Data Recovery Techniques Florida State University CIS 4360 – Computer Security Fall 2006 December 6, 2006 Matthew Alberti Horacesio Carmichael.

Slides:



Advertisements
Similar presentations
Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Utility program + driver program Thomas Wat 4D (21)
Backing up and Archiving Data Chapter 1. Introduction This presentation covers the following: – What is backing up – What is archiving – Why are both.
Backing Up Your Computer Hard Drive Lou Koch June 27, 2006.
Computer Forensics.
1 X-Ways Security: Permanent Erasure Supervised By: Dr. Lo’ai Tawalbeh Prepared By :Murad M. Ali.
Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.
Everything your business needs to know but probably doesn’t.
Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Guide to Computer Forensics and Investigations Fourth Edition
1 Pertemuan 23 Contingency Planning Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Guide to Computer Forensics and Investigations Fourth Edition
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.
1 AQA ICT AS Level © Nelson Thornes Backup and its importance.
®® Microsoft Windows 7 for Power Users Tutorial 10 Backing Up and Restoring Files.
Data Recovery Techniques By Danny Seltzer and Evan Hollander.
Basic File Recovery Techniques BACS 371 Computer Forensics.
Capturing Computer Evidence Extracting Information.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Security The Kingsway School. Accidental Data Loss Data can be lost or damaged by: Hardware failure such as a failed disk drive Operator error e.g. accidental.
Damien Leake. Definition To examine digital media to identify and analyze information so that it can be used as evidence in court cases Involves many.
File Organization Techniques
Computer Forensics Iram Qureshi, Prajakta Lokhande.
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
Software.
© 2001 by Prentice Hall11-1 Local Area Networks, 3rd Edition David A. Stamper Part 4: Installation and Management Chapter 11 LAN Administration: Backup.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
1 IT Investigative Tools Tools and Services for the Forensic Auditor.
Mark A. Magumba Storage Management. What is storage An electronic place where computer may store data and instructions for retrieval The objective of.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Guide to Computer Forensics and Investigations Fourth Edition
Lesson 4 By: Matthew Cheser. Objectives Identify problems that can occur if hardware is not properly maintained. Identify routine maintenance that can.
Chapter 6 Protecting Your Files. 2Practical PC 5 th Edition Chapter 6 Getting Started In this Chapter, you will learn: − What you should know about losing.
Backups CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.
DATA STRUCTURE & ALGORITHMS (BCS 1223) NURUL HASLINDA NGAH SEMESTER /2014.
XP Practical PC, 3e Chapter 6 1 Protecting Your Files.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Data Acquisition September 8, 2008.
Cosc 4750 Backups Why Backup? In case of failure In case of loss of files –User and system files Because you will regret it, if you don’t. –DUMB = Disasters.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
IT1001 – Personal Computer Hardware & system Operations Week7- Introduction to backup & restore tools Introduction to user account with access rights.
Forensics Jeff Wang Code Mentor: John Zhu (IT Support)
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 File Systems September 22, 2008.
COEN 252 Computer Forensics Forensic Duplication of Hard Drives.
By: Jeremy Henry. Road Map  What is a cybercrime?  Statistics.  Tools used by an investigator.  Techniques and procedures used.  Specific case.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
Photo recovery from water damaged XD memory card recovery-from-water-damaged-xd-memory-card.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
( ) 1 Chapter # 8 How Data is stored DATABASE.
Digital Forensics Anthony Lawrence. Overview Digital forensics is a branch of forensics focusing on investigating electronic devises. Important in for.
Chapter 6 Protecting Your Files
File-System Management
Alicia A. Coon COSC 480 October 27, 2006
Local Area Networks, 3rd Edition David A. Stamper
CompTIA Security+ Study Guide (SY0-401)
AS ICT Module 2 Objectives: Security of Data
Lesson Objectives Aims You should be able to:
Knut Kröger & Reiner Creutzburg
CHFI & Digital Forensics [Part.1] - Basics & FTK Imager
COEN 252: Computer Forensics
COMP1321 Digital Infrastructures
Digital Forensics Andrew Schierberg, Fort Mitchell Police, Schierberg LAw Jay Downs, Kenton County Police.
Solutions to Secure File Deletion
Data Recovery: Why Secure Deletion is so Important.
G061 - Network Security.
Presentation transcript:

