Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
IT Risks, Protecting Against Data Recovery (by LAZgroup SA)

IT Risks, Protecting Against Data Recovery (by LAZgroup SA)

|Views: 2|Likes:
Published by lazgroupsa
LAZgroup SA, IT Risks - Why Protecting Against Data Recovery
LAZgroup SA, IT Risks - Why Protecting Against Data Recovery

More info:

Categories:Types, Brochures
Published by: lazgroupsa on Jan 26, 2013
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





 Protecting Against Data Recovery
Problem Definition
If your laptop, computer, memory stick or PDA is sold, stolen or lost, hackers and identity thieves can easily recover thefiles that you think were deleted. These files are not necessarily erased from your computer despite the Recycle Binbeing empty. When your computer saves a file, it writes data on a disk (or memory stick) and takes note of the filelocation. When you delete the file, it is transferred to the Recycle Bin. When you empty the Recycle Bin, the computererases only the note about the previous file location, but file content is left intact on the disk until some other file iseventually written over it. The entire content of an erased file can remain untouched anywhere from a few seconds to afew years. Hackers can easily uncover and read it using public data recovery software.Many computer users trust the Recycle Bin. When they empty it, they think their files are completely removed from thecomputer. Some users, from individuals to international banks, have experienced the error of this common belief whentheir sensitive data was recovered by data thieves who had bought the old hard drive and easily recovered the "deleted"files.Most people would never throw a credit card into a public trashcan, but they do something similar with their computers.A 2003 study found that about 35% of the hard drives on the used market contained easily accessible confidentialinformation (see Garfinkel and Shelat).Emptying the Recycle Bin does not actually remove a files contents from the disc. When a computer saves a file it writesthe data on a disc (or memory stick) and makes a note of the file's location. When you put the file in the Recycle Bin and"empty" it, the computer erases its note of the file's location, freeing the disc space for the further use. The actual datais left intact on the disc until some other file is eventually written over it. On a large hard drive, it may be a long timebefore the space is used again, so a lot of data can accumulate on it over the years.A computer hard drive is like a library with a lazy librarian. When the director tells her to remove certain books, sheremoves them from the library catalogue but leaves the books on the shelves. Since her Director only checks thecatalogue, he never discovers the difference, but people with the patience to look through the shelves can read theofficially nonexistent books.
There is a world market for used computers and hard drives. Discarded, donated and stolen computers are shipped todeveloping countries where they are stripped for reusable parts. Data thieves can cheaply buy large quantities of harddrives and examine them quickly. They use publicly available data recovery software that was designed to help peopleretrieve mistakenly deleted files or rescue data from damaged discs. Such software looks for old versions of the filecatalogues and scans the disc for file signatures. Unless new files have been saved on top of the old ones, the data canbe easily recovered. This is good if it was an important file that was accidentally deleted, but it is bad if it is confidentialinformation that could be used for fraud or blackmail.Even files that have been overwritten by new files can be read with a machine called a magnetic force microscope. Usedby police, spies, and private security consultants, these instruments can detect the traces of previous data in the tinyspaces between the individual bits of the current data. The magnetic head that writes on the disc does not always lineup in exactly the same place, so small magnetized areas of the previously written data are visible at the edges of thenew, like the blurred edges of a poorly printed color picture. With specialized equipment and patience the original datacan be reconstructed.If you are selling or recycling an old computer you could protect your confidential information by removing the harddrive and physically destroying it. This is the safest method, but it substantially reduces the value of the computer.A better solution is to use data recovery prevention software. It is also a good idea to regularly clean laptop hard discsand memory sticks that could be lost or stolen.Discs cannot actually be erased. All the bits can be written as zeros, but traces of the files beneath will still be there.Cleaning a disc involves overwriting data on it several times, until no traces could be recovered. Usually alternatingsequences of numbers are used along with random numbers, instead of just zeros.Data recovery protection programs must figure out which parts of the disc must be overwritten and which parts must beleft alone, so the program does not damage current files. Two common methods exist. The first one, called low-levelaccess, scans the disc and examines everything it finds to see if it is current or inactive. The second method, called high-level access, uses Windows' (or another operating system's) catalogue of files. High-level access has less risk of damagingexisting files because it uses the same index as the computer itself.How many overwrites are enough to make erased data unrecoverable? Security must be balanced with speed,practicality with paranoia. Overwriting a large hard drive can take hours, depending on the disc's size, its connection tothe computer and the fragmentation of the file structure. On most of the hard drives made after 2000, 3 passes providescomplete protection against ordinary data recovery programs, and 5 passes is very good protection against magneticfield microscopes. One hundred percent security is of course unobtainable, but each additional pass adds a little more.In 1996 Peter Gutmann of the University of Auckland calculated that as many as 35 overwrites were needed to achieve ahigh level of security on older discs. But as discs have become smaller and faster, the surface area and depth used to

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->