Introduction

Computer forensic examiners are responsible for technical acuity, knowledge of the law, and objectivity in the course of investigations. Success is principled upon verifiable and repeatable reported results that represent direct evidence of suspected wrong-doing or potential exoneration. This article establishes a series of best practices for the computer forensics practitioner, representing the best evidence for defensible solutions in the field. Best practices themselves are intended to capture those processes that have repeatedly shown to be successful in their use. This is not a cookbook. Best practices are meant to be reviewed and applied based on the specific needs of the organization, the case and the case setting.

Job Knowledge

An examiner can only be so informed when they walk into a field setting. In many cases, the client or the client’s representative will provide some information about how many systems are in question, their specifications, and their current state. And just as often, they are critically wrong. This is especially true when it comes to hard drive sizes, cracking laptop computers, password hacking and device interfaces. A seizure that brings the equipment back to the lab should always be the first line of defense, providing maximum flexibility. If you must perform onsite, create a comprehensive working list of information to be collected before you hit the field. The list should be comprised of small steps with a checkbox for each step. The examiner should be completely informed of their next step and not have to “think on their feet.”

Overestimate

Overestimate effort by at least a factor of two the amount of time you will require to complete the job. This includes accessing the device, initiating the forensic acquisition with the proper write-blocking strategy, filling out the appropriate paperwork and chain of custody documentation, copying the acquired files to another device and restoring the hardware to its initial state. Keep in mind that you may require shop manuals to direct you in taking apart small devices to access the drive, creating more difficulty in accomplishing the acquisition and hardware restoration. Live by Murphy’s Law. Something will always challenge you and take more time than anticipated — even if you have done it many times.

Inventory Equipment Most examiners have enough of a variety of equipment that they can perform forensically sound acquisitions in several ways. Decide ahead of time how you would like to ideally carry out your site acquisition. All of us will see equipment go bad or some other incompatibility become a show-stopper at the most critical time. Consider carrying two write blockers and an extra mass storage drive, wiped and ready. Between jobs, make sure to verify your equipment with a hashing exercise. Double-Check and inventory all of your kit using a checklist before taking off.

Flexible Acquisition

Instead of trying to make “best guesses” about the exact size of the client hard drive, use mass storage devices and if space is an issue, an acquisition format that will compress your data. After collecting the data, copy the data to another location. Many examiners limit themselves to traditional acquisitions where the machine is cracked, the drive removed, placed behind a write-blocker and acquired. There are also other methods for acquisition made available by the Linux operating system. Linux, booted from a CD drive, allows the examiner to make a raw copy without compromising the hard drive. Be familiar enough with the process to understand how to collect hash values and other logs. Live Acquisition is also discussed in this document. Leave the imaged drive with the attorney or the client and take the copy back to your lab for analysis.

Pull the Plug

Heated discussion occurs about what one should do when they encounter a running machine. Two clear choices exist; pulling the plug or performing a clean shutdown (assuming you can log in). Most examiners pull the plug, and this is the best way to avoid allowing any sort of malevolent process from running that may delete and wipe data or some other similar pitfall. It also allows the examiner access to create a snapshot of the swap files and other system information as it was last running. It should be noted that pulling the plug can also damage some of the files running on the system, making them unavailable to examination or user access. Businesses sometimes prefer a clean shutdown and should be given the choice after being explained the impact. It is critical to document how the machine was brought down because it will be absolutely essential knowledge for analysis.

Live Acquisitions

Another option is to perform a live acquisition. Some define “live” as a running machine as it is found, or for this purpose, the machine itself will be running during the acquisition through some means. One method is to boot into a customized Linux environment that includes enough support to grab an image of the hard drive (often among other forensic capabilities), but the kernel is modified to never touch the host computer. Special versions also exist that allow the examiner to leverage the Window’s autorun feature to perform Incident Response. These require an advanced knowledge of both Linux and experience with computer forensics. This kind of acquisition is ideal when for time or complexity reasons, disassembling the machine is not a reasonable option.

