Yes, it’s all going down in Capital Hill right now with families of the Sandy Hook victims pressing senators for tougher gun measures. Regardless of this outcome, the tragedy of the Sandy Hook Elementary School points to a very disturbing trend in that today’s criminals may be becoming all too aware of the digital footprints they leave behind. Case in point, the perpetrator (no, I won’t add to his celebrity by mentioning his name) who took meticulous steps to erase his digital history. He removed the hard drive from his computer and smashed it in with either a hammer or a screwdriver. Sound a little primitive?
And while this primitive yet highly effective art of taking a hammer to a hard drive could work, I believe it points to an increasingly informed population of ways to permanently destroy data. How did the perpetrator know of this method? Was it the abundance of blogs and other information readily available on the Internet? One thing is clear, the perpetrator was intent on covering his tracks and destroying any evidence that may lead investigators to a motive. All is not lost though and given the multiple devices that we generate data from today, a hard drive isn’t the only key to the puzzle. Many of us tend to forget that the vast quantity of data tracks we create are via some cloud platform or multiple devices connected via the Internet. Whether it’s text messages, e-mails, chats or search history, everything has some sort of repository in an invisible cloud we tend to overlook. The FBI is yet to provide additional details on this front but I’m all ears when they do!
Of course, we here at Kroll Ontrack live by the “nothing is unrecoverable” mantra. Yes, we’ve seen some pretty bizarre and extreme instances of hard drives damaged by floods, fires, and even a melted disk drive from the space shuttle Columbia, which was destroyed in 2003. Whether or not a hard drive can be salvaged depends on the extent of damage to what are called “platters,” the small discs where the data is stored. If the perpetrator was meticulous enough to ensure that all the platters were thoroughly destroyed, data recovery just got a little tougher. But then you also have tablets or smartphones the perpetrator likely owned that operate at a different level. You then have an option to gain access to contacts, calendar information, text messages, pictures, location history, and browsing history.
And this begs the question of whether today’s users truly understand all the data they are truly creating? We don’t live in a “single point of failure” world anymore and cheaper/robust storage platforms have made it all so easy to create dual points for data. Of course, we’re not all aware of these points because our sole purpose is to keep creating data! We take Facebook, Gmail, LinkedIn all for granted because it’s not our headache as to where the information we feed to it is stored. Perhaps the notion of this invisible cloud did not occur to the perpetrator while the hard drive was being thoroughly smashed. Is it possible the perpetrator created a digital footprint by default and didn’t realize it?