Hard Drive Forensics For Online Search History?
I need some info for my novel, please humor me.
If you have a terrorist doing internet searches on bombs and hate sites and everything, and assuming he deletes his history, could someone still find the search history? Would the law enforcement need to remove the hard drive from his home or could they do it onsite? Also, is it possible to purposefully crash the hard drive to make it impossible to retrieve any such data? Basically, I don’t want the detectives to discover this info, and so I want to make the terrorist smart enough to cover his tracks. Links would be helpful!!!!
The only true way to ensure data to never be recovered is by physically destroying the hard drive. There are programs such as Active@ Kill Disk that will write over the disk many times destroying all data making future recovery extremely difficult. Only the CIA or FBI would have the resources to recover this information.
If a user has used advanced tools to erase usage tracks, program logs, registry history and the index.dat files, restore is more difficult. You would have to use a disk editor to directly access hard disk sectors.
It’s easy to wipe data off your hard disk so ‘joe average’ can’t find it… have a look for secure deleter programs that are desigend to wipe the ‘empty’ disk space clean.
In a lab the data may be readable… it would mean dismantling the hard disk, so deffo out of the computer and out of the home.
As for destroying it so no-one can read it? Yep, with a few screwdrivers and a pair of pliers you can strip the disk to components, then torch each platter on a gas stove or electric stove till you hit the curie point and the info is gone, gone, gone.
Actually, you don’t have to be the FBI or CIA to discover deleted files. Even just a good programmer can recover every single file. Just like the previous answer, unless the hard drive is physically destroyed, everything can be discovered and password overridden. I’m giving you some URLs where you get get some more info.
I hope the info helps
The only way to ensure the data is destroyed would be to physically destroy the drive. Take a hammer to it, shatter the platters. Otherwise, a drive that’s intact can be recovered by someone who has enough time and tools to recover the data. So remember to smash your drive when your done researching how to make a pipe bomb.