The Fundamentals

An amazingly brazen oversight that examiner’s often make is neglecting to boot the device once the hard disk is out of it. Checking the BIOS is absolutely critical to the ability to perform a fully-validated analysis. The time and date reported in the BIOS must be reported, especially when time zones are an issue. A rich variety of other information is available depending on what manufacturer wrote the BIOS software. Remember that drive manufacturers may also hide certain areas of the disk (Hardware Protected Areas) and your acquisition tool must be able to make a full bitstream copy that takes that into account. Another key for the examiner to understand is how the hashing mechanism works: Some hash algorithms may be preferable to others not necessarily for their technological soundness, but for how they may be perceived in a courtroom situation.

Store Securely

Acquired images should be stored in a protected, non-static environment. Examiners should have access to a locked safe in a locked office. Drives should be stored in antistatic bags and protected by the use of non-static packing materials or the original shipping material. Each drive should be tagged with the client name, attorney’s office and evidence number. Some examiners copy drive labels on the copy machine, if they have access to one during the acquisition and this should be stored with the case paperwork. At the end of the day, each drive should link up with a chain of custody document, a job, and an evidence number.

Establish a Policy

Many clients and attorneys will push for an immediate acquisition of the computer and then sit on the evidence for months. Make clear with the attorney how long you are willing to maintain the evidence at your lab and charge a storage fee for critical or largescale jobs. You may be storing critical evidence to a crime or civil action and while from a marketing perspective it may seem like a good idea to keep a copy of the drive, it may be better from the perspective of the case to return all copies to the attorney or client with the appropriate chain of custody documentation.

Conclusion

Computer examiners have many choices about how they will carry out an onsite acquisition. At the same time, the onsite acquisition is the most volatile environment for the examiner. Tools may fail, time constraints can be severe, observers may add pressure, and suspects may be present. Examiners need to take seriously the maintenance of their tools and development of ongoing knowledge to learn the best techniques for every situation. Utilizing the best practices herein, the examiner should be prepared for almost any situation they may face and have the ability to set reasonable goals and expectations for the effort in question.

Carol L. Stimmel is a Certified Computer Examiner (CCE), co-author of The Manager Pool, and former Vice-President, Consulting of Gartner. She has worked in technology for over 15 years and has been involved in engineering, security, knowledge management, and the establishment of successful entrepreneurial ventures.

CITSF provides certified consulting services to the attorney marketplace in the area of computer forensics and e-discovery.

Visit CITSF on the web at http://www.citsf.com She may be reached at 303-819-2068 or carol.stimmel@gmail.com.

Earlier we warned you about a serious security flaw, so-called "WMF flow." Several days later nearly one hundred different instances of exploitation of this newly discovered vulnerability had been found.

"Desktop users that suffered the effects of the IMF exploit describe it as a devastating experience to find their desktop computers completely taken over by an attacker.

“When it hit, the screen suddenly said, ‘Congratulations, you’re infected!’” said Brad Dinerman, vice president of information technology at MIS Alliance, a professional services outsourcing firm in Newton, Mass. It was clear that the computer running XP was no longer in his control.

“It had root access, it wouldn’t let me log off or do anything,” Dinerman said. He said he ended up having to re-build the machine from scratch. He noted that his machine had been up-to-date in terms of software patches, anti-virus and anti-spyware software. "

"…exploit has so many variants that anti-virus firms are having a difficult time keeping up with the exploit’s changes in attack code."

http://www.networkingsmallbusiness.com/news/2006/010306-sans-microsoft-patch.html

"It enables clueless newcomers to easily craft highly variable and hard-to-detect variations of image files. Images that take over computers when viewed. And do this on all common Windows platforms. Meaning that there are hundreds of millions of vulnerable computers in the net right now."

http://www.f-secure.com/weblog/archives/archive-012006.html

Current news on the situation, by BlogAutoPublisher support expert:

1. An official WMF Vulnerability update from Microsoft is now available. See more info and patches for various flavors of Windows at:

http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx

Or just go to http://update.microsoft.com/ to pick up the right update automatically.

The patch requires that the PC be rebooted.

2. Microsoft is not fixing Windows 98/ME.

Microsoft has now "reclassified" the WMF vulnerability in Windows 95, 98, and ME as non-critical (instead of just fixing it!). This means that it will probably NOT be updated and patched to eliminate the WMF handling vulnerability that those older versions of Windows apparently still have. "Per the support life cycle of these versions, only vulnerabilities of critical severity would receive security updates," the company said.

We urge you to upgrade, if possible, to WinXP which is much more secure and stable Windows version.

