Rob Ford's Toronto

[AlvinofDiaspar]

Or an old dog new tricks.

AoD

 

[Franks2000inchTV]

This.

Some people are seriously gullible. "Wow, what a strange coincidence that the police managed to recover the video 2 days ago and decided to charge Lisi today. Remarkable."

Case in point:

It's possible the timing went the other way, and the court date was scheduled to give the police time to prepare.

 

[SockPuppet]

The interesting upshot of this in criminal cases is that (as it was explained to me...) the whole thing about overwriting things x times with random information isn't necessary. The reason you need to overwrite all those times is that it's said to be possible to get info by opening up the physical device and looking at the residual magnetic whosamacallits to figure out what was once there. Ignoring the fact that it's apparently not really possible to do that anymore on modern drives because of the data density, it also means that you've changed up the drive enough that you can no longer use it as evidence.

Nope. The reason you overwrite things with random data is that filesystems don't actually delete the data itself when you delete something. The sectors are marked as unused and the index relating that file is deleted. The actual data itself still exists, thats why it can be recovered. It has nothing to do with physically opening the drive itself.

I'm a network security analyst and I did my thesis project on Digital forensics. I'm not just spouting nonsense

 

[evvabeing]

took me a while to catch up on all that's been posted today, but now that i have...

Clayton Ruby is on Newstalk 1010 voicing the EXACT same concerns that I have re: Toronto Police investigation!

i'm glad someone is voicing those concerns publicly!

why wasn't ford's home etc searched? why wasn't he interviewed? why wasn't he ever pulled over for a DUI?

would lisi have been charged with extortion if the documents were not forced to be made public?

yes we've "learned" a lot, but there are still so many questions.

 

[ChesterCopperpot]

You do know he has Down's Syndrome, right?

Dontcha feel like an asshole? That brave little guy has overcome quite a bit in his life.

Is this some sort of joke? If so, it's in extremely bad taste

 

[voxpopulicosmicum]

^Just to be clear, your thesis is that the judge, court clerks and the crown, defense and media lawyers all conspired to delay hearings and then, weeks in advance, they miraculously scheduled the final hearing to take place on the same day the police technician managed to "recover" the file?

Jeesus effing H christ, how many TPS employees are trolling this thread right now?

 

[anonymoose]

Nope. The reason you overwrite things with random data is that filesystems don't actually delete the data itself when you delete something. The sectors are marked as unused and the index relating that file is deleted. The actual data itself still exists, thats why it can be recovered. It has nothing to do with physically opening the drive itself.

I'm a network security analyst and I did my thesis project on Digital forensics. I'm not just spouting nonsense

He's talking about overwriting things multiple times with random information. As I'm sure you know, "secure erase" tools have several different options for overwrite patterns (it's a tradeoff between speed and security). It's more than just overwriting used sectors (which of course is the minimum standard for deleting a file.)

However, it seems that modern hard drives don't need more than one overwrite (government standards notwithstanding).
http://en.wikipedia.org/wiki/Data_erasure#Number_of_overwrites_needed

Number of overwrites needed[edit]
Data on floppy disks can sometimes be recovered by forensic analysis even after the disks have been overwritten once with zeros (or random zeros and ones).[22] This is not the case with modern hard drives:
According to the 2006 NIST Special Publication 800-88 Section 2.3 (p. 6): "Basically the change in track density and the related changes in the storage medium have created a situation where the acts of clearing and purging the media have converged. That is, for ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack."[18]
According to the 2006 Center for Magnetic Recording Research Tutorial on Disk Drive Data Sanitization Document (p. 8): "Secure erase does a single on-track erasure of the data on the disk drive. The U.S. National Security Agency published an Information Assurance Approval of single pass overwrite, after technical testing at CMRR showed that multiple on-track overwrite passes gave no additional erasure."[23] "Secure erase" is a utility built into modern ATA hard drives that overwrites all data on a disk, including remapped (error) sectors.[citation needed]
Further analysis by Wright et al. seems to also indicate that one overwrite is all that is generally required.[24]

 

[voxpopulicosmicum]

Is this some sort of joke? If so, it's in extremely bad taste

What's the joke? This was reported to me years ago.

 

[Dubster]

Where's MetroMan?

 

[flonicky]

Where's MetroMan?

Where's anybody? Quite the vaccuum for a day that everyone saw coming.

 

[hawc]

Rob Ford got more done in 3 years on crack then Miller and Lastman combined did clean. That's the saddest part of this whole story.

 

[SockPuppet]

He's talking about overwriting things multiple times with random information. As I'm sure you know, "secure erase" tools have several different options for overwrite patterns (it's a tradeoff between speed and security). It's more than just overwriting used sectors (which of course is the minimum standard for deleting a file.)

Regardless of what he was saying, it wasn't very clear. And even with multiple overwrites it is still sometimes possible to recover data digitally without opening the drive.

I was mostly just trying to be helpful. Not very much about digital forensics is known or understood properly outside of those circles where it is practised.

 

[pud99]

Why is Ford saying he can't comment because it's before the courts? He hasn't been charged with anything.

It is utter BS, designed to avoid saying that he does not want to talk. There is no legal basis for it. Even if he was charged was something he could comment.

 

[Torontovibe]

But try playing that same game by pointing at Harper and I suspect more mental gymnastics.

If anybody deserves scorn right now, it's Harper.

 

[Dubster]

Rob Ford got more done in 3 years on crack then Miller and Lastman combined did clean. That's the saddest part of this whole story.

Come on, man, really? Do we really need to go through all this again? Jesus.