Bittwist Packet Generator Quickstart (Tony Fortunato)
LMTV Weekly Tech Forum (WTF) - January 22, 2014

How Long Does It Take? (by Casey Mullis)

We ask many questions that simply put, cannot be answered to everyone’s satisfaction. There just is no simple way to put it.

  1. If a tree falls in the forest and there is no one around to hear it; does it make a sound?
  2. What came first, the chicken or the egg?
  3. Why do people say heads up when you should duck?

This past week I was asked to recover data from a bad microSD card. My first question was “Is there a backup copy?” I cannot explain why I asked such a question sense they were asking me to recover the data from the card. Just one of them things I guess “Here’s my Sign!”

Micro_sd_card

The card was brought to me in an envelope. I was told that his wife has all their child’s photographs on this microSD card and she never backed it up. Once handed to me I was asked “How long do you think it will take?” I respond in kind “I have no clue, I may not recover anything but it will take time to try.”

This was a 16GB microSD card so the chance of large amounts of data is possible. The card was removed from an Android cell phone. When I connected the card to a computer the android file structure could be seen. When I attempted to image said card, it took 56 hours at 0.06 MB a second.

Once imaged, I attempted data recovery from the image. Even though it said it was a valid image, it was not. So do you give up and say, oh well data lost? Most might say “Yes” after spending that much time to image a microSD card. I try another tool that takes a day to process the card and I get a bunch of corrupt images. Man, now I am getting irritated. I come close to picking up the phone and calling my friend and telling him “Your wife should have backed up the card. You are S.O.L.!”

If I called and told my friend that the data was lost after all this time, I would have to admit defeat. This was not a choice for me! So I tried one more option and a few hours later, I had 7.8 GB of data recovered from this 16GB microSD card. I was able to recover hundreds if not thousands of baby pictures and videos.

If you asked me “How long does it take to bake a cake?” I could give you a rough estimate. When it comes to computer forensics and data recovery, I will tell you “It takes as long as it takes.” If you set a time limit to it, you very well may miss the data you are looking for.

The moral of the story is as follows:

  1. Take your time when doing data recovery or computer forensics
  2. If you are a client make sure that you understand what you are asking for
  3. If you allow one to rush you, you will miss the data you are looking for

How long does it take? No one can tell you if they are going to truly dig in to get what you are asking for. Why did it take me five days to recover my friend’s data? Who knows; why does it take hours to drive from Atlanta, GA to New York? It just does! If you rush either, you will get in trouble. I set out to help a friend and it was easy to say “Your data is lost.” If I did that then they would not have most if not all their photographs and videos back.

Thanks for stopping by and know anything worth doing is worth doing right.

 

6a00e008d957708834019b00f3241c970d

Author - Emory Mullis has been in Law Enforcement for roughly 19 years including military and civilian law enforcement. He started learning about computers back when Gateway 266 MHz was the top of the line and cost about $2000.00.Right out the box, I was compelled to take my new found 266 apart. Why I have no idea other than pure curiosity. Once I had the computer out the box and on the floor in pieces, my wife walked in. Trust me people; this was not a good thing! Either way I got a good understanding at this point on how a computer is put together and / or the components inside. This was my starting point with computers and I still hear my wife in the back ground “It better work when you put it back together!” That was my humble beginnings as a Cyber Investigator. Now with many Cyber cases under my belt, I have learned that you must question, challenge and test almost daily to keep up with all the new tools, software, computers and cell phone formats to be able to forensically acquire evidence and it is a real challenge. I enjoy the challenge and look forward to learning more every day!

Comments