DOCSLIB.ORG

Data Remanence in New Zealand D. Roberts

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Data Remanence in New Zealand D. Roberts Data Remanence in New Zealand D. Roberts A thesis submitted for the degree of Doctor of Philosophy at the University of Otago, Dunedin, New Zealand 7 March 2013 Abstract International research has shown that individuals and companies in other countries do not always fully remove the data from their computer data storage devices before disposing of them. Typically this means when people are disposing of their computer hard drives there is a wealth of personal or corporate information that can be exploited to commit such crimes as identity theft, fraud, stalking and blackmail. A further literature review showed that no such “data remanence” research for hard drives (or any other data storage devices such as mobile phones, USB thumb drives and the like) had been conducted in New Zealand. The methodologies for all relevant hard drive data remanence experiments were compared and then used to design the most appropriate methodology for this research. 100 second hand hard drives were then sourced nationally across New Zealand for the experiments of this research to determine the baseline of data remanence for hard drives in New Zealand. The results of the experiments were then compared with international results to determine how New Zealand compares and what if any further actions (such as education) should be taken. ii Acknowledgements Writing the acknowledgements is often one of the hardest parts of a thesis. There are simply too many people to thank and no really good scheme to organise those acknowledgements. If I have missed you out, please accept my apologies. I need to thank: My parents and grandparents who were great role models and fostered a love of learning that eventually led to this thesis. My primary supervisor Dr Wolfe for his years of support, guidance, wisdom and sense of humour. The Infosci office staff, especially Gail Mercer and Stephen Hall-Jones. The Infosci Tech Support Group for always having the right equipment or the right solution to the thorny hardware problems encountered in this thesis. My proofreaders Dr Melanie Middlemiss and Miss Amberleigh Nicholson for their excellent eye for detail, constructive criticism and spotting the really obvious mistakes tht always creep in. Special thanks go to Dr Nigel Stanger for his feedback and thought provoking suggestions that really improved this thesis and the future work that will come from it. Special thanks also to Brian Niven of the Maths and Stats department for his excellent advice and recommendations regarding statistics in this thesis. The University of Otago for funding parts of this research. The thesis examiners and Dr Martin Purvis as the convenor for providing timely and important feedback that improved this thesis. Dr Chris Roberts* and his co-workers for recognising the importance of this topic and encouraging me to research it. There were so many friends, office mates and fellow students who offered a laugh, distractions, shenanigans or really good ideas for this thesis. Some of those people (in alphabetical order) include: G. Can, Gerald Cochlan, G. Corso, Kris Evans, Jason Glazier, A. Godek, K. Gorton, “K.H”, J. Horton, Mark Hodge and members of the various board gaming groups, T. Inley “S.D.K”, L. Lau, Simon Mooney, Brendan Murray, J. Norris, Kevan Quinn, Bobbi Smith, Clint Sparks, and Ed Stackhouse. *No relation. iii Table of Contents Abstract ...................................................................................................................................... ii Acknowledgements .................................................................................................................. iii Table of Contents ...................................................................................................................... iv List of Figures ........................................................................................................................... ix List of Tables ............................................................................................................................. x Chapter 1: Introduction .............................................................................................................. 1 1.1 Introduction ...................................................................................................................... 1 1.2 Key Definitions ................................................................................................................ 2 1.3 Research Objectives and Methodology ........................................................................... 2 1.4 Contributions.................................................................................................................... 3 1.5 Structure ........................................................................................................................... 4 Chapter 2: Background .............................................................................................................. 5 2.1 Introduction ...................................................................................................................... 5 2.2 Data Storage Devices ....................................................................................................... 5 2.2.1 Physical hardware of Hard Drives ............................................................................ 6 2.2.1.1 Electro-mechanical Drives ................................................................................. 6 2.2.1.2 Solid-State Drives .............................................................................................. 8 2.2.1.3 Hybrid Drives..................................................................................................... 8 2.2.2 Interface Types .......................................................................................................... 9 2.2.2.1 Small Computer System Interface (SCSI) ....................................................... 10 2.2.2.2 Integrated Device Electronics (IDE) aka ATA ................................................ 11 2.2.2.3 Comparison between SCSI and IDE ................................................................ 12 2.2.2.4 Serial AT Attachment (SATA) ........................................................................ 13 2.2.2.5 Universal Serial Bus (USB) ............................................................................. 14 2.2.2.6 Adapters ........................................................................................................... 