News Stay informed about the latest enterprise technology news and product updates.

Destroying that disk isn’t always enough

This morning at the CSI 2007 security conference in Arlington, Va., attendees got some insight into the future of criminal investigations in the cyber world from Jim Christy, director of futures exploration at the Defense Cyber Crime Center (DC3).

Specifically, he was there to discuss the “power and real-world challenges of digital forensics and e-discovery today.” He also spent some time talking about the National Repository for Digital Forensics, which DC3 is developing with Oklahoma State University.

But what seemed to interest the audience most was his tale about how, during a murder investigation, he and his partners were able to extract damning evidence from the pieces of a shredded disk that they managed to piece back together with tape. The data outlined how a man had upped his wife’s insurance policy and then had her murdered.

But as he told his tale, I couldn’t help but think of the advice we’ve heard about how one way to keep sensitive data out of malicious hands is to destroy the disks and other storage devices where its kept. Misplacing or forgetting about storage tools that are no longer needed by their owners is one way the bad guys have come across data they could sell on the black market or commit other kinds of fraud.

Destroy the disk and the crook can’t extract the data, the advice goes.

But as Christy’s tale points out, sometimes juicy data can be extracted even if the storage device housing it has been shredded, smashed or crushed.

Granted, Christy’s team had to go through an enormous amount of trouble to retrieve the information and they were motivated by the need to catch a killer. But with so much money to be made off stolen data these days, I think it’s plausible that organized criminal outfits will resort to hiring hotshots capable of similar data retrieval tactics.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Actually I think you are over-dramatizing Christy's work. He took something broken into pieces - this is not the same level of consistency as shredding. So i think unfortunately your conclusion is a bit blurry because there is a difference between ripping a disk and putting a platter on a lathe...