Path: news.nzbot.com!spool1.sonic-news.com!news-out.sonic-news.com!not.news-service.com!not.alt.net!not.highwinds-media.com!s02-b61!textbe01-phx!hwmnpeer02.phx!hw-filter.phx!hwmnpeer01.phx!hwmnpeer01.lga!news.highwinds-media.com!news.glorb.com!news-in-01.newsfeed.easynews.com!easynews.com!easynews!easynews-local!fe11.news.easynews.com.POSTED!not-for-mail
From: HMS Victor Victorian <VictorVictorianREMOVE@hushmail.com>
Newsgroups: alt.fan.utb.naughty-boy
Subject: Re: meat plow you are such a retard
Organization: Her Majesty's Service
Reply-To: PrinceAlbert@RuleBritannia
Message-ID: <ipfht3h51jc91jtn7vvm13iq8b77md35oq@4ax.com>
References: <4cqbt3dd0ns5tn6hduu4if6dbltt3a5ktm@4ax.com> <47d62592$0$13891$8f2e0ebb@news.shared-secrets.com> <1n33b6.cf7.17.1@news.alt.net> <47d79044$0$13871$8f2e0ebb@news.shared-secrets.com> <1n5pnu.5ra.17.1@news.alt.net> <fr9rdo$ti0$1@aioe.org>
X-Newsreader: Forte Agent 4.2/32.1118
X-No-Archive: yes
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 83
X-Complaints-To: abuse@easynews.com
X-Complaints-Info: Please be sure to forward a copy of ALL headers otherwise we will be unable to process your complaint properly.
Date: Thu, 13 Mar 2008 05:42:13 GMT
Xref: news.nzbot.com alt.fan.utb.naughty-boy:1297
X-Received-Date: Sat, 17 Oct 2009 21:56:03 UTC (s02-b61)
On Thu, 13 Mar 2008 02:09:59 -0500, floppy <floppy@flop.com> wrote:
>On Wed, 12 Mar 2008 13:34:18 -0400, Meat Plow wrote:
>
>>
>> I took a college credit on computer forensics as part of my training.
>> I already knew a lot of it so it was a bit hard at first
>
>My guess is you know dick about shit.
>
>Standard LEA pc forensic tools such as EnCase can be found on p2p
>networks, if people would like to learn to use these to check their hard
>drives for recoverable data they'll find out what can be found via
>prosaic methods. Last time I used it it's not really much different to
>ordinary file recovery tools, so you could use those instead, except it
>offers the ability to freeze and label a snapshot image of a drive and log
>all investigator actions for court evidence purposes. There are training
>materials for EnCase around. A snapshot of ram contents can be taken but
>that's not going to be any good unless the pc was on when seized, or
>very recently shutdown. A recent paper showed recovery from ram was
>possible, but they were only "momentarily" interrupting power. Another
>EnCase feature is there are available hashes of known CP images which
>can be used to search for same. They might have added some other
>capabilties in the last few years.
>
>Data can be recoverable from swap if swap wasn't encrypted.
>
>Sure, there are more sophisticated data recovery tools eg magnetic force
>microscopy (MFM) and magnetic force scanning tunneling microscopy (STM)
>that recover data that has been overwritten several times. This was
>easy to do with very old drives, which were easy to extract overwritten
>data from - some companies claimed to be able to recover data that had
>been overwritten 12 times. For these, a "Guttmann wipe" is the
>recommended security measure, or better, destroy the drive. But for recent
>high density hard drives, a "good random scrubbing" is as good as anything
>else according to Peter Guttmann.
>
>AFAIK if a drive has been heavily scrubbed, it will be expensive to try to
>recover data and there is no guarantee of success. Try getting a quote
>for recovery of data from a trashed drive.
>
>The weakest privacy point is the Windows operating system, which leaks
>information all over the place via temp files and other means. Some say it
>might as well be spyware.
>
>Finally, hard drive data recovery technology means *nothing* if the data
>was never written in plaintext to a drive in the first place, but was
>securely encrypted on the fly.
>
>Solutions: Encrypt the entire drive containing your operating system
>applications, and data, especially if using Windows. Google for more
>information.
>
>
Fantastic, Floppy!
A quick perusal of this wonderful synopsis provided me with more
information than either "whatshisface" or "youknowwho" were able to
digest in an entire semester of "computer forensics" at Nodd Agshully
Community College.
Good show!
Or should I bellow, Tally HO?
All my best,
Victor V.
(lay me down in sheets of Lennon)
>
>
>
>
>
>
>
>
>
>
God Save Her Majesty the Queen.
God Preserve the Prince of Wales.
Rule Britannia!
|
|