15 2.2.3 Interactions between Hard Drives and Operating systems ..................................... 15 2.2.3.1 Hidden Disk Areas ........................................................................................... 15 2.2.3.2 Master Boot Record ......................................................................................... 16 2.2.3.3 Partitions .......................................................................................................... 16 2.2.4 Other data storage devices: Mobile/Smart Phones ................................................. 17 iv 2.3 Technical issues regarding Hard Drive Data Remanence .............................................. 21 2.4 Forensic Computing ....................................................................................................... 24 2.4.1 What is Forensic Computing .................................................................................. 24 2.4.2 Minimal handling of the Original ........................................................................... 24 2.4.2.1 Dead forensics .................................................................................................. 25 2.4.2.2 Live forensics ................................................................................................... 26 2.4.3 Accounting for Change ........................................................................................... 26 2.4.4 Comply with the rules of evidence ......................................................................... 28 2.4.5 Implications for this research .................................................................................. 29 2.5 Psychology of Security .................................................................................................. 29 2.5.1 Relevance to Data Remanence ................................................................................ 32 2.6 Risks arising from Data Remanence .............................................................................. 32 2.6.1 Legal Requirements: New Zealand Privacy Act ..................................................... 33 2.6.2 Espionage ................................................................................................................ 34 2.6.3 Identify Theft .......................................................................................................... 35 2.6.3.1 Financial Identity Theft.................................................................................... 35 2.6.3.2 Non Financial Identity Theft ............................................................................ 37 2.6.3.3 Criminal Record Identity Theft ........................................................................ 37 2.6.3.4 Potential Identity Theft and Data Remanence ................................................. 37 2.6.4 Blackmail ................................................................................................................ 39 2.6.5 Stalking ..................................................................................................................
Load more

Recommended publications
  • Data Erasure on Magnetic Storage
    “HENRI COANDA” GERMANY “GENERAL M.R. STEFANIK” AIR FORCE ACADEMY ARMED FORCES ACADEMY ROMANIA SLOVAK REPUBLIC INTERNATIONAL CONFERENCE of SCIENTIFIC PAPER AFASES 2011 Brasov, 26-28 May 2011 DATA ERASURE ON MAGNETIC STORAGE Mihăiţă IVAŞCU Metra, Bucharest, Romania Abstract: User data is left is left on the hard drives removed from computers and storage systems, creating a data security vulnerability that many users are unaware of. This is mostly due the fact that normal “delete” or “format” commands leave data intact on a user computer. The cardinal rule of computer storage design has been to protect user data at all costs. Disk drives supply primary mass storage for computer systems designed to prevent accidental erasure of data. Techniques such as “recycle” folders and “unerase” commands are common ways that operating systems try to prevent accidental sanitization of user data. Deletion of file pointers is standard to speeds data writing, because actual overwriting of file data is far slower. These measures taken to protect and speed access to user data can make that data vulnerable to recovery by unauthorized persons. There is an urgent need for a capability to reliably erase data and prevent access to data from retired computer hard disk drives for security and privacy reasons. Data sanitization needs arise differently depending upon user application. The current work presents standards for data erasure, most important methods of data sanitization of hard disk drives and presents how a customized method of data erasure can be implemented. Keywords: recycle, data sanitization, recovery, security vulnerability 1. INTRODUCTION 2. COMPLETE ERASURE OF USER DATA When a computer is lost or disposed of, active and discarded data typically remains 2.1 Known methods of “deleting” data.
    [Show full text]
  • A Study of Hard Drive Forensics on Consumers' Pcs: Data
    A Study of Hard Drive Forensics on Consumers’ PCs: Data Recovery and Exploitation B. Dawn Medlin Appalachian State University Joseph A. Cazier Appalachian State University One of the first actions to take when getting rid of an old personal computer is to remove all of the files that contain identifying and personal information. Individuals can be surprisingly negligent in this effort. Many individuals may also believe that by simply moving their files to the recycle bin and then emptying that bin that all of their programs and files are permanently erased. If personal information is not totally deleted, acts of identity theft can easily occur. Our research study identified the types of information found and/or recovered from hard disk drives on computers that have been donated to charity, sold second-hand, or otherwise donated to other organizations for reuse. Of the fifty-five hard drives studied approximately 300,000 files contained identifiable information. Results showed the need for further training in relation to total file erasure from a hard drive as well as the negative results such as identity theft that can occur due to this lack of training or knowledge. INTRODUCTION Wiping a computer clean is not as easy as it may appear. Just deleting the personal files and emptying the recycle bin is essentially next to useless. The delete function only removes file names from a directory list and makes the sectors the files occupy on the hard drive available for future use. Meanwhile, these files actually continue to exist. To positively prevent data from recovery, disks can be removed from disk drives and broken up, or even ground to microscopic pieces.
