Recovering Data- Forensics Tools

From: Mogull,Rich (rich.mogullat_private)
Date: Tue Oct 02 2001 - 09:28:38 PDT

Next message: Shannon.ONeil: "RE: Recovering data from a wiped HD"

Previous message: Craig Earnshaw: "Re: Recovering data from a wiped HD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm not sure if anyone's done this already- but it might be interesting to
poll for everyone's top forensics tools.

Keeping in mind that certain tools are better for certain tasks, what tools
do you prefer, and why?

------ Original Message ------
Encase is one of the many computer forensics tools out there - one of the
better ones though.

In terms of recovering data from a wiped drive that has been overwritten
your
chances are slim (unless you've got a very big budget and are very
determined).  If you're serious about wanting to do it you need to find out
more about microscopy - the technique that can be employed to recover the
data
based upon the magnetic signal strength on the drives surface..

In addition to this when data is overwritten many times (eg the DoD standard
of
7) the chances of a technique such as microscopy recovering the data are
very
slim.  I could go on and explain why, but it's rather boring.....

Regards

Craig Earnshaw
Lee & Allen Forensic Computing Services

Mike Zanker wrote:

> At 14:50 02/10/2001, wim.remes wrote:
>
> > I've used Encase a few times to perform jobs like this...but I don't
have
> > a deep understanding of the product ... you can find information on the
> > product on http://www.encase.com
>
> I didn't think Encase could recover completely overwritten data - it's a
> software recovery tool isn't it?
>
> --
> Mike Zanker                         | E-mail: M.Zankerat_private
> AACS Network Development Team       | Tel : +44 1908 652726
> The Open University                 | Fax : +44 1908 652193
> Milton Keynes, UK                   | PGP public key available
>
> -----------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Shannon.ONeil: "RE: Recovering data from a wiped HD"
Previous message: Craig Earnshaw: "Re: Recovering data from a wiped HD"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 02 2001 - 09:46:49 PDT