Re: Bit Level Forensics Examinations - Fact or Fiction

From: Fred Mobach (fredat_private)
Date: Sun Apr 29 2001 - 08:38:31 PDT

Next message: Mike Smith: "Re: Sample Chain of Custody Document"

Previous message: Andrew Sheldon: "Re: Bit Level Forensics Examinations - Fact or Fiction"
In reply to: Brown, Matthew: "Bit Level Forensics Examinations - Fact or Fiction"
Next in thread: Alan Moe: "Re: Bit Level Forensics Examinations - Fact or Fiction"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Matthew,

Some advertisements in the (German) magazine C'T number 8/2001 :

Datenrettung im Labor by Ontrack Data Recovery GmbH, 24/7 service, see
www.ontrack.de
Professionelle DatenRettung by Ibas Deutschland GmbH, see
www.datenrettung.de

Their services are however not really cheap. BTW if I am not mistaken
C'T has also published an article on this stuff. Yes, a quick search
shows me :

3. Christian Rabanus: (chr)
Die Profis
Datenrettung in Speziallabors
Report, Datenrettung in Speziallabors, Ontrack, Ibas, Convar, Vogon,
Headcrash
c't 6/00, Seite 130 (That is thus number 6 in the year 2000).

Enjoy,

Fred


"Brown, Matthew" wrote:
>
>         It might be possible to examine recently overwritten data at
> the bit level.  This would involve removing the platters from the hard
> drive case in a level-10 clean room and remounting them on a highly
> expensive, highly sensitive electromagnetic field reader.  This reader
> would have to have the ability to pin-point and measure each bit
> recorded on a platter (not a small task) and record it's
> electromagnetic readings for each bit in a separate storage area.  By
> evaluating the readings of the bits you could then determine which
> bits had been recently changed.  The idea would then to determine
> which bits needed to be toggled back to their other state.  In theory,
> or so I've been told, this would render the data as it was before it
> was overwritten.
>
>         Two things:
>
> 1.  I was unable to find any commercial services that advertise or
> perform this procedure.  I did find references to several technologies
> that would lend themselves to being able to read or evaluate the
> values of a bit, but none were specifically designed to perform this
> procedure.  I was in the Air Force in the early 1980s when I first
> heard about this, but was surprised to little information on this
> theory (at least the usenix had some papers on the subject, theory
> that is).
>
>         I hope someone else has heard of this theory/procedure and can
> shed some more light on the matter.  Other feedback is welcome.
>
> Matthew Brown, CISSP
> California

--
Fred Mobach - fredat_private - postmasterat_private
Systemhouse Mobach bv - The Netherlands - since 1976

The Free Transaction Processing Monitor project : http://www.ftpm.org/

Next message: Mike Smith: "Re: Sample Chain of Custody Document"
Previous message: Andrew Sheldon: "Re: Bit Level Forensics Examinations - Fact or Fiction"
In reply to: Brown, Matthew: "Bit Level Forensics Examinations - Fact or Fiction"
Next in thread: Alan Moe: "Re: Bit Level Forensics Examinations - Fact or Fiction"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Apr 29 2001 - 18:35:20 PDT