    [Show full text]
  • Bitraser for File User Guide for Version 4
    BitRaser for File User Guide for Version 4 Legal Notices | About Stellar | Contact Us 1. General Information 1.1. About BitRaser for File BitRaser for File is a complete solution to maintain your computer privacy by erasing worthless yet sensitive information from your computer. Erased data is beyond recovery. BitRaser for File can be used to erase files/folders, Unused space, and System traces. BitRaser for File erases files & folders completely from hard drive. You can select multiple files/folders at a time for erasure. Once files / folders from the Drive are erased using BitRaser for File no one will ever be able to recover that data. The software allows you to generate and save the certificate for the successful erasure process. In addition, it can erase unused space completely such that all traces of previously stored data will be completely removed. When you delete data from hard drive, the data content is not deleted entirely, instead the space occupied by the data is marked as unused space and the new data is written on that unused space. BitRaser for File also erases all the system traces. Operating systems store records of all activities such as browsing Internet and opening documents constantly. In addition, deleted or formatted data leaves traces on hard drive. Data recovery software use these traces to recover data, making the hard drive inefficient. Extremely secure algorithms which confirm to the US Government DoD standards are used to ensure permanent data deletion. BitRaser for File can use any of the algorithms for erasure process. The software is menu driven, simple to use with an intuitive interface, and requires no prior technical skill.
    [Show full text]
  • Secure File Deletion: Going, Going, Gone
    Volume 111 April, 2016 Secure File Deletion: Going, Going, Gone ... You Hope! Inkscape Tutorial: How To Create Melted Text Testimonial: I Always Stay Close To PCLinuxOS Inkscape Tutorial: Easy Patterns Using The Stamping Tool PCLinuxOS Magazine And more insPaidge 1... In This Issue ... 3 Welcome From The Chief Editor 5 Inkscape Tutorial: Easy Patterns Using The Stamping Tool The PCLinuxOS name, logo and colors are the trademark of Texstar. 6 Screenshot Showcase The PCLinuxOS Magazine is a monthly online publication containing PCLinuxOS-related materials. It is published 7 Game Zone: American Truck Simulator primarily for members of the PCLinuxOS community. The magazine staff is comprised of volunteers from the 9 Screenshot Showcase PCLinuxOS community. 10 Secure File Deletion: Going, Going, Gone ... You Hope! Visit us online at http://www.pclosmag.com This release was made possible by the following volunteers: 24 Screenshot Showcase Chief Editor: Paul Arnote (parnote) Assistant Editor: Meemaw 25 PCLinuxOS Recipe Corner: Slow Cooker Cheesy Mexican Chicken Artwork: ms_meme, Meemaw Magazine Layout: Paul Arnote, Meemaw, ms_meme 26 ms_meme's Nook: Putting On The Ritz With PCLinuxOS HTML Layout: YouCanToo Staff: 28 PCLinuxOS Family Member Spotlight: Bill Grubbs ms_meme loudog Meemaw YouCanToo 29 Screenshot Showcase Gary L. Ratliff, Sr. Pete Kelly Daniel Meiß-Wilhelm Antonis Komis daiashi Khadis Thok 30 Inkscape Tutorial: How To Create Melted Text Alessandro Ebersol Smileeb 31 Playing Eldevin In PCLinuxOS Contributors: everstart mr-roboto 33 Tip Top Tips: Changing The GRUB Menu For ANY PCLinuxOS Media 34 Screenshot Showcase The PCLinuxOS Magazine is released under the Creative 35 Testimonial: I Always Stay Close To PCLinuxOS Commons Attribution-NonCommercial-Share-Alike 3.0 Unported license.
    [Show full text]
  • Super Shredder Software Free Download
    Super shredder software free download Super File Shredder, free and safe download. Super File Shredder latest version: Permanently remove files and folders Software is certified for Windows7. File Shredder is free desktop application for shredding (destroying) unwanted it free under GNU licence and you are welcome to download File Shredder and. Here are reviews of the very best free file shredder software programs, software tools you can use to completely erase files on Securely File Shredder Review & Free Download BitKiller is a super simple portable file shredder program. From File Shredder: File Shredder is free desktop application to securely shred files and folders on computer. Files deleted with File Shredder. File Shredder is FREE file and document shredding & destruction software to it for free under GNU license and you are welcome to download File Shredder. KakaSoft introduces Super File Shredder, a cutting-edge security tool for your PC. It is easy to retrieve important files using specialized file recovery software. Delete Files Permanently using free File Shredder software for Windows 10/8/7 The operation is super quick and once initiated, cannot be canceled. which you can download for free, you can overwrite the contents of free. Delete any file pernamently and securely with this free file shredder. Download it and wipe any sensitive personal data quickly. A number of files can be deleted at one go with this free software. Even the content is Recycle. Download reliable Windows file shredder and Windows data eraser to securely and Free download Windows file shredder/data eraser eraser is DoYourData Super Eraser, one of the most powerful data erasure software.
