Today wrapped up with a talk on recovering data from solid state hard drives by [Scott Moulton]. The talk focused on the differences in data storage between SSD and platter technology. I did come away with a few interesting bits of knowledge. In an effort to extend device life, flash based drives store changed data to a new location, leaving the old data intact until a garbage removal subroutine gets around to clearing it out. Probably the best way to recover data from them will be altering or replacing the controller chip so you can access old data.
Yesterday I caught an interesting talk on recovering passwords from drive images by [David Smith]. He found that he could take a system image, strip out all the strings that were stored by various programs and use them to build a dictionary of possible passwords. By limiting string lengths and matching for known password policies, he was able to further filter his dictionary for likely passwords.
Searching a HDD for passwords and seed words for dictionary-bruteforce hybrid attacks is how a lot of forensics is done on recovering data, and isn’t a very new tactic. But, I was shocked to find out that flash drive info was as recoverable as it was; I’ve heard of people using them for swap partitions because it’s “safer”.
-wolfmankurd
I’m kind of wondering what the picture of the glasses are…. are they displays? Or just something really geeky looking? I’ve seen displays like that in glasses, but those look awesome!
I second that. I’m more interested in the goggles.
This one:
PEAP: Pwned Extensible Authentication Protocol
Josh Wright and Brad Antoniewicz
looks pretty interesting to. I envy thee, at the Shmoo of cons…
The goggles look like single LED brazing/welding goggle mods probably for a brain machine.
http://www.makezine.com/10/brainwave/
If not a brain machine, it’s a hilarious extension of his activity lights.
If not a brain machine, it’s a hilarious extension of his activity lights.