Data Recovery: Major Disaster or Minor Loss?

“If mission critical data is lost, then call in a pro. Finagling with missing or damaged files can render them irrecoverable.”

Everyone has lost a document or probably will encounter someone who will try to “lose” a piece of evidence. On the innocent side, the computer could “freeze,” lose power, be hit by a hurricane, or data can be accidentally deleted. On the nefarious side an opponent may try to bury a smoking gun. What is not generally known is that loss or destruction can be remedied. The key is having the right tools, software, and expertise to recover the wayward data. This month we will cover the basics of data recovery.

First Issue: Where Do The Lost Files Go?

Most people believe the deletion is tantamount to destruction. Actually if piece of data is viewed as a page in a book, deletion is not analogous to running the page through a shredder. The better view is that deletion is like removing the entry from the book’s table of contents, while leaving the pages of information. The only things erased are a few characters of information that point to where the actual document is located. In time, the section of the hard drive will be overwritten, but in the short run, its still there.

In Technospeak: “The pointer, along with other pointers for every folder and file on the hard drive, is saved in a section near the beginning of the hard drive and is used by the operating system to create the directory tree structure. By erasing the pointer file, the actual file becomes invisible to the operating system, even though it is still there until the file system reuses the space.” Source: Ontrack Data.

Second Issue: How Do We Bring Them Back?

Initially the expert must find the original table of contents so we can find where and whether the actual files still exist. A technologist can rebuild the table of contents and bring the missing information back from the dark side. By deleting the entries in the table of contents, the computer allows data to be written where the deleted data used to reside. The files must be recovered before they are overwritten.

In Geekspeak: ”Every operating system has a file system, which is a unique method of indexing and keeping track of the files. Unfortunately for those that lose data, file systems can be very complex, which is why it can be so difficult to locate missing files. For instance, file systems that are used in business environments require security details and access transaction details. A good example is a transaction-based or journaling file system, whose goal is to log when each file is accessed, modified or saved – making the file system more complicated and harder to rebuild. . . . Recovery engineers are internally trained to work on data recovery, working with computer hardware for a number of years
and learning the low-level specifics of every type of file system.” Source: Ontrack Data.

Lost Files, Data Recovery

Lost Files

Third Issue: Should the Recovery be Outsourced?

From the legal perspective, it may be important to preserve a chain of custody and to have a witness who can testify about the methods used to retrieve the wayward file. From a cost perspective the file may only need to be retrieved from a the computer’s trash can (Macintosh) or recycling bin (Windows). There are also over-the-counter file recovery software packages for the do-it-yourselfer.

Deleted files can be damaged on their journey to the hinterlands. Subsequently recovered files can be damaged or incomplete or in need of repair. Here is where the pros come in. The pro will use a two-step process consisting of diagnosis of the data loss followed by the repair and recovery of the information. Seldom do the experts work on the original data. They most always attempt to make a mirror image of the files and always work on a copy.

In New Speak: “During this stage, recovery engineers can determine if the drive requires special attention from the cleanroom, which is an ultra-clean environment used when working with microscopic components. The cleanroom will work at an electronic and mechanical level to get the drive operational. This can include anything from physically cleaning the disk platters so they can spin properly to swapping out electrical components to power up the drive . . . . After the drive is operational and a copy of the drive can be made, data recovery engineers work to repair the file structures and produce a complete file listing that shows all of the files and directories on the volume. This file listing will also tell the customer if there are holes (or Input/Output errors) within the file itself. The final phase is the recovery phase. The goal of this phase is to copy out the data and backup that data on media that the customer requires. Source: Ontrack Data

In Technospeak, Geekspeak, or Newspeak, the message is the same: If mission critical data is lost, then call in a pro. Finagling with missing or damaged files can render them irrecoverable.

Open WiFi Port Gets A Visit From Feds

cybercrime, Child Porn, Computer Investigations, computer forensic, child pornography, Child Porn Defense Attorneys

Cybercrime, Child Porn, Computer Investigations

Wi Fi Bust

Florida Computer Crime Defense Attorney / Lawyer notes a Florida guy got a visit from the Feds, after a long distance wireless antenna was used to access his network on the 12th Floor of a Tampa Bay area condominium. The guy the Feds eventually busted was on a boat in the bay and was eventually indicted.

This Tampa Bay story has become national news. 

Call me Toll Free 1-877-793-9290 if you or a loved one have questions.

Computer Search Warrants

Computer Search Warrants,

Computer Search Warrants

“Government cannot rely on the Fourth Amendment’s plain-view doctrine in cases where the investigators rely on the intermingling of computerized records”

Computer Search Warrants

Tampa Criminal Defense Attorney reports severe limits in  Computer Search Warrants and Searches – Another court has laid out detailed procedures for issuance and execution of search warrants for computers that contain files outside the scope of a search warrant. The court ruled that the Government cannot rely on the Fourth Amendment’s plain-view doctrine in cases where the investigators rely on the intermingling of computerized records to justify a broad seizure and examination of electronically stored records. United States v.Comprehensive Drug Testing Inc., 9th Cir.(en banc), No. 05-10067 (8/26/09).


The court states, “The process of segregating electronic data that is seizable from that which is not must not become a vehicle for the government to gain access to data which it has no probable cause to collect.” The plain-view doctrine is an issue courts have been struggling with.

Detailed procedures for searches of computer electronic data:

1. The government must not rely on the plain view doctrine in digital evidence cases.
2. Search must be either done by specialized personnel with a procedure to prevent disclosure investigators of information that is not the target of the warrant.

3. The government’s search method must be designed to uncover only the information for which it has probable cause.

When Computers Land in Court, We Can Help – Tell Me Your Story Toll Free  – 1-877-793-9290.


RIAA Explains How to Catch Alleged Music Pirates

cybercrime, RIAA, computer forensic, Recording Industry Association of America

Recording Industry Association of America

“Using public databases, Media Sentry then locates the name of the Internet-service provider and determines which traders are located at colleges or universities.”

RIAA Recording Industry Association of America and Limewire

The RIAA Recording Industry Association of America used the same file-sharing software that online pirates use, an RIAA representative said during a private demonstration of how it caught alleged music pirates.

The RIAA uses LimeWire.The RIAA has a list of songs owned by the RIAA’s members. Media Sentry, runs copies of the LimeWire program and performs searches for those copyrighted song titles, to see if any are being offered by people whose computers are connected to the LimeWire network. The software lists IP address of active file sharers. The names of the people associated with particular IP addresses are not public, it is easy to find out which IP addresses are registered to each Internet-service provider. Using public databases, Media Sentry then locates the name of the Internet-service provider and determines which traders are located at colleges or universities.

Internet Computer Lawyer Tampa Florida

Ratings and Reviews

Board Certified Criminal Trial Lawyer
Google +