3. After applying the Microsoft’s patch, go to Start > Run, paste there the following line:

regsvr32 shimgvw.dll

and press OK. You should see the following message: "DllRegisterServer in shimgvw.dll succeeded."

All your Windows "picture viewing" capabilities are back to normal now.

Wishing you productive and secure 2006, BlogAutoPublisher Team.

Copyright 2006 Olga Farber Becker

Olga specializes in internet marketing, blogs, RSS feeds. Find out 55 ways to use the Marketer’s Blogging Software Olga and her partner recently released: http://blogautopublisher.com.

Sometimes, due to unforeseen occurrences, it may become necessary to recover information from your hard drive. For instance, you computer may encounter problems and you need to recover documents. In many cases such data retrieval is quite possible. So, how exactly does data recovery work?

Specialists in data recovery will take your hard drive and evaluate it. Skilled technicians will determine how much information can actually be retrieved from your hard drive and what will be necessary to retrieve the lost data. Once this evaluation is complete; the data recovery provider will advise you what needs to be done to retrieve your data and how much the work will cost you.

Lost data can be recovered successfully about 80 percent of the time. Bear in mind however, that the evaluation process can take several days to weeks, and it may or may not prove successful in determining what the problem with the computer is. Then, if you should decide to give the data recovery provider the go ahead, they will clone the system and begin attempting to retrieve the data that is on your hard drive. Laptops and notebooks can also have data recovered from them. Despite the fact that the procedures for doing so are different than those used on standard computers, data can still be recovered from these mini-computers. In essence, the primary difference is that these computers require smaller tools in order to recover the data on them because they are so much smaller. Specialists do not require your entire computer to recover your data. Rather, you can simply ship your hard drive to them and they will retrieve the data from it.

Nevertheless, as a hard drive is a sensitive piece of equipment it, needs to be shipped very carefully. The drive will have to be wrapped in material that will not produce static and you should avoid the use of Styrofoam peanuts at all costs - they create a significant amount of static and static can destroy a hard drive.

There are also some other things to be aware of if you want to attempt data recovery. For instance, if you hard drive is exposed to water, you should be quite careful when shipping it. It is advised that data can be retrieved better before the hard drive dries out, therefore it is suggested that you ship it with a damp cloth in a plastic bag to ensure that it stays wet until it can be evaluated. Finally, when you do ship your hard drive to a data recovery provider, be sure to place it in a cardboard box, wrapped in bubble wrap, where it will have very little room to move around.

——————————————————-
Michael Russell
Your Independent guide to Data Recovery
——————————————————-

Introduction

Designing a disaster recovery system requires planning and consideration of the available options that will best fit your company’s needs, SLA and budget.

With SANRAD DR Solution there is no need to use Log shipping (which requires extra recovery steps) or Microsoft SQL’s built in replication mechanism (which requires the configuration of a publisher and a subscriber). SANRAD DR makes the data and transaction log available to the SQL server on the remote site for immediate use. Even if there is no SQL server on the remote site, once built after a disaster, it will be able to access the data immediately with minimum recover time. SANRAD DR solution is a “hot standby solution” when there is a server on the remote site and a “warm standby solution” when there is no SQL server on the remote site (which will be built after a disaster).

This guide will help you design Disaster Recovery plan for Microsoft SQL 2000 in conjunction with . The guide assumes that you have basic knowledge of SANRAD V-Switch and MSSQL 2000 Administration.

Disaster Recovery Planning For Microsoft SQL 2000 This section discusses both general and MSSQL specific considerations that need to be addressed when designing a disaster recovery solution combining and Microsoft SQL 2000.

General Considerations

solution allows for flexibility with Microsoft SQL 2000 disaster recovery design. The most influential factors affecting design consideration are:
• Budget limitations
• Recovery Time Objective (RTO) requirements (the time until the data is back online)
• Recovery Point Objective (RPO) requirements (the amount of data that can be lost)
• Network bandwidth between the local site and remote site
• Replication method: Synchronous versus Asynchronous
• Replication frequency (only for Asynchronous replication)
• Initial volume synchronization

RTO (Recovery Time Objective)
• With high level RTO, duplicate hardware is required to allow quick recovery making the solution more costly.

