ShmooCon 2008: Hard drive highlights
posted Feb 16th 2008 6:45pm by Will O'Brienfiled under: cons
Today wrapped up with a talk on recovering data from solid state hard drives by [Scott Moulton]. The talk focused on the differences in data storage between SSD and platter technology. I did come away with a few interesting bits of knowledge. In an effort to extend device life, flash based drives store changed data to a new location, leaving the old data intact until a garbage removal subroutine gets around to clearing it out. Probably the best way to recover data from them will be altering or replacing the controller chip so you can access old data.
Yesterday I caught an interesting talk on recovering passwords from drive images by [David Smith]. He found that he could take a system image, strip out all the strings that were stored by various programs and use them to build a dictionary of possible passwords. By limiting string lengths and matching for known password policies, he was able to further filter his dictionary for likely passwords.
Searching a HDD for passwords and seed words for dictionary-bruteforce hybrid attacks is how a lot of forensics is done on recovering data, and isn’t a very new tactic. But, I was shocked to find out that flash drive info was as recoverable as it was; I’ve heard of people using them for swap partitions because it’s “safer”.
-wolfmankurd
Posted at 7:31 pm on Feb 16th, 2008 by Ali Raheem