[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Hard drive images

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Hard drive images
From: ldreamer <ldreamer@pisem.net>
Date: 06 Aug 2003 16:08:38 +1200

On Wed, 2003-08-06 at 10:26, Craig Pratt wrote:
> On Tuesday, Aug 5, 2003, at 13:23 US/Pacific, Ron DuFresne wrote:
> > On Tue, 5 Aug 2003, David Hayes wrote:
> >
> >> Our old standby, "dd", is perfectly acceptable for making an image of
> >> a hard drive to be used in court.  It's even the #1 choice of the FBI,
> >> and accepted by U.S. federal courts.  From the trial court order on
> >> admission of evidence in the case of Zacarias Moussaoui (the accused
> >> 20th hijacker of 9/11):
> >>
> >
> > Interesting, I would have thought that the original was required for 
> > the
> > courts, and that forensics was conducted on the copy.
> >
> > Thanks,
> >
> > Ron DuFresne
> 
> I believe there are ways to recover data at the physical/magnetic level 
> - magnetic  remnants of previously-deleted data, for instance - which 
> would require access to the original platters. I read an article about 
> this somewhere - would have to be SciAm or /.

Peter Gutmann has written a nice paper on data recovery of this very
nature, it can be found at:
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

--
Ldreamer

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Hard drive images
  - From: Craig Pratt <craig@strong-box.net>

Prev by Date: [Full-Disclosure] reply to me previous post (OT)
Next by Date: [Full-Disclosure] Call for discussion
Prev by thread: RE: [inbox] Re: [Full-Disclosure] Hard drive images
Next by thread: Re: [Full-Disclosure] Hard drive images
Index(es):
- Date
- Thread