JDFSL
Mission
Audience
Editorial
Publisher
Subscriptions
Call for Papers
CFP: Special Issue
Author Instructions
Issues 2008
Issues 2007
Issues 2006

 

    

The 2006 Analysis of Information
Remaining on Disks Offered for Sale
on the Second Hand Market

 

Andy Jones
Security Research Center, British Telecommunications
and Edith Cowan University

andrew.28.jones@bt.com

Phone: +44 1473 646133

Fax: +44 1473 644385

 

Craig Valli
Edith Cowan University

 

Iain Sutherland
University of Glamorgan

 

Paula Thomas
University of Glamorgan

 

ABSTRACT

 

All organisations, whether in the public or private sector, use computers for the storage and processing of information relating to their business or services, their employees and their customers. A large proportion of families and individuals in their homes now also use personal computers and, both intentionally and inadvertently, often store on those computers personal information. It is clear that most organisations and individuals continue to be unaware of the information that may be stored on the hard disks that the computers contain, and have not considered what may happen to the information after the disposal of the equipment.

 

In 2005, joint research was carried out by the University of Glamorgan in Wales and Edith Cowan University in Australia to determine whether second hand computer disks that were purchased from a number of sources still contained any information or whether the information had been effectively erased. The research revealed that, for the majority of the disks that were examined, the information had not been effectively removed and as a result, both organisations and individuals were potentially exposed to a range of potential crimes.  It is worthy of note that in the disposal of this equipment, the organisations involved had failed to meet their statutory, regulatory and legal obligations.

 

This paper describes a second research project that was carried out in 2006 which repeated the research carried out the previous year and also extended the scope of the research to include additional countries.  The methodology used was the same as that in the previous year and the disks that were used for the research were again supplied blind by a third party. The research involved the forensic imaging of the disks which was followed by an analysis of the disks to determine what information remained and whether it could be easily recovered using publicly available tools and techniques.

 

Keywords:  Computer forensics, disk analysis, data recovery, data disposal
 

 

  
 
   

Copyright © 2006 Association of Digital Forensics, Security and Law (ADFSL)