This morning at the CSI 2007 security conference in Arlington, Va., attendees got some insight into the future of criminal investigations in the cyber world from Jim Christy, director of futures exploration at the Defense Cyber Crime Center (DC3).
Specifically, he was there to discuss the “power and real-world challenges of digital forensics and e-discovery today.” He also spent some time talking about the National Repository for Digital Forensics, which DC3 is developing with Oklahoma State University.
But what seemed to interest the audience most was his tale about how, during a murder investigation, he and his partners were able to extract damning evidence from the pieces of a shredded disk that they managed to piece back together with tape. The data outlined how a man had upped his wife’s insurance policy and then had her murdered.
But as he told his tale, I couldn’t help but think of the advice we’ve heard about how one way to keep sensitive data out of malicious hands is to destroy the disks and other storage devices where its kept. Misplacing or forgetting about storage tools that are no longer needed by their owners is one way the bad guys have come across data they could sell on the black market or commit other kinds of fraud.
Destroy the disk and the crook can’t extract the data, the advice goes.
But as Christy’s tale points out, sometimes juicy data can be extracted even if the storage device housing it has been shredded, smashed or crushed.
Granted, Christy’s team had to go through an enormous amount of trouble to retrieve the information and they were motivated by the need to catch a killer. But with so much money to be made off stolen data these days, I think it’s plausible that organized criminal outfits will resort to hiring hotshots capable of similar data retrieval tactics.