The Association of Digital Forensics, Security and Law (ADFSL)
This research describes our survey of data remaining on computer hard disks sold on the second hand market in the United Arab Emirates (UAE). This is a repetition of the first survey conducted in 2012 (Jones, Martin, & Alzaabi, 2012). Similar studies have been carried over the last ten years in the United Kingdom, Australia, USA, Germany and France: (Jones, Mee, Meyler, & Gooch, 2005), (Jones, Valli, Sutherland, & Thomas, 2006), (Jones, Valli, Dardick, & Sutherland, 2008), (Jones, Valli, Dardick, & Sutherland, 2009). This research was undertaken to gain insight into the volumes of data found on second-hand disks purchased in the UAE, as well as any changes that have occurred since the previous survey. We will also compare these results to those produced in other regions of the world to gain an understanding of the relative level of the problem of residual data in the UAE. The core methodology of the research adopted for this study was the same as has been used for the other global studies. The methodology included the acquisition of a number of second hand computer disks from a range of sources and their subsequent analysis. The goal of the analysis was to determine whether any data could be recovered from the disk and if so, whether the data that it contained could be used to determine the previous owner or user. If information was found on the disks and the previous user or owner could be identified, the research examined whether the information was of a sensitive nature or in a sufficient volume to represent a risk.
Arthur, C. (2014, September). Naked celebrity hack: security experts focus on iCloud backup theory. ([online] https:llwww.theguardian.com/technologyl2014lsepl01/naked-celebrity-hack-icloud-backup-jennifer-lawrence)
Fisher, T. (2016, October). DOS Commands. ([online] https:llwww.lifewire.coml dos-commands-4070427)
Garfinkel, S. L., & Shelat, A. (2003). Remembrance of data passed: A study of disk sanitization practices. IEEE Security and Privacy, 1 (1), 17-27. doi: http: I I doi.ieeecomputersociety.orgl 10.1109 IMSECP .2003.1176992
Glisson, W., Storer, T., Blyth, A., Grispos, G., & Campbell, M. (2016). In-the-wild residual data research and privacy. Journal of Digital Forensics, Security and Law, 11 (1), 77-98.
Gutmann, P. (1996). Secure deletion of data from magnetic and solid-state memory. In In proceedings of the 6th usenix security symposium (pp. 77-89).
Gutmann, P. (2001). Data remanence in semiconductor devices. In Proceedings of the 1Oth conference on usenix security symposium - volume 10 (pp. 4-4). Berkeley, CA, USA: USE NIX Association. Retrieved from http:lldl.acm.orgl citation.cfm?id=1267612.1267616
Harding, L. (2016, April). What are the Panama Papers? A guide to history's biggest data leak. ([online] http://www.theguardian.comlnewsl2016l aprl03lwhat-you-need-to-know -about-the-panama-papers)
Jones, A., Martin, T., & Alzaabi, M. (2012). The 2012 Analysis of Information Remaining on Computer Hard Disks Offered for sale on the Second Hand Market in the UAE. The 1Oth Australian Digital Forensics Conference.
Jones, A., Mee, V., Meyler, C., & Gooch, J. (2005). Analysis of data recovered from computer disks released for sale by organisations. Journal of Information Warfare, 4 (2), 45-53.
Jones, A., Valli, C., & Dabibi, G. (2009, December). The 2009 analysis of information remaining on usb storage devices offered for sale on the second hand market. The 7th Australian Digital Forensics Conference.
Jones, A., Valli, C., Dardick, G., & Sutherland, I. (2008). The 2007 analysis of information remaining on disks offered for sale on the second hand market. Journal of Digital Forensics, Security and Law, 3(1), 5-24.
Jones, A., Valli, C., Dardick, G., & Sutherland, I. (2009). The 2008 analysis of information remaining on disks offered for sale on the second hand market. Journal of International Commercial Law and Technology, 4 (3), 162-175.
Jones, A., Valli, C., & G. S. Dardick, I. S. (2008). The 2007 analysis of information remaining on disks offered for sale on the second hand market. Journal of Digital Forensics, Security and Law, 3, 5-24.
Jones, A., Valli, C., Sutherland, 1., & Thomas, P. (2006). The 2006 analysis of information remaining on disks offered for sale on the second hand market. Journal of Digital Forensics, Security and Law, 1 (3), 22-36.
Nakashima, E. (2015, June). Chinese breach data of 4 million federal workers. ([online] https://www.washingtonpost.com/ world/national-security/ chinese-hackers-breach-federal -governments-personnel-office/ 2015/06/04/889c0e52-0af7-11e5 -95fd-d580f1c5d44e_story.html)
Perlroth, N. (2015, August). Ashley Madison Chief Steps Down After Data Breach. ([online] http://www.nytimes.com/2015/08/ 29/technology/ ashley-madison-ceo-steps-down -after-data-hack.html?_r=O)
Unspecified. (2016, June). Virus Total: Frequently Asked Questions. ([online] https://www.virustotal.com/en/ faq/)
Valli, C., & Jones, A. (2008). A study into the forensic recoverability of data from 2nd hand blackberry devices: World-class security, foiled by humans. Proceedings of World Congress in Computer Science, Computer Engineering, and Applied Computing, 604-607.
Martin, Thomas; Jones, Andy; and Alzaabi, Mohammed
"The 2016 Analysis of Information Remaining on Computer Hard Disks Offered for Sale on the Second Hand Market in the UAE,"
Journal of Digital Forensics, Security and Law: Vol. 11
, Article 6.
Available at: http://commons.erau.edu/jdfsl/vol11/iss4/6