There’s No Information Like Mis-Information
I saw a story on the Boston Herald site recently that’s a prime example of some of the things that people believe about how much of what information can be retrieved from a computer.
The article mentioned briefly an investigation involving the 1982 Tylenol killings in which police recently obtained evidence that included an older model Mac.
The part of it that stuck out was a quote from a detective who is a computer forensics expert:
Anything (on a computer) that can contain information can be examined no matter how old it is, including hard drives and disks.
One of the first things I thought about was how much, if any, information anyone expects to recover from the system memory of that old Mac? Answer, since it apparently belonged to somebody who was convicted in that 1982 case which means that the machine’s probably been turned off for quite a while… Nothing.
It’s entirely possible to recover quite a lot from the hard drive and floppies given a machine that can read them in the first place.
The problem with this is that it gives people the wrong impression. Take a modern computer that somebody is using in some illegal venture and it’s entirely probable that they’re aware of what the information on that machine could do to them in court and would therefore take steps to make it very difficult if not actually impossible to recover.
You see, the expert’s statement doesn’t take into account encrypted files, containers or even the entire hard drive being encrypted. Nor does it allow for the use of utilities that can securely delete files by overwriting them many times with patterns of data that make recovering anything impossible.
Then there’s the folks who keep everything on a flash drive that can be destroyed with a hammer, beating it into small enough pieces to make any recovery impossible. For that matter, I understand that five or ten minutes in a microwave oven on high will do a pretty respectable job of rendering the device unreadable by anybody.
I understand that law enforcement feels they have a need for people to believe that they can recover anything but while they can do quite a lot but being able to “typically retrieve any and all information from computers” contains more than a little exaggeration.
Technorati Tags: Computer Forensics Expert, Respectable Job, Hard Drive, Detective, Microwave Oven, Flash Drive, Floppies, Hard Drives, Killings, Prime Example, System Memory, Wrong Impression, Tylenol, Modern Computer, Boston Herald, encrypted Containers
Tagged with: Boston Herald • Computer Forensics Expert • Detective • encrypted Containers • Flash Drive • Floppies • Hard Drive • Hard Drives • Killings • Microwave Oven • Modern Computer • Prime Example • Respectable Job • System Memory • Tylenol • Wrong Impression
Like this post? Subscribe to my RSS feed and get loads more!