The ghost of information past: think deleted data from your PC is gone for good? Think again. (Tech Issues).CORPORATE SECURITY PART 1 OF A SERIES When businesses use technology to resurrect lost computer data, they call it "rescue" or "recovery." And that's a good thing. When the government or litigants in a case retrieve someone's data, it's called "computer forensics The investigation of a computer system believed to be involved in cybercrime. Forensic software provides a variety of tools for investigating a suspect PC. Such programs may include a function that copies the entire hard drive to another system for inspection, allowing the original to ." And whether that's a good thing depends on which side of the lawsuit you fall. When the competition takes your hard drive out of the dumpster or a blackmailer bids on your retired PCs or mainframes, you'll call it something else--loudly and with a few choice words. To put it plainly, data on your hard drive often lives on long after you think it's been destroyed, leaving you vulnerable to the competition or data thieves. But you can fix that problem. First, you should keep track of your old, small storage, or broken hard drives. Make sure you know what's on What's On (Traditional Chinese: 熒幕八爪娛) is a weekly half-hour TV series that airs on Fairchild Television. Format Originally started in 1996, the show is currently the longest-running program in Fairchild Television history. them. If it's information you wouldn't want anyone Outside of the company to have, store those drives in a secure location or destroy the data. But you'd be surprised to know that simply reformatting hard drives before throwing them away doesn't prevent someone from reclaiming the data. There is even a danger of data coming back after you've shredded electronic files with software that overwrites the hard drive. WHAT CAN YOU DO? The best way to protect your business is to physically destroy the hard drive--the platters, or disks, inside the drive that store information, says Bill A. Thompson, a 22-year veteran of Britain's Royal Air Force Police and a part-time computer investigation instructor with Guidance Software in Marina del Rey, California Marina del Rey (Spanish for "Navy of the King", or "Seacoast of the King") is a census-designated place seaside community located in an unincorporated area of Los Angeles County, California, United States. The population was 8,176 as of the 2000 census. . "That is a sure way of preventing the recovery of information," says Thompson. To do this, he says, you need two basic tools: a hammer and a screwdriver. "Break open the case and destroy the platters," Thompson says. "You can get software that will do multiple overwrites of the hard drive with different characters, and usually this would be good enough. If someone wanted to get information from your hard drive after the multiple overwrites, they would need specific help. It would not be easy, and it would not be cheap, but it can be done." If you're serious about security, start with multiple overwrites, using software that conforms to Department of Defense specifications. Then spend a few minutes with a magnet, hammer, and screwdriver. Together, these tools can save a lot of sleepless nights, if not lawsuits. As for floppy disks, Thompson says just breaking one won't do: "There are cases where a suspect has broken a diskette The official name for the floppy disk. See floppy disk. diskette - floppy disk and cut the magnetic media inside the disk with pinking shears pink·ing shears pl.n. Shears with notched blades, used to finish edges of cloth with a zigzag cut for decoration or to prevent raveling or fraying. . Investigators were able to piece together the fragment's of the media, held together with little more than cello tape, and were able to recover valuable evidence from the disk. It is the magnetic media inside the casing that needs to be destroyed." Thompson's suggestion for destroying it: "Burn it to a crisp and make sure that the remains are crushed to dust." Of course, if the drives are still in service, use stringent social, physical, network, and software security to protect your data. CURBING DATA LIABILITIES Companies can learn to minimize their exposure, says Joan Feldman, president of the Seattle-based Computer Forensics Inc. (www.forensics See computer forensics. .com). Computer Forensics helps companies handle issues such as data restoration and content and retention control. Content control means ensuring there are three ways of preventing certain content from being created on your company's system. Feldman first advises clients to develop a privacy policy. "Alert people that the materials on their computers are not their own," she says. "An informed adult will make the right decision about what they want to stay and what they want to keep on a computer that might be reviewed by another person. Informing them cuts down on the incidents." Second, Feldman advises a usage policy, banning inappropriate jokes via email and other program files. "If you don't write it, you don't have to get rid of it," she says. Third, she suggests turning to technology. "Install software that monitors e-mail and Internet transactions, and software that blocks words or phrases from traveling through email systems." Retention control means teaching employees not to save too much information. "I talk to them about what they do with their backup tapes," says Feldman. "They are routinely created in almost every business environment, and almost always contain everything that's on the computer system. Usually the backup tapes are recycled or reused on some kind of a schedule. When you reuse a backup tape, the new information replaces the old. Some companies have to keep it for specific lengths of time, but some have no such reason." Whether an e-mail at the heart of a lawsuit actually exists on the tapes, restoring