Data Recovery Techniques Florida State University CIS 4360 – Computer Security Fall 2006 December 6, 2006 Matthew Alberti Horacesio Carmichael

Explanation Data recovery techniques are used to recover information that has been deleted or compromised. End users, companies, and government agencies may use data recovery for different reasons. Data recovery techniques are often a major part of computer forensics.

Background ● Data recovery techniques have been around for a long time ● Does not necessarily relate to computer systems ● Today, “data recovery” is most often related to computer systems

Common Misconception ● When data is removed from a system it is either deleted or overwritten. But there are ways to recover deleted data. ● Just because a file is deleted that does not mean the data is gone. The Operating System simply removes the pointer from the file, but the data is still there. ● Now new data can be written to this space.

Misconception cont. Data is recorded onto magnetic media by using ones and zeroes. When the data is overwritten, the disk will only detect the new data leaving only remnants of the old data. The time to read the remnants would be very time consuming and all the old data would not be read correctly. This would cause a very problematic and impossible puzzle to solve.

Reasons for End User ● Recover files deleted accidentally ● Recover files that have been compromised  Hardware failure  Malicious activity

Reasons for Companies ● Recover data from an ex-employee's computer ● Recover lost files  Lost due to hardware failure  Compromised or lost due to network problem

Reasons for Government Agencies ● Similar to companies  Recover files from an ex-employee's computer  Recover data after hardware or network failure ● Law Enforcement Agencies  Recover evidence from a suspect's computer  Search for particular information on the hard drive  Establish motive for the crime  Identify any accomplices  Support forensic analysis of computers

Techniques ● Perform a forensic analysis of the computer ● Search for one file or a single file type ● Attack encryption methods ● Restore disk using an existing image ● Examine data in RAM

More Techniques ● Examine disk at the cluster or sector level ● Analyze data using hex editor ● Create hash of entire disk  Export for use in another tool

Statistics Cause of Data Loss Hardware or System Malfunction Human Error Software Program Malfunction Viruses Natural Disasters Frequency of Occurrence 44% 32% 4% 7% 3%

Types of Damage Physical Damage Logical Damage

Physical Damage ● CD’s can suffer scratches ● Tapes can simply break ● Hard disks can suffer from mechanical problems

Logical Damage Logical damage is primarily caused by power outages that does not allow the file to be completely written to the storage device. Some Results are: ● File is left in an inconsistent state ● DATA totally lost ● Cause the system to crash ● Strange behavior ● Partial storage

Tools - Explanation Many different tools exist that make data recovery easier. Some tools are only meant for government or commercial use. Also, the cost of some tools is too high for them to be feasible for an end user.

Tools ● WinHex  Very popular  Available to End User ● Forensic Tool Kit (FTK)  Used by some law enforcement agencies  More oriented towards forensics ● Encase  Also used by law enforcement agencies  More oriented towards forensics

More Tools ● Many special-purpose tools  Oriented towards End User  Single function  Typically very easy to use  May not be as accurate or powerful  Should not be considered forensically sound

Defeating Data Recovery Methods exist than can make data recovery very difficult or impossible. These methods should be used to secure financial information, medical records, or classified data. Most people are generally unaware that deleted data may still be recoverable for a long time.

Back Up File Back Up refers to the copying of data so that the additional copies may be restored after data is lost. Data Recovery is necessary when you lack the proper back up system.

Techniques to Prevent Recovery ● Write over deleted space with random data  1s and 0s  Make space appear random  Use a unique or uncommon algorithm  Some recovery tools can reverse the algorithm and recover the data ● Use a tool to “wipe” data securely  Automates process of covering up deleted data  Tools are available to End User  Sometimes included with security software suites

WinHex Screenshots

QUESTIONS?