    [Show full text]
  • Eraser File Shredder Download Eraser for Windows
    eraser file shredder download Eraser for Windows. Eraser is an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. When you delete a file, the operating system does not really remove the file from the disk; it only removes the reference of the file from the file system table. The file remains on the disk until another file is created over it, and even after that, it might be possible to recover data by studying the magnetic fields on the disk platter surface. There are several problems in secure file removal, mostly caused by the use of write cache, construction of the hard disk and the use of data encoding. These problems have been taken into consideration when Eraser was designed, and because of this intuitive design and a simple user interface, you can safely and easily erase private data from your hard drive. Products. NordVPN – Protect yourself and your data online. Securely access apps, websites, entertainment, and more. Secure Internet, Ultra-fast connection, Strict no-logs policy, Uninterrupted Streaming, Privacy on the go, VPN servers everywhere, Multiple devices, Protect your data non-stop, Your personal IP, Mask your IP, P2P Welcome, Double protection, Use with ease, Onion over VPN, Block malware and ads, Browser Extensions, No data leaks, Worldwide access, Support 24/7. FROM €5.84/Month. ExpressVPN defeats content restrictions and censorship to deliver unlimited access to video, music, social media, and more, from anywhere in the world. ExpressVPN hides your IP address and encrypts your network data so no one can see what you’re doing.
    [Show full text]
  • Recommendation on Data Sanitisation and Data Medium Destruction Techniques
    Data Protection Authority Recommendation on data sanitisation and data medium destruction techniques Information media erasure and destruction guide | Version 1.01 - 23/03/2021 1 1 WARNING: This document is intended to provide additional explanation to the rules in force and does not exempt the controller from its obligations and responsibilities under the GDPR and other applicable texts. Considering its requirements and the risk analysis that it carries out or plans, it shall use one or the other tool and method, given in particular the evolution of knowledge and technologies. The different tools and brands cited in this document are cited for the sole purpose of providing examples. The Authority makes no representation as to their compliance with the GDPR and other regulations or as to their quality and performance. Information media erasure and destruction guide | Version 1.01 - 23/03/2021 2 2 TABLE OF CONTENTS Summary ............................................................................................................................................................................. 6 1. Introduction ..................................................................................................................................... 7 Limitations ................................................................................................................................................................... 9 Target audience.....................................................................................................................................................
    [Show full text]
  • Securing Data with Hard Disk Shredding
    International Journal of Computer Science and Electronics Engineering (IJCSEE) Volume 1, Issue 3 (2013) ISSN 2320-401X; EISSN 2320-4028 Securing Data With Hard Disk Shredding *Siti Hajar Nasaruddin, Johana Yusof and Nur Hasni Nasrudin Abstract— The purpose of this paper is to develop a securing Many companies have adopted the hard disk shredder data with hybrid security shredding concept. This paper is based on a approach for deleting the data and completely protecting the study that review the mechanism apply in securing data using hard data. The research covers approach to prevent from data theft disk data shredder, erasing data standard methods and data wiping by irresponsible party, the software was planned to algorithms for real time based software. It was found that there are incorporate with external encryption program, method to several shredding methods that can be implemented to ensure high blocking the laptop usage from been used by unauthorized security of data. Nevertheless, this method required long processing time, and not suitable for developing real time based software. party and mechanism used to offer high data security by Hybrid hard disk shredding can be used to overcome this situation, wiping the hard disk after meets certain criteria. This process that include data securely delete and cannot be recovered. This paper made to secure the confidential and private data of an is limited to securing the data after shredding concept. Further study individual and organization as well. may combine other methods and hard disk shredding concept to provide high security of data. Three algorithms of securing data may II.
