ShmooCon 2008: Hard Drive Highlights

Today wrapped up with a talk on recovering data from solid state hard drives by [Scott Moulton]. The talk focused on the differences in data storage between SSD and platter technology. I did come away with a few interesting bits of knowledge. In an effort to extend device life, flash based drives store changed data to a new location, leaving the old data intact until a garbage removal subroutine gets around to clearing it out. Probably the best way to recover data from them will be altering or replacing the controller chip so you can access old data.

Yesterday I caught an interesting talk on recovering passwords from drive images by [David Smith]. He found that he could take a system image, strip out all the strings that were stored by various programs and use them to build a dictionary of possible passwords. By limiting string lengths and matching for known password policies, he was able to further filter his dictionary for likely passwords.

7 thoughts on “ShmooCon 2008: Hard Drive Highlights

  1. Searching a HDD for passwords and seed words for dictionary-bruteforce hybrid attacks is how a lot of forensics is done on recovering data, and isn’t a very new tactic. But, I was shocked to find out that flash drive info was as recoverable as it was; I’ve heard of people using them for swap partitions because it’s “safer”.


  2. I’m kind of wondering what the picture of the glasses are…. are they displays? Or just something really geeky looking? I’ve seen displays like that in glasses, but those look awesome!

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.