might be the worst:
They can make you an unsuspecting collector of child pornography.
Video: Don't shout at your disk drives.
The vibration causes latency problems.
copy machines a gold mine for data thieves. Victor Beitner, a security expert who reconfigures
photocopy machines destined for resale in Toronto, says businesses are completely unaware of the potential
information security breach when the office photocopier is replaced. They think the copier is just
headed for a junkyard but, in most cases, when the machine goes, so does sensitive data that have been stored
on the copier's hard drive for years.
Leakers' Hard Drives Sent for Analysis. The computer hard drives of a US soldier accused of
leaking up to 260,000 classified State Department documents have been sent to Washington for forensic analysis
to determine how much sensitive information may have been breached, a spokesman for the department said today
Yet another twist:
Ad Firm Sued for Allegedly
Re-Creating Deleted Cookies. Specificmedia, one of the net's largest ad-serving and tracking
companies, has been hit with a federal lawsuit accusing the company of violating computer intrusion laws by
secretly re-creating cookies deleted by users.
Valuable Computer Files Found
after Mono Jojoy's Death. Colombian authorities say the data found on 15 computers, 94 USB
devices and 14 hard disks at the camp of slain FARC military chief "Mono Jojoy" is many times more valuable
and revelatory than that discovered after a 2008 cross-border airstrike into Ecuador that killed another top
NASA sold computers with sensitive data,
report says. NASA failed to delete sensitive data on computers and hard drives before selling
the equipment as part of its plan to end the Space Shuttle program, an audit released on Tuesday [12/7/2010]
The Death of the
Hard Drive. Stop worrying about when the hard drive in your computer will die. Google wants
to kill it permanently anyway. The new Google Chrome operating system, which was unveiled Tuesday, as well
as hints and suggestions from Apple and Microsoft, offers us a preview of the PC of the future. And it
will come without that familiar whirring disk that has been the data heart of the PC for the past 25 years.
Audit: Social Security Numbers On Computers Out For Auction. Taxpayers' Social Security
numbers, confidential child abuse reports and personnel reviews of New Jersey workers nearly went to the
highest bidder after the state sent surplus computers out for auction.
and the crushed hard drives. Send a public records request seeking documents from his 12-year stint
as Arkansas governor, as Mother Jones did recently, and an eyebrow-raising reply will come back: The records
are unavailable, and the computer hard drives that once contained them were erased and physically destroyed by
the Huckabee administration as the governor prepared to leave office and launch a presidential bid. In
2007, during Huckabee's campaign for the GOP presidential nomination, the issue of the eradicated hard drives
surfaced briefly, but it was never fully examined, and key questions remain. Why had Huckabee gone to
such great lengths to wipe out his own records?
The Editor says...
I can answer that question. Because it's Arkansas!
Cell Phone Spy™ Reads
Deleted Texts. The Cell Phone Spy™ USB SIM Card Reader you can view deleted text messages
from a cell phone. The Cell Phone Spy™ allows you, a concerned parent, or loving spouse, to
monitor your child or spouse's mobile interactions with others; because these days, it's not always obvious
who they are talking to.
What treasures will the US
really find on bin Laden's hard disk? Hopes may be high that the fruits of last weekend's assault
on bin Laden's HQ's will yield an intelligence bonanza. But to date, most of the disks seized from al
Qaeda supporters are filled with near-identical, multiple bulletin board downloads of interminable ideological
debates, tracts and sermons (fatwas) on subjects such as the Islamic "permissibility of self-sacrificial
operations" (suicide bombing) and exhortatory tracts to "join the caravan" (of Jihad).
on bin Laden computer files. With Osama bin Laden dead and buried, U.S. officials are starting
to explore the computer files, flash drives, DVDs and documents that U.S. commandos hauled out of his
Pakistani compound hideaway, hopeful that the intelligence trove will yield insights that point the
way to other al-Qaida leaders.
begins mining bin Laden's computer files, phone list. Now, the agency's attention turns to
finding the intelligence in the computer files, flash drives, DVDs and documents hauled out of the compound.
All of that is in Washington and the analysis has begun. ... Now, the agency's attention turns to finding the
intelligence in the computer files, flash drives, DVDs and documents hauled out of the compound. All of
that is in Washington and the analysis has begun.
gadget that recovers deleted text messages could confirm your worst fears. Perfect for those
in a less-than-trusting relationship, this gadget can retrieve deleted text messages. The USB
stick — called the iRecovery Stick — is designed to recover information that has been
wiped from an Apple iPhone. It can also retrieve deleted contact details and even mapping solutions,
which show the destinations that the phone user has visited.
Vast F.D.A. Effort Tracked E-Mails
of Its Scientists. [Scroll down] The software used to track the F.D.A. scientists, sold by SpectorSoft of Vero Beach, Fla.,
costs as little as $99.95 for individual use, or $2,875 to place the program on 25 computers. It is marketed mainly to employers to
monitor their workers and to parents to keep tabs on their children's computer activities. "Monitor everything they do," says SpectorSoft's
Web site. "Catch them red-handed by receiving instant alerts when keywords or phrases are typed or are contained in an e-mail, chat, instant
message or Web site."
Do Not Track Plus: [An anonymous reviewer says,] "I came across DoNotTrackPlus as a
Firefox extension several weeks ago. Since then, the program has blocked about 1500 places and sites from tracking my internet use
without my knowledge. Nobody should be without this free program!" (Also mentioned here.)
Killer's data destruction: Adam Lanza smashed hard drive before
massacre. Before he set off on his heinous rampage, Connecticut school shooter Adam Lanza tried to cover his deadly tracks by smashing the hard drive of
at least one of his cherished computers, according to investigators. The shattered drive was recovered during a search of the home of Nancy Lanza, the killer's
doting mom — and his first victim.
Jump to Privacy Compromised by Big Government.
Jump to The USA Patriot Act
Jump to Carnivore and Echelon
Back to The Home Page.