You are here: Home / Archives for Data Recovery

Data Recovery Conference for Continued Education

November 5, 2010 By Leave a Comment

I recently left my full time job in law enforcement doing computer forensics. (Hopefully private work will be less stress and more money!) I am primarily a computer forensic examiner. I do data recovery as a part-time, fill in when computer forensics is slow. As such, since I went to one Scott Moulton’s first data recovery course there has been a lot change in data recovery. It is obvious that there is a HUGE asset of combined knowledge in the data recovery field.

In law enforcement we would periodically have “Computer Forensic Training Days.” This was a quarterly meeting where examiners got together and trained each other. Examiners with a special interest/ expertise in a block would train the others. The only cost to go was small to cover hosting, as the trainers were paid by their agencies.

I think a similar thing would work very well for data recovery. In data recovery though, there would probably be a little higher cost to cover paying the speakers a lesson prep fee, conference room costs, and refreshments. I am thinking it could probably be done for a few hundred dollars for each attendee. ( I may even be able to work my law enforcement contacts to get us free rooms for the training in exchange for letting some of them come.)

I already run allceus.com with my wife. We (mainly she) puts on seminars already. So, I have some experience at it.

I think with the speed that knowledge grows in data recovery and it being so hands on that this would be extremely valuable to everyone. I know I would be willing to contribute training on file systems, X-Ways Forensics, or whatever else that DR folks were interested in.

Not to mention I am in Florida, just north of Orlando. Nice place to come annually for a winter conference maybe?

Let me know your thoughts. The big thing I would like to know is, would you ACTUALLY come. Keep in mind that with your flight, room, and enrollment fee that it will probably cost $1,000 dollars to attend a 2 or three day conference. (If the group is small I can actually host at my in-office training room. But, that would just be like 20 people… ) I will put a survey below for for everyone who is interested to take. I will publish the results later.

Data Recovery Conference Survey

Filed Under: Data Recovery

Mini-DVD Data Recovery

November 3, 2010 By Leave a Comment

I just did a data recovery job that involved a mini-dvd that had been accidentally re-formatted. I got the DVD in with no active files. My usual go to for these recoveries has been ISObuster. I have had many successful recoveries with ISObuster. In this case it did recover movie files that had been on the drive. It incorrectly assembled lots of the MPEG fragments a few large VOD files. This resulted in a jumpy video with a lot of unintelligible audio.

Well I knew my friends from England, CNW recovery, had been working hard on their DVD data recovery routines. I decided to give CNW a try. It has a very user friendly menu that guides your through each step of the process. It recommends at each step the next step in the recovery. I watched as it imaged the disk, carved the MPEGs, then did its best guess at reassembly. The process was very easy to understand and smooth for a low-level data recovery tool.

The resulting MPEGs were much cleaner than the VOB’s produced by ISObuster. There were segments, that by manual review, I could tell needed to be reassembled. There were none that were incorrectly put together though. (A much harder thing to deal with.)

I manually re-assembled the MPEGs together that were really part of one continuous shoot. The resulting product was very good.

I am very impressed with the progress of CNW recovery in this area!!

Filed Under: Computer Forensics, Data Recovery

Entering Private Practice!

September 18, 2010 By Leave a Comment

I am able to announce big changes at DataTriangle. I have been employed by the Alachua Sheriff’s Office as a Deputy Sheriff for the last 14 years. Most recently I was assigned to the FBI CyberCrime Task Force, Internet Crimes Against Children, and the computer forensic examiner. Yes, this has been as busy and stressful job as it sounds!

I am leaving the Sheriff’s Office to devote myself full-time to DataTriangle. I will be doing work in the areas of computer forensics, data recovery, and website administration. I will supervise staff members working on general computer repair services in the Gainesville, Florida area.

My recent computer forensics experience translates most closely to work in criminal defense cases. As I have always done though, my goal is to expand my experience. I have already worked civil cases involving digital evidence. I anticipate working a lot more with the increased availability. I have also had Gainesville Attorneys approach me requesting e-discovery services.

There is a great deal of overlap between e-discovery and computer forensic practice. A lot of the difference lies in acquiring a few new software tools and becoming proficient in them. I am in the process now of buying these tools and practicing. I don’t presently see myself trying to get into large scale e-discovery work. I am more interested in supporting law firms with their small to medium size e-discovery matters.

It is with great excitement that I enter into the private practice of computer forensics! The excitement is somewhat tempered by sadness at leaving all the great comrades and professionals that I have worked with through the years in law enforcement. I wish all of them the best of luck and safe patrols!

Filed Under: Computer Forensics, Data Recovery, Law Enforcement

DiskAnalyzer Pro

March 7, 2010 By Leave a Comment

I recently received a courtesy upgrade to a software product I already owned and used, DiskAnalyzer Pro.  I am excited to review the software because it has really come a long ways.  The version I am reviewing is 3.4.

From their website: “The software helps you to find largest folders and files on your hard drive.  Get hard disk space consumption report grouped by file size, file types, ownership, file date and attributes.   Quickly drill down to folders consuming most of your hard disk space.”

As soon as the program launches, it asks you which drive you would like to analyze.  Once you pick the drive it quickly analyzes it.  It did my 500GB drive I chose in about 20 seconds.  The program then presents its main work interface.  The primary area is a row of tabs that lets you sort the files by different criteria.

DiskAnalyzer Pro Tabs

DiskAnalyzer Pro Tabs

You can click any of those tabs to quickly sort/ group files by that criteria.    For instance, you can click file types to quickly see how much storage is being taken up by every file type on your drive (by extension).  Wondering why you have so many rich text files?  Just double click the “rtf” extension folder.  A new window opens called the “File Viewer and Explorer.”  This view list all the rtf files on the drive with the associated metadata.  To the left is a window to quickly sort further by any of the file attributes.  Date searching even has a handy pop-up calendar to assist in choosing the dates you need.  (Very useful when you are lost in programming, and lost your orientation to time and place!!)

File Explorer View

File Explorer View

Double-Clicking any of the files in the file viewer will launch the associated program to view the file.  For some of the simpler file types there is the option to launch and internal pre-view within the application.

A very nice feature if you need to report to someone else what is where, is the ability to export an HTML or CSV report of files located.  This is very useful for quick inventories after a data recovery or computer forensics job.  The same can be done with computer forensics software, but it is more time consuming to set up.

I can also see it be very useful for network IT professionals trying to find out what or who is taking up all the space on the server!

Overall, I find this to be a very easy to use and cost-effective utility.

Filed Under: Computer Forensics, Computers & Technology, Data Recovery

Computer Forensics Expert in Federal Court

September 10, 2009 By Leave a Comment

I am very pleased to announce that I testified as an Expert in Computer Forensics and Cybercrime.  I was on the stand for about an one and one half hours.  The material of the case involved the receipt, possession, and distribution of child pornography.

I was happy to learn that the case agents, attorney, and jury were very happy with my testimony.  Everyone told me that I was very clear and did an excellent job of making highly technical material understandable.  Being technically accurate and at the same time understandable, I believe, is one of the greatest challenges to anyone testifying as a computer forensics expert.  Throughout my training I have always tried to ask myself, “How would I explain this to a jury?”

The entire case was a great experience from working with the U.S. Attorney, investigators, criminal defense attorney, and everyone else involved in this case.

I am proud and happy to have accomplished my goal of being recognized as an expert in state and federal court.  I look forward to continuing to learn in this field, and hope I have a long and successful career in it!

Filed Under: Computer Forensics, Computers & Technology, Data Recovery, Law Enforcement
Phone: (540)369-3600 560 Broadview Ave, Warrenton, VA