RPO (Recovery Point Objective)
RPO requirements are best defined by the amount of data that the company is willing to lose.
• High level RPO requires more bandwidth for both Synchronous and Asynchronous replication.
• Low level RPO requires less frequent replication and smaller bandwidth.

Network Bandwidth between the Local and Remote sites
Bandwidth between the sites is generally the most crucial factor affecting the replication component of a solution.
• T1 (1.5Mb) links impose less frequent data replication and the use of asynchronous replication methods.
• T3 (45Mb) links or a 1Gb links allow frequent replication and the flexibility to choose between synchronous replication or asynchronous replication methods.

Replication method
When considering which replication method to choose it is important to remember:
• In Synchronous Replication the I/O commands are written to the local disk and to the remote volume at the same time. Every IO command requires an acknowledgment from both the local and remote sites before the next command. Consequently, synchronous replication is best deployed with a high bandwidth connection in order to allow the remote acknowledgment to arrive back to the local site as fast as possible and the replication can run faster.
• In Asynchronous Replication the I/O commands are written to the local volume and local journal volume which in turn is replicated periodically to the remote volume as periodically defined by the user. Consequently asynchronous replication can work well with lower bandwidth (minimum recommended for Microsoft SQL 2000 replication is 1.5 Mb).
• For Asynchronous replication, you must decide the data replication frequency. There are three factors that must be considered:
1. The size of the network bandwidth between the sites.
2. The amount of data changes that need to replicate each time. For example, large amounts of data changes take longer to replicate using T1 links.
3. The RPO requirements.

Initial Volume Synchronization solution can be used to protect existing production Microsoft SQL 2000 data. solution supports both online and offline synchronization. When using with existing Microsoft SQL 2000 data, an Initial synchronization of the Microsoft SQL 2000 volumes on the local site to the remote site must be performed.

The initial volume sync method depends on:
• The size of the volumes needed to be synchronized.
• The network bandwidth between the sites. For example, the bigger the volume size, the longer it will take to synchronize over a T1 link.
Online synchronization starts immediately when replication is started and uses the same network link that will be used during the replication.
Offline synchronization is a manual process where prepares the volumes on the primary site and the user must copy the data to the remote site. It is the user’s responsibility to make sure the volumes on the remote site are synchronized.

Microsoft SQL 2000 Considerations
Any Microsoft SQL 2000 Disaster Recovery planning should (at the very least) consider the following requirements:
• Quick access to the most recent copy of the Microsoft SQL 2000 database and the transaction logs. In a disaster situation provides fast access to the most recent replicated data on the remote site.
• The Microsoft SQL 2000 database and its related transaction logs must be replicated together to the remote site. uses consistency groups to ensure simultaneous replication of all volumes assigned to a consistency group.

SANRAD is a leader in IP Storage Networks enabling organizations to effectively Access, Share & Manage Stored Data across Standard Ethernet Environments.

SANRAD delivers simplified networked storage with excellent price/performance by coupling open IP storage connectivity with comprehensive network-based data management using IP Storage Area Networks (IP-SANs).

With SANRAD, organizations of all sizes can leverage the benefits of networked storage to link employees and clients with stored data for full storage availability, flexible and scalable storage using an economical Ethernet (IP/SCSI) network.

for further reading: http://www.sanrad.com/objects/support/Library

If you are looking for help with data recovery, you are likely not in the mood for the sales hype and the marketing schemes. Individuals looking for it are usually in need of it because their system has crashed or they can not locate the data and information that they desperately need. Many individuals find themselves lost without the precious memory that they have to have in order to make a sale or to contact a company or even worse the data to keep their computer in functioning order. Data recovery options are available though.

There are two main ways in which you can find help here. First, you can call on data recovery specialists that can come in and help you. These individuals can help by accessing your computer and finding what has happened. They are skilled and able to read more into the problem than most computer users can. A good individual to call on for this type of service is someone that has the ability to be around anytime that you need them, experience dealing with your type of system and honesty. You do not want to go with just anyone and it’s important to establish a working relationship with a company before you have problems.

The second type of data recovery option that you have is through software. Many software programs are available to help you. These will store and keep your very precious information on file so that if something were to happen, they would have it available for you. Of course, this type of data recovery really only works if you have it in place before a problem.

