Search
    • Nov 11

Degausser oersted strength

The Tip of the Night for April 28, 2021 discussed Degaussing, which erases magnetic storage media by altering magnetic fields. Different drives and tapes will have varying 'coercivity'. Coercivity is the intensity of the magnetic field required to eliminate the magnetization of the storage device. Different kinds of magnetic media are classified into one of three types based on their oersted count - a unit of magnetic field strength.


Type I devices will have 350 oersteds or less. Type II magnetic media have between 350 and 750 oersteds. Type III storage devices will possess more than 750 Oe.


Not all Degaussers can erase every type of magnetic media. For example, the HP LTO-8 30 TB data tape cartridge, available here, has a magnetic coercivity of 2300 Oe.

A guide to Degaussers published by the National Security Agency in June 2019, NSA/CSS Evaluated Products List for

Magnetic Degaussers, rates Degaussers based on their Oe rating. As you can see, older model Degaussers will not be able to successfully erase this HP tape.


The oersted rating for a Degausser may differ based on whether the media being erased is a drive or a tape.


3 views0 comments
    • Sep 20

Extracting Artifact Data from Zoom

Magnet Forensics Axiom is a forensics tool which can be used to collect and analyze data from computers and smartphones. Chat messages and web browsing history can be pulled from iPhones and Androids, and data can be recovered from apps like SnapChat.


It also can collect artifact data from Zoom software installed on a Windows PC, or mobile phones. The artifact data differs from the actual user added content in that rather than being content the user intentionally creates and views, it is the data that is left behind from the use of the application.


With the login info for the system Zoom was installed on, Axiom can decrypt artifact data to thread chat messages together.


The artifact data can serve as a record showing who exchanged messages and when they were exchanged.







14 views0 comments
    • May 18

Host Protected Areas

Note that many drives will contain a host protected area, which will not be displayed in the file explorer for an operating system. The MAX ADDRESS of a drive can be set so less than the full size of a drive is shown. The rest of the drive will be a host protected area, the OS cannot work with. But BIOS software may work with the host protected area. A host protected area may be required for some firmware because it cannot successfully boot from a large drive.

Host protected areas can also be used to hold system restore software.

The host protected area will not be altered when a drive is reformatted, so theft detection software may be loaded there.

Naturally, the host protected area is also a good place to hide data, including malware.

8 views0 comments

Sean O'Shea has more than 15 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

 

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.

 

This policy is subject to change at any time.