How Do FBI or You to Recover the Deleted Data on Computer

What you do on your computer stays on your computer.


That may seem obvious, but a document in a new FBI terrorism case provides fascinating reminders of just how much information government agents can mine from your computer and other electronics, revealing cyber secrets you thought you’d long ago deleted.


Jamshid Muhtorov is a refugee from Uzbekistan who was living in Aurora, Colo., until his arrest on Jan. 21. The FBI began investigating Muhtorov last year for his support of the Islamic Jihad Union. The group is designated a foreign terrorist organization by the U.S. government and has claimed responsibility for multiple attacks on coalition forces in Afghanistan.


Muhtorov allegedly pledged money and his allegiance to the IJU, emailing a representative of the group that he was “ready for any task, even with the risk of dying,” according to the criminal complaint. He was taken into custody at Chicago’s O’Hare airport just before catching a flight out of the country.


In an affidavit, FBI Special Agent Donald Hale noted that Muhtorov communicated with associates using two email addresses, an Android Blackberry smart phone and a Sony Vaio laptop computer that Hale suggested could yield a bounty of information.



When “Delete” Does Not Mean Delete


“Computer files or remnants of such files can be recovered months or even years after they have been downloaded onto a storage medium, deleted, or viewed via the Internet,” Hale wrote in the affidavit. “Even when files have been deleted, they can be recovered months or years later using forensic tools.”


Hale explained that when a person deletes a file on a computer, the data doesn’t actually disappear, but remains on the hard drive until it gets overwritten by new data. The computer’s operating system may also keep records of deleted files in something called a “swap” or “file rescue”.


A computer’s internal hard drive can keep records of how it was used, who used it, and when, Hale wrote. This digital evidence can point to information that once lived on a hard drive or memory stick, but was later altered or deleted. For example, agents might even be able to see where an incriminating paragraph was erased from a word processing document.


“Computer users typically do not erase or delete this evidence, because special software is typically required for that task,” agent Hale wrote.


The trail doesn’t end there. Web browsers, email and chat programs can reveal online nicknames and passwords. The computer can also tell investigators when a memory stick or external hard drive was connected, and how and in what sequence files were created.


Analyzing all that electronic evidence, Hale wrote, takes “considerable time.”


That work gets done at one of 16 computer forensics laboratories around the country run by the FBI, in partnership with 130 state and local law enforcement agencies. The first Regional Computer Forensics Laboratory, as they are officially called, was established in San Diego in 1999.


Agents who first obtain court approved search warrants can scour cell phones, cameras, GPS units, tablet computers and more for information that can make or break an investigation.



Digital Detectives


“The analysis could directly implicate or eliminate the suspect based on the information recovered, or serve as corroboration or contradiction to a suspect or witnesses statement,” said FBI Supervisory Special Agent Sean O’Brien, director of the Rocky Mountain Regional Computer Forensics Lab in Centennial, Colorado.


In the 2010 fiscal year, the regional laboratories conducted 6,564 examinations of everything from hard drives and cell phones to floppy disks and VHS videotapes. During that time examiners combed through 3,086 terabytes of data. (For comparison, just one terabyte is equal to about 1,000 gigabytes.)The digital deluge can be overwhelming.


“The sheer volume of information investigators request to be analyzed exceeds the capacity of forensic examiners available to analyze the data in the laboratory,” O’Brien told ABC News.


When two Roy, Utah, teenagers were arrested last week for allegedly plotting an attack on their high school, their computers were sent to be analyzed at the lab in Salt Lake City, according to FBI spokesperson Deborah Bertram.


The Rocky Mountain Regional Computer Forensics Lab played a key role during the 2009 investigation of Najibullah Zazi, who later pleaded guilty in a plot to trigger bombs on New York City subway trains. Analysts searched for evidence on several computers, helped execute search warrants, and examined surveillance video that showed Zazi buying bomb making ingredients at a beauty supply store.


Feel the recovery seems very complicated? Maybe yes, maybe not. Why? Because the FBI’s method and technology is the secret for many normal users like you and I. But more articles on our official website will offer you the simple method to restore the so called “deleted data”, go and get more by clicking uFlysoft studio.

发表留言

秘密留言

自我介绍

StevenLee

Author:StevenLee
欢迎来到FC2博客!

最新文章
最新留言
最新引用
月份存档
类别
搜索栏
RSS链接
链接
加为博客好友

和此人成为博客好友