Do you need data recovery help? Do you need to call on someone to help you through one of the worst computer situations of your life? When all else fails, the best thing for you to do is to call on a specialist. Sure, your brother’s wife’s aunt’s husband says that he can help you, but unless you really know that they can and you have the time to wait around for him to fix it, it is best to call on a professional to handle your situation in data recovery.

Written by T.Potter. Visit No1 in Data Recovery for further information.

1. What you should be doing about data backup and why?
2. Fine electro-mechanical devices to backup.
3. Meant to do it!
4. Once Bitten.
5. Backup, a mistaken or confused name.
6. What do you need to do today to start a backup plan or backup program?
7. Let’s get organised.
8. Things to save or to backup.
9. Our recommended Backup System.
10. Near worst case scenario. When you most need a backup to restore from.
11. Our own system. How we backup our data.
12. Remember, Backup, start today.

1. Why do a data backup? What you should be doing and why? Computers always go perfectly. Right? What would you do without your PC? Computers can and do fail usually at the worst possible time. They may get stolen, trashed or crash. Most of us deal with the problems as and when they occur. There are times though, when a little bit of planning and forethought pays big dividends.

2. Fine electro-mechanical devices. The hard drive in your computer has both electronic and mechanical components that work with very fine tolerances where the head literally flies a fraction of a millimeter above the disks fast spinning surface. Measurements a fraction of a human hair thickness are not unusual. So bumping or dropping them or having PC power problems causes the components to literally crash and may result in irreparable damage.

3. Meant to do it! Most business people and many home users are aware of the need to Backup (or copy, in easy terms) their information to another place for safe keeping. After failures they often say ‘I meant to do it but never made the time.’

4. Once Bitten. Every day before they walk out of the office they’ll religiously run or at least start the backup going. In the morning they’ll check and make sure all went Ok with the Backup and look at any errors reported.

5. Backup, a mistaken or confused name! Simply put, Data Backup is the ability to recreate or restore the system you had working before the PC failure or loss. It may be called Copy, Save, Burn, Write. Unfortunately the word Backup is often used different ways. And means different things in different places! Bookkeeping software typically prompts you to backup your data (the company accounts and ledgers, in other words). But the backup is usually on the PC not another disk or computer. So if that computer goes missing, then the company bookkeeping info is gone too. You need to do this type of data Backup for bookkeeping and company client lists. But there’s more to do. Make a note where it goes to so you can Backup or copy it to another disk, CD, ZIP or Flash device you can take home.

6. What do you need to do today? Simple. Work out what you use your computers for that you simply couldn’t do without if it wasn’t there tomorrow. Would your business or personal relationships STOP without the ability to re-create the computer info you’re using? Please. Take a minute to read the full story below.

7. Let’s get organised. You’ll need: - any equipment and software to make the backup; a plan to follow to do it regularly; to backup what you should; to store it somewhere safe; to write down the backups done; reminders to do it next time; most of all the patience to wait and do it whenever it’s due. Lastly, it should be tested that you can recover from disaster if it ever occurs.

8. Things to save. Information to Backup should include Documents; Spreadsheets; Bookkeeping & Transaction data; Address Books; Lists; Emails; Personal information, Photos; Downloaded Programs and Licenses; Favorites; Special things; Internet & Email settings; Regulatory matters. Many of these items are irreplaceable, so they should be safeguarded.

9. Our recommended backup system. Two copies, one at your place and one at a friends place. Small Backup, things that change frequently, done daily. Big Backup, total Backup of your PC because the info is organised in a disorganized sort of way, spread over the hard drive in hard to find places, done weekly or monthly. More than one PC? If you have more than one PC you may need to re-think and re-organise where information is stored in the computers. A central point for all company data is easier to manage and Backup than data in all the odd places on the computer. You may investigate ‘synchronizing’ data so it’s naturally on more than one PC.

10. Near worst case scenario. If the Hard drive fails the information may be recoverable. But it’s a very expensive job by the professionals. Occasionally one of our customers has needed to retrieve data from a dead hard drive. We recommend a particular company who has always managed to recover the data, but there’s a lot of lost time and un-necessary expense especially when compared to the simple smart solution where you take all the necessary precautions and do the backup first.

