“This security loophole means, for example, that computer criminals can hide information on the hard disk or, conversely, that sensitive information is not erased,” says computer security researcher Arne Vidström at FOI.
FOI in engaged in comprehensive research in the field of computer security in order to develop better methods of dealing with new threats and vulnerabilities, for example computer intrusion, arising from the increased use of computers.
“New hard disks are governed by a standard which is so comprehensive and complicated that it is extremely difficult to construct tools which can guarantee that one can find, or can erase, all the information on the disk,” explains Mikael Wedlin who is responsible for the research project at FOI.
FOI has analysed the hard disk interface most commonly used in today’s computer systems, the so-called ATA interface.
“We have been able to show weaknesses in many of today’s tools for wiping and investigating hard disks,” says Arne Vidström. Such tools, so-called computer forensics tools, are used, for example, by the police. The function which is poorly handled in the ATA standard is known as Device Configuration Overlays (DCO). This function can be used, for example, to make a disk appear smaller than it really is.
When the facts presented by FOI became known in the computer industry, the leading manufacturers of forensics tools took immediate measures to patch these security loopholes. The security company Secunia, which monitors and advises on computer vulnerabilities, also quickly published FOI’s findings.
Download the report “Computer Forensics and the ATA Interface”, FOI-R—1638—SE, below.