Two other drives contained more than 5,000 credit card numbers-it looked as if one had been inside a cash register. It contained a year's worth of financial transactions-including account numbers and withdrawal amounts-from a organization that had a legal requirement to not divulge such information. Much of the data we found was truly shocking. In fact, only 10 percent of the drives I purchased had been properly sanitized. It was a simple matter to undelete the data files and retrieve their secrets as well. On another third, someone had deleted the document files but left the applications behind. We found that between one-third and one-half of the drives still had significant amounts of confidential data, even though many had been through a Format or FDisk operation. In all, I bought and analyzed the content of more than 150 drives with the help of Abhi Shelat, another graduate student at MIT's Laboratory for Computer Science. Last summer, I started buying drives en masse on eBay. Drives that I found at an MIT swap meet had financial information on them from a Boston-area investment firm. I bought recycled drives in Bellevue, Wash., that had internal Microsoft e-mail (somebody who was working from home, apparently). Since then, I have repeatedly indulged my habit for procuring and then analyzing secondhand hard drives. One drive had a confidential memorandum describing a biotech project another had internal spreadsheets belonging to an international shipping company. Several of the drives had source code from high-tech companies. I took the drives home and started my own forensic analysis. Pop one into a computer, and you could recover the previous owner's files simply by running XCopy. In other words, nobody had even run FDisk on those drives. The cavernous space out back had several shelves stacked high with old hard drives, each $5, "as is and untested," according to the sign. Although Windows doesn't give you any tools for recovering the data afterward, many such tools are currently on the market (for descriptions of those tools, see "Tools of Evidence," Machine Shop, March 2003).īut the real treasure trove that day wasn't on the store's display shelves it was in the warehouse. Running Windows FDisk on a 10GB drive overwrites only 0.01 percent of the drive's sectors.
0 kommentar(er)