We hope you never see one of these errors:- an MYOB fatal error 1199 as one of our customers did recently. It translates to the data file causing this error is definitely unusable and irrepairable. It can only be fixed by restoring your data from your most recent backup. (Do you have a recent Backup?) or HAL.DLL is missing or corrupt. It translated (in this case) to the Windows folder has disappeared. Anything at all that was stored in the windows folder is GONE. Windows needs to be re-installed from the original media (CD), Updated and Settings restored from a recent backup. Occasionally we (you or I) will start working on a document or data file and have a little accident. Accidents happen to us all occasionally. The simplest way is often to simply restore from the most recent backup, or waste a lot of productive time just getting things back to the way before we commenced, and made the accident. Just imagine what the worst case would be!

11. Our own system. How we backup. Pixel ITT has these systems in place. Daily, MYOB, when closing company data the data integrity is checked and Zipped up on the C Drive. It takes about 3 minutes.

Monday, 9am, Customer database and documents, Zipped into one file on C Drive. Takes 5 to 10 minutes at the start of day.

Monday to Friday, 9.50pm, Automatic Backup using XXCopy Pro of My Documents Folder which includes, MYOB, Customer data, Documents, saved to a redundant (older) PC as a file server, 5 minutes unattended. Older PC must be turned on and available on the office network.

Monday to Friday, 10pm, Automatic Unattended Backup of daily data important to business, MYOB, Customer data, Documents, Security info saved to CD, 3 to 5 minutes usually unattended.

Every 2nd Saturday, 2 secondary PC’s, Full incremental backup, to CD on main PC. Takes 10 to 20 minutes attended.

Every 4th Saturday, Main PC, Full incremental backup to CD on main PC, takes 60 to 120 minutes attended.

What’s missing in our backup system? Off-site backup copy could be more recent but has the main ingredients of our business in a workable version. Backup test has been performed to restore secondary PC’s only. The main PC will be done when time permits or it becomes necessary.

12. Remember, Backup, start today. We tell our customers, whether they’re small business clients or home computer users at every chance we get, to backup, somehow, but backup regardless. We’ve all got cd burners and cd writing software these days, but still most clients do not have a recent data backup or use the backup software that came with their computer. If the worst disaster happens, we’re called in to clean up the situation and regretfully tell the customer if they didn’t backup before the computer was stolen or broken there’s really nothing we can do to ease their pain whether it’s business critical data or data like home pictures and email address contact lists.

So BACKUP, Backup, backup just do a BACKUP.

Greg Martyn is a partner in Pixel ITT providing computer service and support in the St George and Sutherland area south of Sydney Australia. Pixel ITT also supply software for backup, internet security, antivirus and firewall in Australia. Greg Martyn has been in a technicial role since 1967, and until 2000 worked for OTC and Telstra. Pixel ITT use and recommend the software we sell including EMCDantz Retrospect Pro which is our main backup tool. Trial software and more info is available through http://www.pixelitt.com.au.

Let us first understand What is data? Data is nothing but, information. All information in a computer is referred to as data. Data is a plural form of Latin word "Datum". In computer, what we type, is referred to as data. There are two types of data, first one is character or numerical data, and second one is referred to as binary. The first one is readable to human beings easily. The second one helps computers to function. They are readable by the computer programs.

What is data protection: Generally, the word protection means the security given to something. For example, a house protects us from getting wet, when raining etc. In computer, the word protection is referred for protecting data from others, so, that others cannot get the information. In computer, information is stored in hard disks, floppy disks, CD-ROM disks, etc. i.e. any secondary storage device, permanently. We need to protect it from getting accessed or modified or deleted. There are two categories of data; they are, private and public. Private data, features your name, password, address, telephone number etc. Public data is made available to public, information on some specific fields, which includes science, technology, mathematics, etc. Not all information on these fields are not public data. They may have private data also. It depends on how data is organized to protect it from being accessed.

Normally, we store information or data in the form of files, in the secondary storage devices. The computer checks, whether the data is in protected mode. If it is true, then computer will not provide data to the user. Each of file information is stored, in File Allocation Table (FAT), in case of Microsoft family of operating systems. File Allocation Table, is table of rows and columns, with each row corresponds to one file. The columns are, of, name of the file, address offsets from and to where data is to be read, different file attributes. One way, and perhaps, the only way to give protection to the file in FAT, FAT16, FAT32 is by hiding it and making it read only. But, that was not enough, as a user, knowing the existence of file, can reach it directly, without any difficulty. Microsoft later released NTFS (New Technology File System), which greatly increased the security options.

