Analysis of Data Recovered from Computer Disks released for Resale by Organisations

ABSTRACT

Public and private sector organisations frequently use computer storage media to hold information relating to their business or services, their employees and customers. Private individuals make use of personal computers in their home and frequently store personal information relating to both themselves and their families.  This raises questions about privacy and the need to dispose of data thoroughly and securely. Most organisations and individuals are probably blissfully unaware of what actually happens to the storage media in the form of the hard disk drives that are fitted into the computers, after they have disposed of old equipment.

In this paper we describe research in which a number of hard disks were taken from computers after they had been released for resale.  The disks that were used for the experiment were supplied blind by a third party. The research that was undertaken involved an analysis of the disks in order to determine exactly what information (if any) remained on them in a form that could be easily recovered using commonly available tools and techniques. From this analysis, a number of disks could be traced to specific organisations, including a number of academic institutes and a number of both large and small businesses.  In addition to these, a number of computers that appear to have been used in the home environment were also identified. Typically, the type of information that was recovered related to the operating system, documents containing business related and personal information including sensitive business plans, electronic mail messages, the web history, and personal data held by businesses. The results indicate that the careless disposal of computer storage media in the UK is a significant problem. Very few of the disks investigated had undergone a thorough or efficient cleansing process. There are obvious implications for privacy, for data protection issues and corporate governance.  The level of information that could be recovered from the majority of the disks tested would have proved useful for corporate espionage, identity theft, and background intelligence for computer hackers. 


AUTHORS

BT Security Research Centre, United Kingdom, Adjunct Professor, Edith Cowan University
Australia

Dr. Andrew Jones. During a full military career Andy directed both Intelligence and Security operations and briefed the results at the highest level, and was awarded the MBE for his service in Northern Ireland. After 25 years service with the British Army's Intelligence Corps he became a business manager and a researcher and analyst in the area of Information Warfare and computer crime at a defence research establishment. In September 2002, on completion of a paper on a method for the metrication of the threats to information systems, he left the defence environment to take up a post as a principal lecturer at the University of Glamorgan in the subjects of Network Security and Computer Crime and as a researcher on the Threats to Information Systems and Computer Forensics.

At the University he developed and managed a well equipped Computer Forensics Laboratory and took the lead on a large number of computer investigations and data recovery tasks. In January 2005, he joined the Security Research Centre at British Telecommunications where he is currently the head of information security research. He is the author of five books on the topics of Information warfare, information security and digital forensics, and holds a Ph.D. in the area of threats to information systems. Andy is Adjunct Professor in the School of Computer and Information Science at Edith Cowan University and part of the SECAU Security Research Centre.

School of Computing, University of Glamorgan
Ireland

Vivienne Mee attained a B.Sc. in Commercial Programming from Dundalk Institute of Technology, Ireland, in 2002. She then continued her studies at the University of Glamorgan where she graduated in 2003 with a M.Sc. in Information Security and Computer Crime. Vivienne is now currently in her second year of a PhD in the Computer Forensic area. She has presented papers at many conferences and published peer-reviewed papers also in the Computer forensics area. Her research interests are in all aspects of the Computer Forensics field.

School of Computing, University of Glamorgan
Ireland

School of Computer Science, University of Wales, Swansea
UK

Joanna Gooch graduated from Swansea University in 2001 with a BSc in Computer Science. Since then she has been researching for her Ph.D in the field of Knowledge-Based Network File Systems.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

P

PDA

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com