[clug] PC Forensics / Fun [SEC=UNCLASSIFIED]
Roppola, Antti - BRS
Antti.Roppola at brs.gov.au
Tue Apr 3 09:02:09 GMT 2007
David Collett wrote:
> Maby, I'd be interested to know. It is very easy to find bootable CD's
> and floppies (linux naturally!) these days to automatically wipe all
> detected hard disks such that data cannot be recovered. This might be
> standard procedure for the auctioneers during testing (if not the
agencies themselves before de-asseting).
Sanitisation of hard disks is pretty rigidly defined, especially after
the tabloid current affairs shows did recovery on auction PCs a few
years back (mainly from private companies I vaguely recall). If you find
any real content, someone will be in serious trouble. AFAIK, they have
approved bootable tools as you describe.
If the media has got really nifty stuff on it, they use one-way Brownian
encryption[1].
You'd be more likely to retrieve content from private business PCs.
Someone I know recovered a PC from the tip that had a person's email and
dialup still configured and working (he nuked the drive).
Antti
[1] Throw the drive into an iron smelter and melt it.
More information about the linux
mailing list