With the advent of client-server technology, the computer system had revolutionary changes. NTFS introduced a concept called File and Folder level security, where in, one can set options, with user name, and passwords. The user with sufficient permissions can access the file. However, there are several o*ther issues. The user name and passwords are to be made secured. So, they introduced a concept, called encryption and decryption. The basic idea of encryption is to convert data from one form to another. For example, suppose the letter ‘A’, may become ‘Z’ after encryption. Decryption is the just opposite of encryption. i.e. ‘Z’ should become, ‘A’, after reversing that is, decryption.

Encryption and Decryption involves several complex mathematical formulas. One needs to be good in mathematics, to write programs, for encryption and decryption. Till today, no one knows the actual process except, the author of the program. But, several intelligent guesses can result in breaking of encryption code. So, several encryption and decryption algorithms came, which made guessing difficult. The research for best encryption and decryption process is already on its way.

The second security measure, apart from the encryption is, the firewall. A firewall is a program, which monitors the traffic. The traffic is nothing but, a group of files. It may be a network file or an ordinary file. A firewall prevents the certain files or data from entering into system. It checks data or properties of the file and allows or blocks the file, depending on the condition set. Say for example, suppose, if one can prevent the file abc.txt from entering into the system. Like wise, we can block or allow the messages or files, which are willing to enter into our computer.

The growth of technology has resulted in bringing high level security, in the computer system. However, a more advanced data security system need to be built, which will prevent, unauthorized access into the system, in the years to come.

For more Data Protection tips and solutions, visit http://www.data-protection-solutions.com

To get control over your own mail store in Outlook Express means to be up-to-date in terms of private business and procure order in all kinds of epistolary relationships. These affirmations are out of question.

Just imagine a thunder crash over your pc followed by the magic disappearance of all your mail information ever received or sent. Considering the fact that this sort of nightmare is the most usual catastrophe that cruelly interrupts the continuous flow of your day after day life, it is highly possible that it has already happened to you. One crash could delete your history! We know how lamentable it could be. Being eager to prevent the irreversible loss, you might try to save your mail manually, letter by letter.

What happens? Right! Great difficulties and even greater waste of precious time.

Supposing that the support machinery (meaning personal computers) does not exactly represent the field of your interest or knowledge, it is still very likely that you depend on a pc as the most important tool for your work. That is why you are not primarily interested in the cause of “universal” crash (that might be a hardware failure, viruses, windows crash etc.) but you want to keep yourself away from wastage. Once you have installed your most convenient tool of communication, like the Outlook Express program, you are ready to enjoy all the advantages of being a part of the net and to face the few drawbacks of the high technology state.

Why do you have to save your electronic letters? Well, because you cannot proceed as you did in bygone times of paper mailing.

You cannot keep a virtual mail in a real drawer!

The first step to be undertaken is to get informed in virtual order issues. There are several programs ready to propose their help in making your life easier. Outlook Express contains a suite of tools given to your use.

In addition, you would need a way to save your writing history (private and business mails) from computer crashes by easily clicking around - a program able to save your entire data to a single, compressed protected file so that it can be restored easily. This is what we call high performance.

There is no need to mention the deep necessity to have all your information contained in mails kept in order and safe from loss, as well as there is no need to mention the importance of communication. Get convinced, get informed, and get your business improved.

Ted Peterson writes for Adolix. You can visit http://www.adolix.com and check the latest version of our utilities and tools like Adolix Outlook Express Backup, eCover Engineer and Adolix PDF Converter.

According to the US National Archives, “31% of PC users have lost all of their files to events beyond their control.” Look at the person on your left. Now look to the person on your right. If it’s not one of them – IT’S YOU. It hurt didn’t it!

And if its not you, you know a guy, right? While not all of us have lost an entire computer full of data we all play in a world where our data is increasingly valuable and increasingly vulnerable. Think of the value of your data – Word files, Excel spreadsheets, Quicken data, emails, contacts, appointments, accounting information, budgets, proposals, pictures, music, and on and on. If somebody held a gun to your computers figurative head what would you pay to not pull the trigger?

