for later interpretation by computer experts
The summary describes a tool that will also interpret the evidence found.
What COFEE will do for you is to gather volatile information on life windows systems like running processes, open network connections, system date and time, RAM contents etc. The disk contents are not acquired as they will supposedly remain as they are.
In contrast to this the tool the summary mentions should not acquire any evidence but instead search through existing evidence and interpret it, like searching through your harddrive for keywords on a bad word list or searching for hashes of known kiddypr0n etc.
There is a big difference there:
If Microsoft's tool is the equivalent of a toolkit designed to help a cop take a sample of your blood for later testing of anything illegal in your blood that will not be there anymore several hours later when a doctor will do the same, the tool described in the summary is the equivalent of a tool designed to tell the cop if there is anything illegal in your blood without acquiring the blood for later analysis by an expert.
Although this is quite a bad analogy as the device in my analogy might well be technically feasibly. Let's instead consider the following analogy:
Instead of using a camera in order to take pictures of a suspected crime scene they want to use a device similar to a camera that instead of acquiring evidence from suspected crime scenes will allow a cop to look through it at any scene in order to see if a crime has happened at all.
Imagine a cop on the open street looking through a camera at you and then getting arrested because the camera told him that you somehow supposedly committed a crime.
Also, there seem to be many other youtube videos about data recovery there as well.
Quoted from here:
Spinrite is not data recovery software. I get many questions about why I left off Spinrite on my recommendations of recovery software. I specifically leave off Spinrite because under the strictest terms it is not data recovery software. Almost every single data recovery package knows, and will warn you not to write the data back to the original source drive. Data Recovery/Forensics software almost always recover from a source to a destination. Spinrite does not do that, it refreshes the surface and controls reads to get the maximum amount of data from the sectors and then puts it back down on the same drive.
I think it does quite a few things very well and it does an excellent job at reporting and reading the SMART info and refreshing the surface of the hard drive. However, I would like to first try to get the data from the drive before scanning it and trying to rebuild sectors. There are many reasons for this, but the most important one being that the drive can die in the process of running Spinrite. It is possible to do more damage to the drive by doing excessive read and writes. There are times that you only get once [sic] good chance at data and if you use a tool that just goes in and surgically removes the data you want BEFORE doing the scan you will be a lot safer.
If I was going to use Spinrite, I would get everything I could off the drive to another destination first and then use Spinrite to try to get anything I could not repair (although I never have to with the tools I use). Another horrific story I have seen with drives sent to me, is that if Spinrite it runs successfully, people are under the impression that the drive is repaired and is usable again and continue to use it. Big mistake and it usually dies again shortly. On a Windows Hard Drive I would try NTFSExplorer/FatExplorer first in the hopes of doing a surgical recovery as oppose to spending days rewriting sectors in the hopes that my drive can live though it as Spinrite does. But for $80 it is well worth the attempt if you are going to do nothing else. Good Luck.
Oct 6, 2008 11:26 PM ~ Scott A. Moulton
Also, you can find some very interesting papers/presentations/videos here.
Quoted from here:
Spinrite is not data recovery software. I get many questions about why I left off Spinrite on my recommendations of recovery software. I specifically leave off Spinrite because under the strictest terms it is not data recovery software. Almost every single data recovery package knows, and will warn you not to write the data back to the original source drive. Data Recovery/Forensics software almost always recover from a source to a destination. Spinrite does not do that, it refreshes the surface and controls reads to get the maximum amount of data from the sectors and then puts it back down on the same drive.
I think it does quite a few things very well and it does an excellent job at reporting and reading the SMART info and refreshing the surface of the hard drive. However, I would like to first try to get the data from the drive before scanning it and trying to rebuild sectors. There are many reasons for this, but the most important one being that the drive can die in the process of running Spinrite. It is possible to do more damage to the drive by doing excessive read and writes. There are times that you only get once good chance at data and if you use a tool that just goes in and surgically removes the data you want BEFORE doing the scan you will be a lot safer.
If I was going to use Spinrite, I would get everything I could off the drive to another destination first and then use Spinrite to try to get anything I could not repair (although I never have to with the tools I use). Another horrific story I have seen with drives sent to me, is that if Spinrite it runs successfully, people are under the impression that the drive is repaired and is usable again and continue to use it. Big mistake and it usually dies again shortly. On a Windows Hard Drive I would try NTFSExplorer/FatExplorer first in the hopes of doing a surgical recovery as oppose to spending days rewriting sectors in the hopes that my drive can live though it as Spinrite does. But for $80 it is well worth the attempt if you are going to do nothing else. Good Luck.
Oct 6, 2008 11:26 PM
Also, you can find some very interesting papers/presentations/videos here.
I am referring to a blog entry from Scott A. Moulton who is a forensic and data recovery expert and currently teaches the SANS 606: Drive and Data Recovery Forensics course.
