Computer Forensics & Data Recovery

My hard drive crashed! I lost my data, Word documents, and pictures. Can you get my data back?

This is something of how my calls for help usually go. The short answer is “yes,” most probably. It depends on who you talk to in the data recovery and computer forensics business, but the recovery rate is probably over 90%. Now this is including software and hardware recovery techniques.

Now what I am calling hardware recovery, is that the drive itself has stopped functioning reliably or at all. This can be a mechanical failure, such as the motor that makes the disk spin has stopped working. A key symptom of a mechanical failure is the drive making strange noises. Loud clicking, up and down loud humming, or a grinding sound. If your drive is making a grinding sound….that is REAL bad. If you want ANY chance of getting your data back, pull the power and seek professional help!

As a consumer, you are usually not real interested in my detailed description of what I believe the cause of the problem or failure is….. As my wife will say when she has a computer problem, “Just make it WORKKKK!” Oh yeah….banging on your keyboard and hitting the computer generally doesn’t solve your problem either.

Of course the other thing the consumer wants to know is, how much will it cost? This is a reasonable question. As a person or a business you have to make a decision of whether or not your data is worth that much money to get back. Data Recovery is a new enough field that I can’t give you a great answer on how much you should pay. I will give you some guidelines and thoughts.

If you are the average consumer, no RAID drive configuration and you data is not in some super encryption format, it should be a pretty standard cost. Whoever is doing the work should be able to give you a rate on how much they will charge. For a software only recovery, you should pay between $150 and $400 dollars. If it is a mechanical failure it is a lot more specialized repair, requiring more equipment. A ball park price should be $500 to $1400 dollars. I realize that last one is a real wide range, but so are the prices companies charge for those kinds of repairs.

I hope you are never in the position to have to read this article for more that personal knowledge enrichment!

I am based in Gainesville, Florida and can be reached by phone or email for individual advice. http:www.datatriangle.com/services

I have just started looking for a new notebook computer for my field work. My current one is a couple years old. It is getting a little underpowered for what is available today.

In looking around for what to buy as an upgrade, I found the Durabook (http://www.durabook.com/index.jsp). It is drop resistant, spill resistant, and shock resistant. All this and a Core Duo version is selling for 1400 dollars at Newegg. I have not bought it yet. I wanted to let others know it is out there.

Quoted from their site:

DURABOOK is tough enough to meet Military 810F rugged specifications and also built for road warriors, mobile professionals, gamers, and everyone on the go who needs to run memory intensive applications and high speed wireless technology. The Twinhead DURABOOK incorporates added protection against drop, vibration, and liquid spills while remaining competitively priced with plastic case commercial notebooks that lack structural protection. With pricing up to 50% less than fully rugged notebook systems, the DURABOOK models offer you the essential rugged features that are needed to lower the risk of damage from normal everyday use while still providing high performance capabilities at a competitive price.

DURABOOK Rugged Standard

All DURABOOK systems pass US Military and European Committee rugged feature standards to ensure their durability. These standard test measurements include:

• DROP TEST - Magnesium alloy case - 20 times stronger than ABS plastic, offering higher survival rate after drops and bumps. Compliant with Military Standard 810F.
• VIBRATION TEST - MIL STD 810F, Method 514.4, Procedure I, Category 10, Fig 16&17/ASTM 4169, Truck Transport 11.5.2 Random test, Assurance Level II.
• SPILL PROOF TEST - European Committee for Electro Technical Standardization of IP31.

Ever wish there was a better way to find files than the built in Windows search? Well, I have, not to mention, doing computer forensics it is often nice to have a piece of software to identify a file type or double check another piece of software.

Doing data recovery, you have a client that is often only interesting and in finding and recovering their 50 page Word document they were working on when their computer crashed.

Well, for the situation File Investigator (http://www.robware.com/fifilefind.htm) by RobWare is a great tool. They are nice folks and very responsive.

This program identifies files by their content rather than just the extension at the end. The software also returns also returns a lot of additional file information. In also runs very fast.

If you do data recovery, computer forensics, or are just a power user that does a lot of searching; I recommend this software.Here is some more information about the program, straight from their site:

The File Investigator Engine is the core program that identifies a file by its content rather than filename extension. You might assume that it has to be slow if it opens every file, but it is almost as fast as any other program that just reads the disk directory. MS Windows and most applications only look at a file’s extension when identifying or loading it. If the file has the wrong extension or the application doesn’t recognize the extension, then you are out of luck. Unless you have an application that uses the File Investigator Engine.

