Download presentation
Presentation is loading. Please wait.
Published byArabella Nash Modified over 9 years ago
1
Data Deletion and Recovery
2
Data Deletion What does data deletion mean in your own words?
3
Data erasing - a method of overwriting the data on a hard disk or other digital device. Data Deletion There are different levels of deletion, ranging from pressing the delete button or sticking something in the recycle bin to physically destroying the disk.
4
Example 1 McDonald’s wants to throw out an old register hard drive, so they decide that all they have to do is throw everything into the recycle bin on it and click delete. Is this a true way to delete data (and a secure way), or can someone get the hard drive and get the data back? Data Deletion
5
Example 2 Best Buy wants to throw out some old hard drives of their own, so they decide to step it up a notch. They don’t use the recycle bin and the delete button, rather they decide that they will just change all the 1s to 0s and 0s to 1s. Is this a true way to delete data (and secure way), or can someone get data from it? Data Deletion
6
Example 3 Microsoft wants to throw out some hard drives themselves, so they decide that instead of the previous methods, they will do a full disk overwrite. Is this a true way to delete data (and secure way)? Data Deletion
7
Example 4 The DOD wants to get rid of some hard drives, so it takes it one step further. After doing all the wipes like Microsoft, they damage the disc in some way to make it totally unrecoverable. For example, they may take the discs to a high powered magnet or just simply take a powered screwdriver to it and put holes in it. Is this a true way to delete data (and secure way)? Data Deletion
8
Data Deletion Activity For this activity, let’s explore the different ways to delete data. You can do this by yourself or in groups. Create 3 different text files, and add 1-2 sentences in each. Name each one differently. After you have saved each file, delete each one in one of the 3 ways: Delete it with the delete button Stick it in the recycle bin and empty it Use a program to ‘secure’ delete it Data Deletion
9
Data Recovery Data recovery - the process of getting data back from damaged, corrupted, deleted, or inaccessible storage devices. Places it’s used/needed: Deleted data, both accidental and inteninal Disc failure or computer failure Power failure causes data corruption
10
Data Recovery Data recovery is used in computer forensics to find data for police, government agencies, etc. to find evidence from perpetrators Data recovery is used to help normal people who have computer problems and lose data that they need for work or even personal use.
11
Data Recovery Example 1 In the case of McDonald’s from above, all you have to do is use software to restore the pointers to the data, and presto, access to those credit cards and other company info that they thought they deleted.
12
Example 2 In the case of Best Buy, you can use software to recover the data, although not all software will do it. You might also have to know the order that they zeroed out and one’d out the hard drive. Data Recovery
13
Example 3 In Microsoft’s case, you might not be able to recover the data. There might be a program out there that can do it, but depending on how many times Microsoft did their scrubbing over the data, and how complex they made it, it could be impossible to recover the data. Good job Microsoft!
14
Data Recovery Example 4 In the DOD’s case, recovery is impossible. Not only did they scrub it, they also took it the extra mile and physically destroyed the disc to make sure you couldn’t recover any data from it.
15
Data Recovery Example 5 – recovery software example For this example, we will do a step by step through a program called autopsy on kali linux 1. To start things off, let’s open up a puppy linux vm and delete some data (we’ll make 3 files, and delete them in 3 ways, one by just pressing delete after it’s been saved, one by sending it to the recycle bin and then emptying the recycle bin, and one by using a program on the OS called shred).
16
Data Recovery Before we continue, we must allow the vm access to the flash drive, follow these steps (after shutting down all vms): a) connect the USB drive and get to the settings for your Virtual Machine (remember that you cannot access these settings with the VM it running) Atapi-6 bridge). You'll see that the information below is populated. Leave remote to NO and CLICK OK. I left "Enable 2.0 support" checked also. c) boot the VM. After everything is up just unplug and replug the device and VB will grab it before OS X does.
17
Data Recovery 2. Ok, now that we’ve deleted all 3, let’s make a backup of this vm so that we can recover the data. First we’ll need to shut down the vm, then we’ll open it back up with a live cd of kali to back up the vm so as to have a copy to recover from. (Since we shut down the device to get the flash drive to connect, we should be good.)
18
Data Recovery 3. Now that we have our backup, let’s boot up into kali and start the recovery process. Once kali has booted up, go to Applications -> Kali Linux -> Forensics - > Digital Forensics -> autopsy. After clicking that, a terminal window pops up. Right click the link in there, and tell it to open link, which opens a browser with the program running. Next, follow the steps on this website to create a new case: http://digital- forensics.sans.org/blog/2009/05/11/a-step-by-step-introduction-to-using- the-autopsy-forensic-browserhttp://digital- forensics.sans.org/blog/2009/05/11/a-step-by-step-introduction-to-using- the-autopsy-forensic-browser
19
Data Recovery Group Data Recovery Activity Ok, now that we’ve had a step by step on how to do autopsy, let’s get your groups to recover the data you deleted earlier. Going through the steps from the example, back up the puppy linux vm, then open a case in autopsy and see if you can recover the data. List which of the 3 you can get and which you can’t. After all groups are done, we’ll discuss which we could get and which we couldn’t get.
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.