Turn on thread page Beta
    • Thread Starter
    Offline

    1
    ReputationRep:
    Hey,

    This question may sound a bit weird but im just asking out of curiousity.

    How are the authorities - including computer forensics experts - able to analyse someone's computer and know in detail who that person has been emailing and chatting to and what they have been downloading.

    It just seems strange to me that in an age when programs such as internet explorer and mozilla all give users an option to clear private data that forensics are still able to uncover someone's computer history?
    Offline

    14
    ReputationRep:
    When a file is "deleted" your computer doesn't go over the hard disk and set all the memory where that file was back to 0s... instead it just makes a note in the file allocation table / master file table on the hard disk that that space is now free and can be written over... the actual data itself is still there! In fact it'll remain there until something else is written to disk that the operating system happens to think will fit nicely in that bit of free space.

    Also computer programs save a lot more temporary files to disk than you'd think, with the intention to clear them up once you close the program. Of course even though it's been "deleted" a lot of records and clues will be around for a long time.
    Offline

    0
    ReputationRep:
    Emails will normally always be stored on a server too, so that sort of information can be retrieved relatively easily.

    If you want to hid your activity the only 100% method is to destroy the hard drive completely. Not very practical (lol), but certainly worth doing if you are thinking of recycling your computer.
    Offline

    1
    ReputationRep:
    (Original post by tezw)
    But also there is a part of the PC hat is invisible to us and only highly skilled IT experts know exactly where it is and get access to the information. This part of the PC saves things that you think you have deleted and keeps them there for a very long time.
    Ignore this idiot, he's talking absolute rubbish.

    What thefish_uk said is correct, and even once the data has been written over it is still possible to recover it, although It's not easy and certainly not something any old person could do. You'd need an electron microscope for a start.
    Offline

    0
    ReputationRep:
    This is was one of the fatal things that Harold Shipman did, he formated his computer hoping the evidence would be destroyed but of course the police managed to find the forged entries within hours of seizing the data.
    Offline

    1
    ReputationRep:
    (Original post by tezw)
    Sorry if thats what i have who is in the police force.
    Could I have that in English please.

    If that's what you've been told then either someone is lying to you, you misunderstood, or they over simplified it.
    • Thread Starter
    Offline

    1
    ReputationRep:
    (Original post by AT82)
    This is was one of the fatal things that Harold Shipman did, he formated his computer hoping the evidence would be destroyed but of course the police managed to find the forged entries within hours of seizing the data.
    and, ironically, he was actually a member of the committee that set up the computer sydtem for GP surgeries.
    Offline

    2
    ReputationRep:
    (Original post by Pyrrho101)
    Emails will normally always be stored on a server too, so that sort of information can be retrieved relatively easily.

    If you want to hid your activity the only 100% method is to destroy the hard drive completely. Not very practical (lol), but certainly worth doing if you are thinking of recycling your computer.
    Yup and hard drives can be be pretty idestructable with my dad having been to fires (he's a fireman) and the hard drive has managed to survive a house fire at 1000c
    Offline

    0
    ReputationRep:
    Just swipe a nice magnet down the HDD, or take a hammer to it - not very good at taking a beating like that.
    Offline

    12
    ReputationRep:
    You might be interested to read this:

    http://16systems.com/zero/index.html

    It seems that this method is one of the only failsafe, yet non-destructive (of anything but data :p:) ways of permanent disk erasure.
    Offline

    0
    ReputationRep:
    (Original post by wizard710)
    Yup and hard drives can be be pretty idestructable with my dad having been to fires (he's a fireman) and the hard drive has managed to survive a house fire at 1000c
    And there was me worrying that 50c was too hot
    Offline

    1
    ReputationRep:
    Don't erasers completly delete files as well or do they just do the same as the recyling bin?
    Offline

    0
    ReputationRep:
    (Original post by Lucy :))
    Don't erasers completly delete files as well or do they just do the same as the recyling bin?
    Good ones will overwrite the space were the file use to be with random data so it can't be recovered.
    Offline

    12
    ReputationRep:
    In my head, I think of it like this:

    The recycling bin doesn't actually delete files - it just marks the space that the file takes up as writable - it's the TippEx of the computer world, in that you can, if you try hard enough, scrape off the TippEx to see what was underneath.

    Zeroing a file (see above post) is like using an ink eraser - in that there's no way of getting back what you've gone over.

    (Is that even correct?)
    Offline

    1
    ReputationRep:
    Um, it's not very difficult at all to retrieve data from a zeroed disk (that previously contained data on it), so I'm not sure if you know what you're talking about in your second case.
    Offline

    12
    ReputationRep:
    You're right that I don't know what I'm talking about... but how does the zeroing in the link I posted differ from the zeroing I'm talking about?
    Offline

    15
    ReputationRep:
    There are programs that zero the disk 9 times over and then rewrite random data on top of it. This is apparently what the military use so is pretty secure.

    Erase and shredder?
    Offline

    10
    ReputationRep:
    The problem is magnetic hysteresis, in that even if you zero the disk it is still possible to determine the previous magnetic state on a bit-by-bit basis, allowing reconstruction of any data. It takes a fair amount of specialised gear, time and money, though.

    Best bet is to do several passes over the disk writing complete nonsense (from a pseudo random number generator) and then zero it. You still have issues with bad sectors though, which are remapped by the drives firmware and so data may still remain.

    Only fool proof way is to melt the thing down.
    Offline

    1
    ReputationRep:
    No one heard of the Gutmann 35-pass algorithm?
    Offline

    1
    ReputationRep:
    dban if you want to use the disk again, thermite if you don't.
 
 
 
Poll
Have you ever experienced bullying?

The Student Room, Get Revising and Marked by Teachers are trading names of The Student Room Group Ltd.

Register Number: 04666380 (England and Wales), VAT No. 806 8067 22 Registered Office: International House, Queens Road, Brighton, BN1 3XE

Write a reply...
Reply
Hide
Reputation gems: You get these gems as you gain rep from other members for making good contributions and giving helpful advice.