and reviewing one day's worth of documents and e-mail for a company with 100 employees can cost up to $30,000, not including attorney fees, says Feldman. "We look at all the possible places they could be storing information, then make recommendations for lowering the volume," she says. Technological help can come in the form of self-expiring e-mail (head to www.omniva.com for a free trial) or auto-purge functions that empty trash mailboxes after a certain period of time. For example, you can set Microsoft Exchange Messaging and groupware software for Windows from Microsoft. Exchange Server is an Internet-compliant e-mail system that runs under Windows NT/2000 and Windows Server 2003. It can be accessed by Web browsers, the Exchange client, versions of Outlook and the earlier Windows Inbox. (the server side of Microsoft Outlook For the e-mail and news client bundled with certain versions of Microsoft Windows, see . Microsoft Outlook or Outlook (full name Microsoft Office Outlook ) to purge e-mail on a schedule. "All of the major e-mail applications have functions that can schedule purging of email," Feldman adds. "Five years ago people didn't know what we were talking about; maybe they hadn't been sued," she says. "Sadly, after the experience of being subpoenaed, they get interested in how to keep less data." The best way to keep your company's data secure is to follow the advice of Thompson and Feldman: limit the type of data created or stored; limit the length of time you keep data; limit the locations of data, such as removing it from retired drives; and destroy data completely when its number is up. All Gone? Here are some common methods companies use to destroy data and why they might not always work: * Recycling, Recycled files are not deleted until the space is needed or someone manually deletes it. Anyone can easily recover the files using simple Windows commands such as double-clicking the Recycle Bin Starting with Windows 95, a simulated garbage can used for deleting files and folders. The recycle bin keeps the files intact in case the user wants to restore them, but can be "emptied" from time to time to save disk space. icon, selecting the files you want to recover, and choosing restore. * Deleting. Deleted files are still on the hard drive only the file names are changed, so you can't find them through usual methods such as a File/Open dialog or in Windows Explorer See Explorer. . The files remain on the disk until they're overwritten by other data. Anyone can buy a do-it-yourself recovery program such as Ontrack's EasyRecovery Professional Edition 5.12 ($489; www.ontrack.com/easyrecovery). * Shredding or file-wiping. Some utilities let you overwrite (1) A data entry mode that writes over existing characters on screen when new characters are typed in. Contrast with insert mode. (2) To record new data on top of existing data such as when a disk record or file is updated. files multiple times with patterns of ones and zeroes, but computer forensic software may still recover them if the method used isn't strong enough. If you do succeed in destroying the files you meant to, the data they contained may still exist in more places on the drive, such as in the cache, backup or temporary files, a swap file A disk file used to temporarily save a program or part of a program running in memory. See Windows swap file. (operating system) swap file - A file used by a program or, more often, an operating system as swap space. , virtual memory, the print spooler Software that manages sending jobs to the printer. When an application prints a document, the formatted output is stored on disk, and the print spooler feeds the print images to the printer in the background at slower printing speeds. , thumbnail versions of graphics, preview versions of print documents, temporary Internet browser See Web browser. directory, or in any number of alternative file views. * Reformatting. Reformatting makes the file system invisible to Windows when you reload (1) To load a program from disk into memory once again in order to run it. Reload is entirely different than reinstall. Reinstall means that you have to run the install program from a CD-ROM or floppy disk and perform the installation procedure over again. it onto the clean disk, but software may be able to reclaim the pre-format data. * Hiding files and directories. Forensics software knows the tricks. EnCase en·case tr.v. en·cased, en·cas·ing, en·cas·es To enclose in or as if in a case. en·case  ment n. , for example, makes thumbnail pictures of all graphics files even when the pictures' extensions have been changed from .JPG See JPEG. jpg - JPEG to .DLL (1) See data link layer. (2) (Dynamic Link Library) An executable program module in Windows that performs one or more functions at runtime. DLLs are not launched by the user; they are called for by an executable program or by other DLLs. . (For a review of EnCase, see "Nowhere to Hide," Techwatch, this issue.) * Hiding partitions. Even partitions created on your Windows PC An x86-based computer that runs some version of Windows. See x86 and Windows. by other operating systems are easily exposed by FDISK A DOS and Windows utility that is used to partition a hard disk, which is necessary before high-level formatting. See DOS Format. (operating system, tool) FDISK - (Fixed disk utility) An MS-DOS utility program which prepares a hard disk so that it can be used as a boot disk , identified by utilities such as PowerQuest's PartitionMagic 7.0 ($69.95; www.powerquest.com). * Copying to disks. Floppy disks, CD-ROMs, and PDAs won't shield or protect you. Some software can copy any drive remotely, so if someone makes it into the system, there is a risk that the drive will be read while attached to the system or remnants of the data will be read while in other parts of the system. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion