| In
This Issue:
 Computer Forensics and Data Recovery: The
Vital Links
In
most computer forensic investigations, creating a mirror
image of the media is often the first step in the
process. In some cases, however, the computer forensic
expert cannot image the media because of hardware
failure or data loss. Data loss occurs for several
reasons. Based on a study by Kroll Ontrack, the most
common causes of data loss include:
Hardware or System Malfunction
|
78
percent
|
| Human Error |
11
percent
|
| Software Corruption or Program Malfunction
|
7
percent
|
| Computer Viruses |
2
percent
|
| Natural Disasters |
1
percent
|
| Other |
1
percent |
It
is quickly becoming mainstream knowledge that data
recovery experts can recover data that an average person
would think is no longer available. Slamming a drive
(sometimes still in the PC or laptop) onto a concrete
floor, setting the drive on fire, submerging it in water
(or other liquids) and more does not stop most data
recovery experts! In one case, a perpetrator squirted
barbeque lighter fluid into the cooling slots of a PC
case and then ignited the fumes. They fried the PC, but
the data was still recoverable.
Data
recovery is a complimentary, but not identical, skill
set to computer forensics. Kroll Ontrack is the leader
in data recovery – bringing back data from media that
have suffered all kinds of abuse. Kroll Ontrack
maintains special “clean room” facilities in which
engineers can disassemble a drive to diagnose and
remediate problems. Where circuit boards or cable
connectors have been damaged or destroyed, our engineers
can often transplant replacement parts into the drive to
make it readable again.
Many
public and private sector organizations equipped to
perform computer forensics turn to Kroll Ontrack to
assist them when data recovery is needed. We can conduct
the data recovery under careful chain-of-custody
guidelines, and are even equipped to process drives
containing U.S. government classified information. Our
processing facilities have been honored with two
Cogswell Awards from the U.S. Department of Defense for
excellence in security over classified
materials.
If
you discover that the drive where the “smoking gun”
email is contained is literally smoking, consider
working with our data recovery labs to enable you to get
to the data and perform a successful computer forensics
investigation.
For
more information on Kroll Ontrack’s “Understanding Data
Loss” study, see http://www.ontrack.com/datarecovery/dataloss.asp#Hardware.
The People Who Make It
Happen at Kroll Ontrack:
Jennifer Knutsen, Computer
Forensics Process Manager
Jennifer Knutsen is a seven-year veteran with
Kroll Ontrack in Eden Prairie, Minnesota. Jen’s focus in
her role as Computer Forensics Process Manager involves
supervision and training of the Computer Forensics
Project Managers, as well as coordination and training
for Computer Forensic Engineers. She devotes substantial
energy to making sure our technical and project
management people understand the best-of-breed forensic
procedures, processes and methods.
Jen
began her Kroll Ontrack career in the Data Recovery
Department’s Inbound Sales unit, and transferred into
Computer Forensics when her interest in the science was
sparked by her work in data recovery projects that were
related to investigative or litigation matters. She has
served as the Project Manager for hundreds of recovery
and forensic cases, and has become a popular speaker in
the field of computer forensics.
Jen
has said, “Computer forensics is incredibly exciting and
challenging. It is a field that is relatively new to the
marketplace and to the courts, and involves educating
our clients on a technical level. Because sifting
through data stored in electronic form can be a daunting
and complex task, it is incredibly important to work
with our customers to ‘uncover’ the information that is
most relevant to the issues they are
pursuing.”
Notes From the Forensic
Lab: What’s In a Name?
URL naming conventions were designed to
provide both subject matter and geographic information
to Internet users. For example, the original aim was
that commercial organizations would be registered as
“.com” URLs, with not-for-profits in “.org” and
Internet-related organizations using “.net” addresses.
In addition, two-character country codes were allocated
to countries across the globe.
Clearly, we know that just because an
address ends in a “.com” does not mean that the
organization owning the name (or the server handling it)
resides in the United States. Often less realized is
that the two-character country codes are not a guarantee
of location either. This is true for two reasons. First,
some countries actively market their Web addresses for
certain professions. For example, the pacific island
nation of Tuvalu (which separated from the neighboring
Gilbert Islands and gained independence in 1978) was
given the Internet country code of “.tv”. Recognizing
the value of that code, in 2000 the Tuvalu government
negotiated a license leasing the “.tv” code to a
registrar company. The former Warsaw Pact state of
Moldova has also gained revenue through licensing of its
Web abbreviation, “.md”, to Web sites relating to the
health sciences.
This became important in a recent Kroll
Ontrack case. A European client of a European-based law
firm had licensed their technology to a Venezuelan
company, for use only within Venezuela. When they
checked, the Venezuelan licensee was set up with a Web
site ending in “.vz”, which is the Internet top level
domain code for Venezuela. But the client had heard
rumors that the licensee was in breach of the agreement,
and asked us to check on the actual location of the Web
site. We determined that although the registration for
the URL had been made in Venezuela, the servers running
the site and using the licensed technology were not in
Venezuela. Rather, they were located in northern New
Jersey. We conducted a brief computer forensics
investigation and were able to provide a complete,
detailed, and documented report to our
client.
Kroll Ontrack News and
Events:
Learn more about electronic discovery
and computer forensics at the following presentations:
Visit our Upcoming Events section at http://www.krollontrack.com/upcomingevents/
to learn about these presentations and more.
Kroll Ontrack Requests
Your Input
If
you have a legal or technology issue that you would like
to see addressed in this newsletter, or if you are aware
of a case, statute, or local rule addressing e-evidence,
please contact us at: electronicdiscovery@krollontrack.com.
We look forward to hearing from you!
Our
legal consultants, project managers, and technology
experts strive to stay on top of e-discovery law. If you
are aware of any additional local court rules or new
cases in this area of the law, please do not hesitate to
contact us by writing to abrill@krollontrack.com.
For
more information about electronic discovery and computer
forensics services, contact Kroll Ontrack at
1-800-347-6105 or www.krollontrack.com.
| 
