Hacklog Volume 1 Anonymity: it security & Ethical Hacking Handbook

parts: perhaps, the only real way to proceed is “marinating” the disk in seawater

Download 2,32 Mb.

Pdf ko'rish

bet	45/57
Sana	01.01.2022
Hajmi	2,32 Mb.
	#289651

1 ... 41 42 43 44 45 46 47 48 ... 57

Bog'liq
Hacklog Volume 1 Anonymity IT Security Ethical Hacking Handbook

parts: perhaps, the only real way to proceed is “marinating” the disk in seawater
for several days. Once dried up, the evaporated water will leave small parts of
salt, metals, silicon and other agents on the electronics. This way, once the drive
is powered on, damage should occur, compromising the magnetic disk.
However, an experienced company in the industry will replace the whole disk
electronics (only keeping memories) at ease, neutralizing such risk.
Chemical corrosion
Applies to: Mechanical HDDs, SSDs, USB memories, SD units, CDs/DVDs
Once again, I recommend you to be very careful, especially if you are unfamiliar
with this process. You should perform this operation on an opened disk, namely
you should remove all the covers on the memories or, in case of a mechanical
disk, the storage disks. The most common solution is using hydrochloric acid (or
muriatic acid), one of the most corrosive fluids in the world (did I already
suggest you to be careful?); you can buy it at any convenience store or hardware
shop in solutions varying from 30 to 37% in concentration. Nitric acid seems to
be another good solution, although it’s harder to find (however you can find it in
concentrations up to 65% at any hardware shop): furthermore, mixing it with
hydrochloric acid in a 1:3 ratio, you can obtain the world-famous white spirit,
which dissolves the most durable metals, like gold and platinum. Anyway, you
should pour the acid into a heat resistant plastic container – due to the chemical
reaction – and use a sufficient quantity to fully sink the entire disk (possibly
allowing a tolerance of a couple of mm, just for safety) for a hour or two. Pay
extra attention to your hands and clothes, and never look directly without
protections, don’t breathe the exhalations and don’t close the container for any
reason (it may explode!).

8. Data Recovery
Now it’s time to verify if the applied methods actually make storage
illegible. Please keep in mind that Forensic Search is a very complex
professional field, therefore we’ll only introduce the basics, as we don’t mean to
provide an advanced course about this topic.
8.1 Post-Mortem Forensics
For most of the forensic search operations, the working environment must be
as aseptic as possible, without any program that may alter the Operating System
nature, once launched. For example, a programmer – even a beginner – may
create a simple script to encrypt/decrypt/hide/move/delete a file in the drive,
hiding it from the operator and the program. You can even build a background
tool to recognize and block/deceive a program after a disk scan. Now, a forensic
researcher should have some safety copies in place – in order to prevent any
incident – as well as the right tools to do the job with any risk of compromising
the system. For this reason, you should use a Live Operating System containing
the computer search tools; as we will go through the document, we’ll use a distro
containing some tools that you can also install in your Operating System. This
kind of research is known as post-mortem forensics.
8.1.1 Which OS for P.M. Forensics?
First of all, we can identify two types of Operating Systems:
•Rescue Kit OSs
•Forensics OSs
The former are specifically developed for data recovery (together with

Download 2,32 Mb.

Do'stlaringiz bilan baham:

1 ... 41 42 43 44 45 46 47 48 ... 57