Yottabytes: Storage and Disaster Recovery

Dec 20 2012   7:59PM GMT

Lanza’s Hard Drive Next Focus in Sandy Hook School Shooting



Posted by: Sharon Fisher
Tags:
backup
data storage
government
law enforcement
recovery
solid-state
ssd

It shouldn’t be any surprise in this incident, about which nothing makes any sense, but it isn’t clear what the status is of Adam Lanza’s computer hard drive, which was smashed/damaged/destroyed by a hammer/screwdriver/sharp object that left data on it irretrievable/able to be recovered, according to which publication you read and which data forensics expert they consulted.

Here’s a breakdown of the issues involved.

Was the disk drive solid-state or traditional spinning disk?  There has been increasing use of solid-state drives in computers, either due to interest in improved performance or in reaction to last year’s Thai flooding, which damaged a number of hard disk manufacturing plants and made spinning disk storage more scarce and expensive.

What’s the difference? While both kinds of drive are susceptible to damage — as anyone who’s lost a drive by dropping it knows — solid-state drives are even more susceptible to damage.

“Many SSD hard drive failures are in fact unrecoverable,” writes The Inquisitor. “If the remapping tables that keep track of data in memory cells get trashed the data is effectively randomized and mixed up with data blocks which were marked as corrupted and unusable even before the SSD failed. Many SSD models also come with internal encryption that will make the lives of data forensics experts difficult.”

If it was a spinning disk, how was it damaged? For the sake of argument, though, let’s assume it’s a traditional spinning disk drive. Then the question becomes, how was it damaged? Neither reporters nor crime investigators are necessarily computer experts, and the descriptions of the damage have been vague — they don’t even specify whether Lanza had a desktop or a laptop.

Some reports indicate that Lanza removed the hard drive from the computer before damaging it, which would make it more likely that the drive itself would actually have sustained damage.

But because the platters in the hard drives that hold data are so sensitive, manufacturers tend to do what they can to protect them. Consequently, depending on how the hard drive was damaged, the platters inside could have been anything from undamaged to shattered.

How could the data be retrieved from the damaged hard drive? There are all sorts of third-party data recovery services, and chances are the FBI — which has plenty of forensics chops itself — is talking to all of them about the best way to retrieve data from whatever remains of the platters, as well as, more than likely, the manufacturer of the drive itself. Even if the platters were shattered, they could conceivably be reassembled and at least partially read.

“The level of detail they can rip out of systems these days seems incomprehensible to most people,” Rob Lee, a forensic specialist who has examined computers seized from terrorists for the U.S. intelligence community, told the Washington Post, which wrote in detail about the various ways data could be recovered. Even data from the crashed space shuttle Columbia was nearly 100% recoverable, the article noted.

Is the data available anywhere else? Even if all the data on the drive itself is irretrievable, it might be available else, ranging from a backup, to a synchronization service such as Dropbox, to obtaining copies of data and other information from sources such as Lanza’s Internet service provider, email services such as Google, or his online gaming records.

“Many e-mail providers, such as Yahoo and Google, store data on their servers for a period of time, meaning that police might be able to subpoena Lanza’s provider for access to whatever data they have,” writes the Christian Science Monitor. “Google also stores information about users’ searches and other online activity indefinitely, although it anonymizes IP addresses after 9 months, making it impossible to tell what a given user was doing online prior to that time.”

While there has been increasing concern from civil liberties organizations about the amount of information that services collect and to which law enforcement organizations have access, in this particular case, it may be our best hope in trying to make some sort of sense of this tragedy.

What it takes is enough motivation and the right equipment — and the F.B.I. has both, writes Popular Mechanics

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: