Process Monitor: Matching Wireshark and Procmon Traces (by Paul Offord)
LMTV Interview | DC Palter of Apposite Technologies

What is DELETED, LOST, and UNRECOVERABLE? (by Casey Mullis)

In todays world we throw words around like they have no meaning. Then when we need them to have value, no one listens because they have been taught words are meaningless. In this world we put more value on how we can twist words and ideas.

DELETED means no longer showed to you.

LOST means we do not want to look.

UNRECOVERABLE means we are not willing to do our jobs.

Power-of-words

This article is not in anger but frustration with the landscape of technology. We have heard many things out of politicians in this country and seen very little action by the same. You are thinking this is a technology site and we assure you this article, is about just that.

Lets talk about emails and how they are there one day and gone the next. Lois Lerner’s emails went missing due to a hard drive crash or failure. This is what we the common folks are told. Think about a hard drive and it’s parts. It has in most cases 2 to 3 platters located inside with heads or needles attached to some magnets for control. We are not going to go in to technical terms here but feel free to Google any words we use in their context to find the true definition if you wish.

Delete-files

We are lead to believe that the Government IT made every attempt to recover her emails. Is this true? I think it depends on whom you ask and whom you are willing to believe at this point in time. We know through our knowledge, training, and experience that even dead hard drives can be recovered as we do it all the time in criminal cases. Even hard drives that we never seen before like this here “Never Give Up While Freedom Is On The Line!

There are companies who specifically specialize in recovering dead or crashed hard drive data. We have used them before and $1500.00 later we have some if not all data from the dead hard drive. We have had the chance to recover data from a dead or clicking hard drive.

Hard_drive_inside_416x286

Your options are as follows depending on the hard drive and what it is doing.

Try pulling the drive and connecting to another machine with a write blocker for data protection.

Try replacing the motherboard on the bottom of the hard drive.

Try pulling the platters out of the bad drive and putting them in a good drive.

Try recovering from the mail server.

Try recovering from the unallocated space on mail server. (Very Good Option!)

Try pulling from the other suspect machines that emails were sent to or from.

Try contacting the hard drive manufacturer for help with repairing the hard drive. (Yes, this will work)

The unallocated space on the mail server is a very good option. Even if the database is deleted on a regular bases, the chances the old gets over written by the new is very slim. Even in a case of an iPhone, they were able to recover images from a 16 GB iPhone that was deleted 4 years prior to getting the iPhone (News Story Here). Watching the media and Congress make this slowly look like an accident is very frustrating to most who have a general understanding of data and how it is handled.

When you DELETE a file from a storage media, it does not mean it was erased. What happened to the data is the pointer to that file or data is removed. The computer is told that this space is open for data when needed. In todays world and large storage media the chances of it being over written is very slim. Even a bad or corrupted microSD card can be recovered as in this one here. “How Long Does It Take?

There is another term used called “Slack Space”. Where this space comes from is when a file is put in to the unallocated space that once was used by the prior data. The new data does not take up all the space leaving what is known as “Slack Space”. The files can still be recovered and rebuilt from this area.

The chances Lois Lerner’s computer and the six others listed in the investigation, hard drives crashing at the same time are highly improbable. The chances that they were intentionally deleted, highly probable.

The right questions have to be asked to the right people. If you bring in a 50+ year old General and ask him “How this stuff works? If Eric Snowden was right?” Of course you will get the answer “I (Underline “I”) know of no way.” He is not lying, technically. His job is not to know that stuff but to manage the ones who do.

Where are Lois Lerner emails? She knows and the ones who are paid to find them know. How big is their “Want To”? If it were anyone else, those emails would be found but We The People are expected to believe they are gone. If they are then this means someone broke the law. I ask that they do not pay a fine to themselves with our tax money. Please quit wasting our time and money.

The IRS has paid a 50K fine already and this hurts them how? It is our money, not theirs. They will just procure more funds to beat us over the head with.

Please get some impartial third party up there to look for these emails with no strings attached. If you hire them, then tell them they can only look here, here, and here but not where they need to look; then what is the point?

Moral of the story is data is data and not ever truly deleted, lost, or unrecoverable. I know some of you out there are saying “What about a DOD Wipe, also known as Government Wipe?” I tell you now even in that case depending on the case; it can be recovered. The chances of anyone spending the money it would take to zoom in that far to read each 0 and 1 to find it, is slim to none.

There are many issues in today’s world and technology. We implement it before thinking of the end out come. We make laws the same way and not all laws apply to all people.

Thank you for stopping by and we look forward to hearing back from each one of you. Have a great day!

 

Casey

Author - Emory Mullis has been in Law Enforcement for roughly 19 years including military and civilian law enforcement. He started learning about computers back when Gateway 266 MHz was the top of the line and cost about $2000.00.Right out the box, I was compelled to take my new found 266 apart. Why I have no idea other than pure curiosity. Once I had the computer out the box and on the floor in pieces, my wife walked in. Trust me people; this was not a good thing! Either way I got a good understanding at this point on how a computer is put together and / or the components inside. This was my starting point with computers and I still hear my wife in the back ground “It better work when you put it back together!” That was my humble beginnings as a Cyber Investigator. Now with many Cyber cases under my belt, I have learned that you must question, challenge and test almost daily to keep up with all the new tools, software, computers and cell phone formats to be able to forensically acquire evidence and it is a real challenge. I enjoy the challenge and look forward to learning more every day!

Comments