[clug] PC Forensics / Fun
Michael Cohen
michael.cohen at netspeed.com.au
Thu Mar 29 10:12:44 GMT 2007
Hi Matt,
Presumably they ran dd on the drive to wipe it but that takes a while to
depends on the outsourcer/auctioner they may not have bothered and just
reformatted the drive.
Use hexedit to see the data on the disk (e.g. /dev/hda) - search for strings
of previous content (using strings -el for word documents). The recoverjpeg
tool is nice for grabbing jpegs. Ideally you should see 0's everywhere if
its been properly wiped.
Iteresting to see what you find... Keep us posted.
Michael.
On Thu, Mar 29, 2007 at 06:00:31PM +1000, Matt Smith wrote:
> Hi all,
>
> Having just recently acquired some ex govt Dell PC's via DOLA, I started
> to think about their previous life.
>
> I assume that prior to being released, either the govt's IT departments
> or DOLA would run some HDD cleaning programs over them, but I wonder
> "just how good" they are.
>
> So, has anyone had any experience playing with linux (or similar) and
> recovering/analysing HDD's that have been 'wiped'?
> Can anyone recommend/share experiences with programs (be it good or bad
> results)?
>
> Thanks for your replies, i'm very keen to see what sort of stuff is out
> there (and what is still "in there" ;)
>
> Cheers,
> Matt
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
More information about the linux
mailing list