CT shooter’s smashed hard drive poses challenge for investigators
Investigators hoped to learn something from a computer found in the home shared by Adam Lanza — the gunman who killed 26 people at Sandy Hook Elementary School in Newtown, Conn. — and his late mother, but the computer and the hard drive were heavily damaged, say authorities. There may be further attempts to recover data, but luck may not be on the investigators’ side.
Law enforcement sources told NBC News that they’re somewhat pessimistic that Adam Lanza’s computer will yield any useful information. Not only was the actual computer heavily damaged, but its hard drive was removed and subjected to additional damage. We asked data storage experts to explain the sorts of challenges these computer forensics workers are facing.
“If there’s physical damage to the disks, I would say that it’s nearly impossible to get the data off,” said Robb Moore, CEO of ioSafe — a company that builds durable housings for hard drives and develops other disaster-proofing for data products. A standard hard drive consists of an enclosure, a circuit board, a read/write head and disks, also called platters, which have a magnetic coating. The disks themselves are often made of glass or other fragile materials, Moore told NBC News; they can bend, break or shatter. The actual data lives on that thin coating, which is “very sensitive to scratches and damage,” Moore said.
“If someone damaged just the circuit board, it’s possible to replace the circuit board,” Moore said. “If someone damaged the drive so that the disks have shattered, it would be nearly impossible to get the data off these disks.”
Tony Martino, Director of the Computer Forensics Research and Development Center at Utica College, clarified that while a whole shattered platter makes chances of recovery “pretty much nonexistent,” it may be possible to read a portion of the data if just a piece of the platter is damaged. Even then, the recovery process is quite intense.
Paulo Licio de Geus, associate professor at Institute of Computing at Unicamp, focuses his research on computer security. He explains that if the platters are merely bent, rather than shattered — which could happen, depending on materials and manufacturers — an elaborate laboratory procedure could be used to recover some information. “One must be really determined to fancy such an enterprise,” he told NBC News.
Chris Bross is a senior engineer at Drive Savers — a company which tries to recover data from erased or damaged hard drives. He told NBC News that in his two decades on the job, he has successfully extracted information from hard drives damaged intentionally by being hit with a hammer, shot or run over with a car.
“It’s actually difficult to successfully destroy data to an absolute level,” he explains. “What we do in a laboratory is engineering work. There’s always opportunity for recovery from a storage device unless that device has been extremely damaged.” He confirms that, “if the platters have been shattered, then there’s no tangible way to put together data from that.” But if the platters are partially chipped, scratched, or similar? There’s still a chance.
— With reporting by NBC News’ Pete Williams