    [Show full text]
  • Data Sanitization Framework for Computer Hard Disk Drive: a Case Study in Malaysia
    (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 10, No. 11, 2019 Data Sanitization Framework for Computer Hard Disk Drive: A Case Study in Malaysia 1 Nooreen Ashilla Binti Yusof , Siti Norul Huda Binti Mohamad Firham Efendy bin Md Senan3 2 5 Sheikh Abdullah , Monaliza Binti Sahri Nor Zarina binti Zainal Abidin4 Center for Cyber Security, Faculty of Information Science and Digital Forensic Department, CyberSecurity Malaysia Technology, Universiti Kebangsaan Malaysia Level 5, Tower 1, Menara Cyber Axis, Jalan Impact 43600 Bangi, Selangor, Malaysia 63000 Cyberjaya, Selangor, Malaysia Abstract—In digital forensics field, data wiping is considered from hard disk drive that can be referred online. Hence, this one of the anti-forensics’ technique. On the other perspective, paper introduces the data sanitization process including data wiping or data sanitization is the technique used to ensure verification process to dispose the data from the hard disk that the deleted data are unable to be accessed by any drive. unauthorized person. This paper introduces a process for data sanitization from computer hard disk drive. The process was The number of overwrite pass becomes an issue to proposed and tested using commercial data sanitization tools. researchers as some of them said single pass overwrite is Multiple testing has been conducted at accredited digital forensic sufficient [6] to delete the data in the hard disk drive. In fact, laboratory of CyberSecurity Malaysia. The data sanitization the overwriting method proposed by NIST 800-88 to dispose process was performed using overwritten method provided by of the data from the hard disk drive is simply to perform at state-of-the-art data sanitization tools.
    [Show full text]
  • Karelia University of Applied Sciences Test Entity For
    KARELIA UNIVERSITY OF APPLIED SCIENCES Degree Program in Information and Communication Technology Pekka Kinnunen TEST ENTITY FOR MICROSOFT RESILIENT FILESYSTEM Thesis October 2019 THESIS October 2019 Degree Program in Information and Communication Technology Karjalankatu 3 80200 JOENSUU FINLAND + 358 13 260 600 Author (s) Pekka Kinnunen Title Test Entity for Microsoft Resilient Filesystem Commissioned by Blancco Technology Group IP Oy Abstract The purpose of this thesis was to test Microsoft’s latest filesystem called Resilient Filesystem (ReFS) that was originally developed to replace current filesystem that is widely in use – NTFS. Since the new filesystem is not used by as many people as NTFS, there is a lot less information about it. The focus is on testing if there are any issues that are caused by the wide variety of features this new filesystem has. Theory portion focuses on the importance of secure data erasure, in other words, why is it important to make sure data is completely gone from hard drives, what does it entail and what kind of standards there are in data sanitization. It will also mention how EU GDPR relates to data erasure Results on the defined scenarios showed that some caution should be exercised when dealing with ReFS. There are some features that makes data erasure a bit more difficult, but not impossible. This thesis resulted in meaningful data for the stakeholders and great experience for the person conducting the tests. Language Pages 51 Appendices 1 English Pages of Appendices 1 Keywords secure data erasure, data sanitization, ReFS, data recovery 3 Contents 1 Introduction .................................................................................................... 5 2 Importance of secure data erasure ...............................................................
    [Show full text]
  • DATA RECOVERY Daniel Boulos & Nicholas Zemljic
    DATA RECOVERY Daniel Boulos & Nicholas Zemljic WHAT IS DATA RECOVERY? Data recovery is the process of retrieving data from a storage medium that, for some reason, cannot be accessed normally. This process may be used to recover data from a variety of storage media, such as: hard disk drives, solid-state drives, other flash storage (such as USB drives, SD cards), or other disk storage (such as CDs, DVDs). The damage that causes data to be lost typically falls into one of two categories: physical damage (where the hardware is damaged or is malfunctioning), or logical damage (where part of the software and/or file system prevents the data from being accessed by the host operating system.) We’ll discuss these different types of storage damage in greater depth a bit later. The term “data recovery” can also be organized into two different contexts: personal data recovery, and forensic data recovery. Personal data recovery is what we normally associate with this topic. It simply refers to the retrieval of data that has been involuntarily lost or made inaccessible due to, for example, damaged storage media. By contrast, forensic data recovery often deals with retrieving data that has been purposely encrypted or hidden to prevent others (such as forensic investigators) from accessing the data. While some of the content this presentation will apply to both contexts of the term, will focus primarily on the more common (and applicable) topic of personal data recovery. COMMON SCENARIOS Here, we’ve included some common scenarios where data recovery procedures would be necessary: There has been an operating system failure or some critical operating system files have been damaged, causing the device to not be able to boot up properly.
    [Show full text]