Sometimes, no matter how good your preparations are, you’ll fall victim to an attack or a virus and lose vital information.
If you have lost data from e-security break-ins, hacking attacks, failed backups, virus problems or a disgruntled member of staff removing data, Auckland-based Brian Eardley-Wilmot may be able to help.
Last year, Computerworld commissioned Eardley-Wilmot’s firm, Computer Forensics, to perform data-recovery techniques on old PCs bought at an auction to demonstrate the security issues raised by data not being completely deleted. The experiment uncovered correspondence involving former Prime Minister Jenny Shipley and WINZ chief executive designate Christine Rankin.
Eardley-Wilmot says as long as the hard drive has no severe physical damage, there is a 98% chance of data recovery, even if a disk has been formatted or overwritten with a different operating system.
Computer Forensics, also known as CFNZ, has since launched a service to effectively wipe data from drives, saying even it cannot recover the data afterwards.
Eardley-Wilmot, a former Apple and Microsoft licensee, founded CFNZ primarily to act as a paralegal resource for civil litigation, particularly during the “discovery” and “interrogatory” phases.
Data recovery is never actually performed on the hard disk that contains the required data as any further booting up or file activity on the disk will only make the recovery job harder. Instead copies of the disks are made by CFNZ so it can try to extract data.
Eardley-Wilmot says his firm looks at what files an individual is likely to have created, when they could have been made and where they are likely to be. Then, it assumes the writer will have done their best to delete the files. “We don’t look for the files that are there, but for files that aren’t there. We look at the unallocated cluster and slack space. We search for text fragments we believe would be useful,” he says.
For example, if a client is looking for data “stolen” by someone setting up a rival company, CFNZ can assess what words and phrases and Word and Excel documents to seek. “We then endeavour to piece back the information and end up with a full file,” he says.
“There are temporary files and systems files being written during the creation of that document. When we close down, that document is told to delete them but it doesn’t. It just closes down the reference to them in the file allocation table.”
There maybe 20 to 30 such files and since hard drives have so much storage space, it is unlikely they will be overwritten.
CFNZ supplied three customer references, but none for using his services to recover from virus or hack attacks, as “no one would admit to a security breach”.
Power problems damaged a computer at Auckland-based PGR Helicorp, the Southern Hemisphere’s only helicopter manufacturer, and thousands of photos were lost. CFNZ were called in and over Christmas recovered “every bit” of what was lost, says Helicorp managing director Trevor Rogers.
Myles Deighton, team leader of Compaq Care in Auckland, and Guy Lincoln, IT systems administrator of CDL Hospitality Services, both lost data which was able to be recovered by CFNZ.