No Thanks for the Memories - Industry Trend or Event

It's time to reveal my Oliver North moment, as promised in my last column. The moral of the story is that what happened to me -- and Ollie -- could well happen to you.

Most Popular Articles in Technology

An overview of continuous data protection

Why all those current ratings?

Many countries now have a mobile penetration rate above 100%, report says

The Tata Group's big telecom gamble: VSNL's recent acquisition of Tyco ...

MEASURING BANK BRANCH EFFICIENCY USING DATA ENVELOPMENT ANALYSIS: MANAGERIAL ...

More »

Oliver North was not the first person to get into trouble because he trusted his computer, but he is probably the best-known. In the mid-1980s, North was a Marine colonel working in the Reagan White House. One of his jobs was to coordinate support for the anticommunist Contra army of Nicaragua; the way he did so, however, turned out to be against the law. When congressional investigators began looking for evidence of how far he'd gone, North's secretary, Fawn Hall, began running documents through the shredder -- and North did the high-tech version of the same thing, deleting e-mail files from his computer. Poor Ollie! Everyone in the technology world was soon chortling at him for not knowing that deleting a file does not actually delete its contents. Instead it just changes the header and other information that lets the computer locate and use the file. The words, numbers, graphics and other data in the "deleted" file are still there, ready to be inspected with a standard file-recovery program. The investiga tors soon found what North thought he had deep-sixed.

The years go by. We enter the Internet age, and anyone with the slightest sophistication about computers assumes he has learned from North's mistake. I kidded myself that I belonged to this savvy group, until last year, when I met John E. Kuslich.

I had gone to Kuslich for help with a file-recovery project of my own. In 1999 I spent several months at Microsoft, consulting on ways to make Word more "writer friendly." Like everyone else at the company, I kept my correspondence, work notes and schedule in Outlook, which until then I'd avoided using. Unlike most others at Microsoft, I didn't know the correct way to make offline archives. So when I left the company, I had all my personal files stored not in the standard Outlook .pst format but in encrypted .ost versions. When I asked, after leaving the company, how I could get at these megabytes of archived calendar and correspondence, the official answer was: Sorry! It's impossible to decode or open an .ost file once the e-mail account in which it was created has been removed from the company server -- as mine had.

But a friend at Microsoft suggested, unofficially, that I contact Kuslich, since his Crak Software company (www.crak.com) specializes in opening files whose passwords have been lost (or files that disgruntled employees have deliberately locked up). Sure enough, Kuslich quickly converted my "unbreakable" .ost files to normal .pst format. But then he noticed something odd.

As he was scanning the structure of the recovered .pst file, Kuslich was amazed to find, among my e-mail and appointments from early 1999, an intimate note he had sent to his girlfriend in December 2000. Then he saw material from a Web site he had visited a few days earlier. He removed both of those -- but found something else that he invited me to check out for myself. "Do you have a 'hex editor'?" he asked me -- that is, a program for viewing the binary content of a file. Sure, I said, feeling like Mr. Tech. He told me to load a copy of the original, encrypted .ost file into the hex editor and see what it revealed at the end of the file.

That I did. In the places where I'd expected to see the text of my old e-mail message, there was only encoded gobbledygook. But at the end of the file, in perfectly readable plain text, were several paragraphs from ... a confidential report on the nuclear threat from North Korea! In another place was a sentence or two from a letter I'd once sent one of my sons. The material that was supposed to be in the file was encoded, but material that had no business being there, and that did not show up in the converted .pst file, was available to anyone with a hex editor.

What was going on here? It turned out that Kuslich had come across the digital counterpart of a real, live saber-toothed tiger -- that is, a menace that was supposed to be extinct but quite obviously was not. The underlying problem was something generally called "slack memory" or "RAM slack," although I prefer Kuslich's pithier term, "memory slag." It dates from the earliest days of personal computer operating systems. When it was time to save a file, the system would make up the difference between the actual size of the data in the file and the minimum cluster size for storage on the disk with random spare data from somewhere else. This extra "slag" data was from files the system no longer used, but that, like Oliver North's e-mails, had not been in any real sense "erased."

"It could come from a file you'd just deleted, from something you were working on last month, from practically anything that had not yet been overwritten," says Scott Stephens of NTI, a computer forensics firm in Gresham, Ore., that specializes in extracting hidden information from computer systems. "The fun stuff is information the computer created on the hard drive that the user never had a clue about." For example, while you are looking at a Web page or reading a document from a floppy disk, the computer might cache that data on its hard disk or make it part of its "swap file," which allows computers to use memory more effectively. From that point on, that data is available on the hard disk, although you didn't deliberately save it, and it can show up as slag at inconvenient times. Consider the nasty instant message you sent about your boss before handing him an unctuous memo. "When we get a resume, in Word, from job applicants," a man from one computer-security company told me, "we put it in the hex edit or and go right to the end to see what else they've been writing."

Find Research Guides for:

• Abortion
• ADHD
• AIDS
• Alternative Energy
• Alternative Medicine
• Cancer
• Capital Punishment
• Cloning
• Hate Crime
• Cryonics
• Drug Abuse
• Eating Disorders
• Gay Issues
• Global Warming
• Holidays
• Immigration
• Medical
• Men's Health
• Mental Health
• Real Estate
• Stem Cells
• Women's Health

Find Featured Titles for: Sports

• American Handgunner
• Auto Racing Digest
• Baseball Digest
• Basketball Digest
• Boat/US Magazine
• Bowling Digest
• California Fairways
• Camping Magazine
• Football Digest
• Golf Course News
• Golf Digest
• Guns Magazine
• Hockey Digest
• National Dragster
• Shooting Industry
• Soccer Digest

Most Popular Articles in Technology

• An overview of continuous data protection
• Why all those current ratings?
• Many countries now have a mobile penetration rate above 100%, report says
• The Tata Group's big telecom gamble: VSNL's recent acquisition of Tyco ...
• MEASURING BANK BRANCH EFFICIENCY USING DATA ENVELOPMENT ANALYSIS: MANAGERIAL ...
• More »

Most Popular Publications in Technology

• Computer Technology Review
• Japan, Inc.
• Communications News
• Internet Business News
• Macworld
• More »