Stages that we use to identify each file:

1. Match Legal Database(s) Hash Codes (optional)
2. Match File Header/Magic #
3. Match Inter-File Pattern/Signature/Magic #
4. Match Byte Value Distribution Pattern
5. Interpret & Validate Identification
6. Match Hash Codes (Our hash DB, then the Legal DB(s))
7. Floating Header Match (Secondary)
8. Match Hash Codes (Secondary, Legal DB(s) only)
9. Match File Extension
10. Read Metadata

This engine also extracts valuable information out of many different types of files. Information like: image resolutions, sound file sampling rates, document titles, and much more. It then adds general information about that particular file type/format.

We provide Software Development Kits for Windows, UNIX & Linux programmers to take advantage of the File Investigator Engine. There are also a couple of consumer applications available.

There are many uses for this type of software.

* Identify a file that a friend or colleague gave you that Windows doesn’t recognize.
* Quickly look at a file’s details when searching for a specific file, without having to wait for an edit program to open and load each file.
* List the details for many files all on one screen. Then it is easy to zero in on a file that you were looking for.
* Organize your files by their qualities or types rather than just their file names.
* Scan files for viruses intelligently, by first identifying what type of file(s) you are scanning.
* Search confiscated hard drive(s) for Computer Forensics legal evidence.
* Verify that the file your software product is about to load is in a supported format.

Have you ever wanted to copy a word document or a webpage to save the information for later use or integrate it somewhere else?  If you have, you have probably been frustrated at grabbing all the pictures and links when you tried.

Well, Steve Miller has a great little program to help out with this problem.  It is called PureText It is a small .exe program that basically strips most pictures and formatting out before executing the paste command.  Great time saver.  As a matter I used it to grab his description of what the software does to paste it into the bottom of this article.

This can be of use in computer forensics investigations.  There may be times when you want to convey the text content of a page to your end-user without giving them the pictures on the page (sometimes they could even be illegal to transmit, i.e. child porn).  This is a great little tool for that.

We all have a ton on passwords to remember now. Most of us have heard that it is not a good idea to use the same password on everything. Although, you may not have been told why…

In brief, I will explain it. Passwords are transmitted through the internet in two basic forms, plain or encrypted. Most financial sites use what is called SSL (secure socket layer) encryption. This keeps your information pretty safe enroute from point to point. A lot of you social sites, forums, clubs, or small member sites even transmit the password in plain text.

Plain text password transmission allows anyone to get your password as it passes through. Without getting complicated, most all information on the internet travels through a bunch of different computers (called servers) before it reaches its destination. An unsavory administrator, or a hacker that has breached their system, can grab the password as it passes through with a “sniffer.” A sniffer is basically a program that monitors internet traffic.

How do I know which is being used, plain text password or SSL encryption? Just look at the edges of your browser. On all the browsers I am aware of, a padlock appears somewhere. It is usually in the lower right on FireFox and to the right of the address bar on Internet Explorer. If you see the padlock, you password is going through SSL encryption.

Of course, SSL encryption means the password is safe enroute. Whether you can trust the site administrators on the other end, and whether they keep there servers secure from hackers is a whole different story.

So, what should a person do? At the very least, you should use different password for your financial sites and for your “play” sorta sites where the passwords go through in plain text. For the best security, a different password should be used on every site. I know, you are going there is now way I can remember all those passwords!

Well, I have a FREE solution for you. www.passwordmaker.org. This program is great. You input your master password and the site name you are logging into. The software uses an encryption scheme to then produce a secure password! You remember one password, yet you get an individual password for every site.

Now you ask, but what is I am at a friends house who doesn’t use the software or an internet cafe? Well, they have an “online” password generator that you use to put in the same information as your application at home, and presto there is the same password.

I admit the away from the home option is a bit of a pain…. so, for the sites you would often access away from home (email, myspace, instant messaging, whatever) I would just have a password(s) you remember for them. Let password maker handle your financial sites, or any other sites that involve money or information you really need to keep private. The reason I say this is simple, if you think about the skilled hacker criminal out there… does he care what you said to your friend Sally about Bob?? NO. He is wanting to make money. The quickest way to do that is penetrate your online banking or PayPal account that has money.

So, take my advice, use passwordmaker where you need secure passwords; and sleep/ surf a little easier.