This question relates to the disposition of computers when upgrading or for
resale/donation.

If the computer was booted up the day before disposition and shut down
normally could data be recovered the next day from the RAM.
Same scenario, change the time period to one week?

3rd scenario, bootable desktop. AC is disconnected and the mainboard battery
is removed - what could be recovered from the RAM the next day?

btw I am not a student completing research, I am interested in the topic re
recycling of used computers.
If any of the group could provide information on textbooks or white papers
covering this topic it would be greatly appreciated.

Naturally I googled this topic before posting to the group.

someone2 wrote:

No, no & no. Google, how ram works.

--
Chris Salter

On Mon, 13 Jun 2005 12:14:01 -0400, "someone2"
<someone@somewhere.nowhere> wrote:

Assuming it isn't, I'd think you'd have to have some pretty smart
tools to recover what might left lurking there...and would anyone be
that interested?

The biggest risk by far is the hard drive - but there are plenty of
tools available for securely wiping the drive beyond the capabilities
of all but the most advanced recovery techniques....and if you feel
you're likely to come under such scrutiny then your best bet would be
to remove the drive and keep it/destroy it.

Regards,



--
Stephen Howard - Woodwind repairs & period restorations
www.shwoodwind.co.uk
Emails to: showard{whoisat}shwoodwind{dot}co{dot}uk

"Chris Salter" <chriss@hotmail.com> wrote in message
news:1118680211.2225.0@ersa.uk.clara.net...
Excellent suggestion, I should have thought of the "how stuff works"
website.
I should have also checked the sites of the major players in the RAM market.

I would still appreciate any hardcopy books I could reference (a newspaper
article this weekend printed a number of common misconceptions re data
recovery)

I can see the next input - I'll search the topic at Amazon and at least one
University library!

"Stephen Howard" <seesigfor@email.uk> wrote in message
news:74dra15ea908jjtb3in3u99gmhs4uip4o8@4ax.com...
Great response.
The published article in question is "Shreds of safety" published by the
"Cox news service" - they publish across the east coast of the US. I am not
sure if you would find an online copy -I have a hard copy on my desk.

In summary of the article basically they are indicating the only way to
ensure safety of data is via physical destruction of the mainboard and hard
drive.

Meanwhile there are many individuals and groups who could use the same
computers once they were sanitized and recycled.

My intention is to write a press release for public knowledge re the facts
of data recovery.

ie. One claim in the article by the owner of the shredding company re hdd
and data recovery

"If you're just overlaying data on top of data, a good hacker who has no
time limits can certainly figure out ways to unlayer the data"

I guess he's recovered data after only a 3 times over write of a hdd, let
alone a DoD wipe?

"someone2" <someone@somewhere.nowhere> wrote in
news:dhire.32692$iU.350@lakeread05:


Unless you fear recovery attempts by well-equipped labs run by TLAs,
you're safe. While the contents of RAM do tend tend to become "etched"
if the same area contains the same data for long periods (e.g., a
password that is always loaded early, is never moved or swapped out of
ram, and remains there all day, every day) the main ways of permanently
snapshoting ram include strong ionizing radiation or subjection to very
cold temperatures while it still contains data or very shortly after it
is powered off.

The buzzwords to look up on Google are "ram" and "remanence." You will
find many hits (even by Peter Guttman); I'll post one url (Peter's) to
get you started:

http://www.cypherpunks.to/~peter/usenix01.pdf

Regards,

someone2 wrote:
I vaguely remembered something about this from a few years ago.

Googling on "quantum data recovery DRAM" I found a paper by Gutmann,
http://wipe.sourceforge.net/secure_del.html

"Martin" <martin_nospam@btinternet.com> wrote in message
news:42adcd6a$0$22591$da0feed9@news.zen.co.uk...
Thank you for the references to Gutmann.
I have a link on my web site to an article he created re data recovery from
hard disk drive platters.

"someone2" <someone@somewhere.nowhere> wrote in
news:dhire.32692$iU.350@lakeread05:

Unless you fear recovery attempts by well-equipped labs run by TLAs,
you're safe. While the contents of RAM do tend tend to become "etched"
if the same area contains the same data for long periods (e.g., a
password that is always loaded early, is never moved or swapped out of
ram, and remains there all day, every day) the main ways of permanently
snapshoting ram include strong ionizing radiation or subjection to very
cold temperatures while it still contains data or very shortly after it
is powered off.