Before answering, remember that you pay for insurance in most every area of you life. That insurance provides you the luxury of calling an agent behind a desk somewhere to make problems go away. Ahem, “Allstate, it’s me. I just drove my car into a lake and I need a new one.” Or, “Geico, can you get the little green fella’ on the line. My house just went up in flames and I’m thinkin’ remodel.” Pay your deductible and you’re back in business.

But what about your computer? You’re at Starbucks sitting down to enjoy your freshly brewed Caffè Mocha when you realize they didn’t give you one of those cardboard finger saver sleeve things. While you’re at the counter trying to get the attention of the guy in the apron your laptop walks out of the place under the arm of some highly caffeinated punk who just scored big. You know the feeling you get when you can’t find your wallet? Multiply by 10. Your ENTIRE LIFE was in that computer.

Go ahead; call your friendly neighborhood State Farm agent. You’ll get your computer back. Pull some software CDs out of your desk. You’ll get your programs back. Now just reload the copies of all of your data (you know, the files you make with you computer hardware and software that is almost as unique to your life as your DNA).

Say what?

You don’t have copies?

Oh, I see. So let me get this straight. You know you should have made copies. You even know that you could have printed hard copies or backed them up on CD or to another form of “storage media” but you didn’t. And may I ask why not?

Hold on there; let me write these excuses down as you make them up so I can pass them on to my other friends who drop the ball on this one:

· I don’t have time.
· I don’t know how.
· I kind of know how but I’m not really sure its working so what’s the point?
· Not only do I not have time, but my backups are out of date a few minutes after I make them anyway.

All legitimate excuses. None of them, however, are going to bail you out.

This just in… there are now THREE things certain in life:

1. Death
2. Taxes
3. Data Loss

Maybe you’re not a coffee drinker, but your data is still susceptible to the four leading causes of data loss:

· Disaster – theft, fire, hurricane, earthquake, etc.
· Virus Attacks
· Computer Hardware Failure
· Human Error (oops!)

So how do you prevent data loss?

YOU DON’T. It’s going to happen. The real question isn’t, “How do I prevent it?” It’s, “When it happens, how do I get it back?” The answer is simple – THE INTERNET.

That’s assuming your have joined thousands and thousands of computer users who are subscribing to online data backup services. The concept is quite simple: load a small software utility onto your computer that constantly runs in the background and tell that utility where you keep your critical data files. From that point forward any time you create new files or make changes to existing files, the online backup utility sends copies of those critical files to its highly secure off-site data storage facility. WHEN you lose your data you simply retrieve your copies over the Internet.

Ta-da. Aren’t you smart?

With companies offering this service now for just a few dollars per month, this is indeed the cheapest insurance you can buy for any aspect of your life. So what do you say? The gun is at your computer’s head. The ransom is $3.00.

Your move.

About The Author: Andy Sperry is a freelance writer and CEO of online backup service provider The Backup Agent (http://www.thebackupagent.com).

Back-ups are a very important, yet often neglected, part of using a computer. I learnt this the hard way. I had to rebuild my computer from scratch several times before implementing complete back-ups on the full system. Most people back up little to none of their files on a daily basis. They don’t back-up emails, address books or even accounts data, and then get frustrated when all work is lost.

Speaking from experience it takes several months if not years to get your computer just right for your needs. Meaning internet shortcuts, software installations, FTP accounts and so forth.

Imagine you had all your files backed up. To recover an operating system and all your software that you had installed on your computer is going to take a lot of time and effort. Now imagine you didn’t back-up your files, this would be a nightmare.

You’re probably thinking that doing these back-ups are going to take a lot of time that you don’t have. This is no excuse. There are several software packages on the market that automate these backups. All you need to do is configure the software, then get it to run on a daily basis at a time that is convenient (eg. 2am, when you most likely won’t be using your computer).

The best way of storing these back-ups would be on a secondary drive. The expense of the software and the secondary drive will be minimal, considering the time and effort it would cost you if you didn’t have back-ups to re-build your computer. Furthermore it would be even more effective to keep a back-up of your files in an off-site location. Meaning at another physical location. If your computer was to catch on fire a back-up on a secondary drive would not be much help. This would ideally be performed every month or every three months.

With regular back-ups you can work with the peace of mind that if something happens to your valuable data, you can restore it with the click of a mouse.

For more great technology related articles and reviews visit http://www.technologyslice.com