* via http://theMezz.com/lists

* subscribe at http://techPolice.com

Computer sleuths seek deleted e-mail

Andersen auditors killed some Enron-related correspondence

By D. Ian Hopper

WASHINGTON, Jan. 16 — The job of recovering the missing Enron Corp.
accounting documents is falling to computer sleuths whose work can foil
the casual use of the delete button.

Legal counsel at Ontrack Data International THEY’VE BEEN called on
before in high-profile cases, looking for suspected spy transmissions
and missing Clinton White House e-mails.

And now they’ll be asked to recover documents from the computers of
Arthur Andersen LLP, which acknowledges its employees destroyed
thousands of e-mails and paper documents about Enron.

Investigators want to know who knew about the problems at Enron, which
shocked the financial world and its own employees with its fall from
Wall Street grace to bankruptcy.

Computer sleuths move quickly to preserve hard drives and backup tapes
before the bits of deleted data are overwritten forever.

“If the data was there, rarely can you not find a sign of it,” said
Bedser of Internet Crimes Group in Princeton, N.J. “The closer to the
time frame it happened, the better the chance of recovering the data.”

Andersen has said its Houston auditors started deleting Enron e-mails on
Oct. 23 and stopped Nov. 9. Bedser said his firm has been able to
recover Lotus Notes e-mail messages that were deleted up to eight months
earlier. Andersen used Lotus Notes.
Most computer users think a simple stroke of the delete key is enough to
make a message disappear forever.

“The general practitioner doesn’t know that once you hit delete and
it out of your inbox that it’s not gone,” said David Schultz, legal
counsel at Ontrack Data International. “That is why this is a very
fertile area for key evidence in litigation.”

In most cases, hitting the delete button simply erases the file from
general view. But the underlying data remains until the computer fills
that free space with new data.

Government agencies with sensitive information — like the National
Security Agency, the CIA and the FBI — use software that repeatedly
overwrites free space on hard drives to foil recovery of deleted data.
E-mails are even harder to permanently erase, because they often reside
in many locations along a computer network. Lotus Notes stores e-mail
messages on a central server and gives most users only limited access,
so a person who deletes an e-mail has no way to ensure it is permanently
erased and overwritten.

Investigators also use backup tapes. Major companies tend to back up
their files nightly or more often. The backups are eventually
overwritten, so preserving them early is critical.

 Recovering e-mails from backup tapes is far from a sure thing. Millions
of e-mails from the Clinton White House were never recovered, even after
contractor Vistronix tried to extract them from tapes. Andersen said it
has retrieved some of the deleted Enron files from backups.
Andersen may also need to check personal computers used by the Houston
auditors, looking for bits of e-mail messages or original copies of
documents that have since been shredded.

While the e-mails might not have been intentionally stored, some
portions may be lodged on individual computers just because someone read
the messages. Joan Feldman of Computer Forensics called the phenomenon
“data debris” and said it’s hard to work with.

“The e-mail may or may not be stuck on the hard drive,” Feldman
“The ‘may or may not’ part is really big enough to drive a car

Shredded paper is also extremely difficult, but not impossible, to
re-create. Jason Paroff, a forensics expert at Kroll Worldwide, said his
company has put shredded documents back together before, but success is
dependent on the efficiency of the shredder.

While the results of straight-cut shredders are relatively easy to work
with, Paroff said, “there are some shredding machines that almost
produce a dust on the other end. Good luck piecing that together.”
With all the uncertainties in forensic work, the experts said Andersen
would benefit if it gets another company to monitor its work. That would
protect Andersen against some routine pitfalls, like a technician
throwing out an obsolete but evidence-rich computer.
“It would probably be a good alibi for whatever their status is,”
Stan Wilson of Kroll. “You don’t want to go into something like
with yourself as the lone gun.”

You can be debt free in 12-30 months! This reputable non-
profit can help you accomplish this goal without bankruptcy
or a loan! Click here now: 

--via http://techPolice.com
archive: http://theMezz.com/cybercrime/archive
subscribe: [EMAIL PROTECTED]
--via http://theMezz.com

This email was sent to: archive@jab.org

EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2
Or send an email to: [EMAIL PROTECTED]

T O P I C A -- Register now to manage your mail!

Reply via email to