Spinrite is not data recovery software. I get many questions about why I left off Spinrite on my recommendations of recovery software. I specifically leave off Spinrite because under the strictest terms it is not data recovery software. Almost every single data recovery package knows, and will warn you not to write the data back to the original source drive. Data Recovery/Forensics software almost always recover from a source to a destination. Spinrite does not do that, it refreshes the surface and controls reads to get the maximum amount of data from the sectors and then puts it back down on the same drive.
I think it does quite a few things very well and it does an excellent job at reporting and reading the SMART info and refreshing the surface of the hard drive. However, I would like to first try to get the data from the drive before scanning it and trying to rebuild sectors. There are many reasons for this, but the most important one being that the drive can die in the process of running Spinrite. It is possible to do more damage to the drive by doing excessive read and writes. There are times that you only get once good chance at data and if you use a tool that just goes in and surgically removes the data you want BEFORE doing the scan you will be a lot safer.
If I was going to use Spinrite, I would get everything I could off the drive to another destination first and then use Spinrite to try to get anything I could not repair (although I never have to with the tools I use). Another horrific story I have seen with drives sent to me, is that if Spinrite it runs successfully, people are under the impression that the drive is repaired and is usable again and continue to use it. Big mistake and it usually dies again shortly. On a Windows Hard Drive I would try NTFSExplorer/FatExplorer first in the hopes of doing a surgical recovery as oppose to spending days rewriting sectors in the hopes that my drive can live though it as Spinrite does. But for $80 it is well worth the attempt if you are going to do nothing else. Good Luck.
Oct 6, 2008 11:26 PM
Also, you can find some very interesting papers here.
One thing that nobody seems to have mentioned yet is freezer trick. If the drive is just not spinning anymore (and you do not hear a click of death), just throw your drive in a ziplock bag into the freezer for a couple of hours. Often times it will then run long enough to make a bit-to-bit (dd) copy as others already mentioned.
The Enterprise does not move without actually moving but the Futurama spaceship does.
As far as I can remember (and I read the Enterprise technical manual over 15 years ago), the warp gondola create a field in which space-time is bended and thus much smaller. So, this vastly decreases the length of the space surrounded by the enterprise and thus it can fly through the shortened space with "normal" means in much less time, therefore creating the possibility to travel faster than light: light has to travel the "long way", outside of the shortened space whereas the enterprise can take "the shortcut" while traveling with nearly light speed, thereby going faster than light.
Why this will never work IRL is left as an exercise to the reader. (Hint: even in a shortened space-time, a mile is still a mile and a second is still a second when measured from within that space)
Now, the Futurama spaceship in contrast works by moving the universe aroud itself. Way cooler, isn't it?
FYI, they also happen to have a Disaster and Emergency AlertMap.
They also have a Disaster and Emergency AlertMap.
Choose for your self.
Why the hell are quotations not shown in the preview line of comments?
That having said, please excuse the reply to my own posting.
If user education was going to work, it would have worked by now.
~ Anti-virus researcher Vesselin Bontchev
The correct solution to limiting power is to require openness, not to limit their tools. We already place enormous trust in them by allowing them to have guns, make arrests, etc. Adding a DNA database adds little to these already scary powers. Which is why we need to be able to watch what they do and make sure it doesn't get out of hand. Current lack of openness in the government is by far the most serious problem right now (in the US, I can't speak for your country).
I can consent that argumentation. Now, as you pointed out, we currently lack that openness in the government that could prevent power abuses - therefore I do not like the idea of putting even more power in their hands, especially if it is a power that every dictator has wet dreams about.
Those in power have time and time again shown that they are more than willing to exchange the peoples rights against their personal power. PATRIOT Act, European Cybercrime Convention, Data retention laws, G.W.Bushs torture approvals, idiotic TSA measures like no-flight lists and tha ban of liquids on planes, ubiquitous survaillance, domestic spying,
Apart from that, even if you had a perfectly open government there still would be no guarantee that a populist like another Adolf Hitler would get empowered by the people and either withdraw that openness or even start killing millions of people with the consent of the majority of the people! (especially in economically tough times and when under appropriate "guidance" of the mass media and a ministry of propaganda, probably in a strongly regulated information society)
Now, apart from that I worry about the power of the government. You might assume that the government and its institutions like the police or the FBI, CIA, NSA, etc. always play fair and nice. However, I find this to be a very big assumption. On the one hand side, power corrupts. Those in power are always tempted to abuse that power in order to stay in power or increase their power. On the other hand, there were things like NAZI-germany and the DDR with its Stasi in the recent history in my vicinity. And I would like to reserve the possibility to fight such institutions, should one spontanously form in my country. You know, like, the only thing that we have learned from history is that it repeats iteself.
Now, I can imagine taking part in a meeting of political dissidents and being detained shortly after because a Stasi-like organisation found the place of the meeting, found DNA evidence of my activites and subsequently ordered my detention.
There are more arguments against this but I have to go now, maybe I will try to convince you later on... (e.g. the right to bear arms in order to protect or fight against a government gone cracy is moot if you have a global DNA database which lets the government prevent that organized resitance could ever form)
The best book on programming for the layman is "Alice in Wonderland"; but that's because it's the best book on anything for the layman.