The buzzwords to look up on Google are "ram" and "remanence." You will
find many hits (even by Peter Guttman); I'll post one url (Peter's) to
get you started:

http://www.cypherpunks.to/~peter/usenix01.pdf

Regards,

"someone2" <someone@somewhere.nowhere> wrote in
news:dhire.32692$iU.350@lakeread05:

you're safe. While the contents of RAM do tend tend to become "etched"
if the same area contains the same data for long periods (e.g., a
password that is always loaded early, is never moved or swapped out of
ram, and remains there all day, every day) the main ways of permanently
snapshoting ram include strong ionizing radiation or subjection to very
cold temperatures while it still contains data or very shortly after it
is powered off.

The buzzwords to look up on Google are "ram" and "remanence." You will
find many hits (even by Peter Guttman); I'll post one url (Peter's) to
get you started:

http://www.cypherpunks.to/~peter/usenix01.pdf

Regards,

"nemo_outis" <abc@xyz.com> wrote in news:Xns96748640B83F9abcxyzcom@
127.0.0.1:



Sorry about the repeated posts; in a moment of monumental stupidity I had
accidentally killfiled myself and wasn't seeing my own posts!

I'll just nip off and beat myself about the head and shoulders.

Regards,

nemo_outis wrote:
rofl! best chuckle I've had in ages that one

On Mon, 13 Jun 2005 13:25:02 -0400, "someone2"
<someone@somewhere.nowhere> wrote:

<snip>
Speaking as a fully signed-up skip-diver, I've 'bought' all my IT kit
from local refuse tips - and in the process learned one or two tricks
for recovering data.
It frankly amazes me how ill-informed people are about data security
and privacy - and that goes for both those people who do nothing, and
those who do something about it but end up not quite getting it right.

A re-formatted drive presents no real obstacle to getting the data
back, and system passwords are just plain pathetic...even more so
those that are visible as asterisks.
I can walk through a password protected bios with ease, and a simple
linux boot disk will make mincemeat of an XP/NT admin password.

I get a bit miffed when I come across perfectly decent kit that's had
a hammer taken to it, particularly when it's kit like graphics cards,
motherboards and cpus.
A bashed up hard drive isn't always a problem when it comes to data
recovery...a couple of whacks in the casing and a smashed up circuit
board will often leave the platters intact...and all you need to
recover the data is another old drive of the same spec to fit the
platter into.

It's a technique I've used many times ( just for the hell of it
really, and to further my own understanding of what's feasible ), and
whilst it's probably quite 'entertaining' to be able to grub up
someone's old data it soon gets boring.
Probably about the most serious case of bad data management I've seen
was an old 486 that just need the drive unformatting. Turned out to
have been the office computer for a firm of local solicitors.
I had half a mind to contact them to let them know that I was able to
recover what was obviously very 'sensitive' data - but then no-one
pays me to be a security consultant, so I wiped the drive.

Yeah..me! Though I won't pay more than a tenner, OK?
I'll go to £20 for a lappy with usb..though it has to be faster than
500Mhz...
I think you need to keep a sense of perspective in your proposed
article.
The guy that wrote about recovering data is in the business of
providing a secure data shredding service - so it obviously pays him
to play up the fact that you can recover data that's been wiped - but
in truth it's rarely that easy.
I've been there myself, and sweated over a really well locked-down
system just for the hell of it, only to discover a couple of weeks
later that all that's on it are a couple of dozen Word documents
regarding a bad double-glazing installation.
The point here being that if you're going to expend the time,
resources and energy in recovering data then you'll want to do so on a
computer that has 'Property of the C.I.A' stamped all over it, rather
than picking one at random that might have come from Mrs.Miggin's Olde
Pie Shoppe that contains nothing but recipes that use unfeasible
amounts of lard.
In other words, it's a lottery - and the prizes aren't up to much.

Not that you should be discouraged, mind you.
A decent, balanced article discussing the various pros and cons would
be very useful - and just as useful would be a discussion of the
various tools and techniques out there which would enable people to
test their own systems for security. Hopefully it would mean that
people could feel secure in passing on perfectly useable kit instead
of feeling that they have to smash it to pieces.

And here's another thought...how many of us go to all the trouble of
locking down our computers and then carry shedloads of data around on
a usb flash drive, protected only by the lining of a jacket pocket?
I'm starting to see these things at gigs..whereby punters would
usually hand over an item of jewelry or a fancy lighter that's dropped
out of someone's pocket while they've been shaking their booty to the
ground, now I'm being handed mobile phones and usb drives.

For my own security I consider wiping the drive with a Blowfish
algorithm ( including the free space ) a couple of times to be quite
sufficient before consigning a drive to the bin. I've not yet been
able to recover any data on a drive so treated.

Regards,



--
Stephen Howard - Woodwind repairs & period restorations
www.shwoodwind.co.uk
Emails to: showard{whoisat}shwoodwind{dot}co{dot}uk

nemo_outis <abc@xyz.com> wrote:
Hey, there's no need to be *that* negative about your posts! ;-)

Joachim