SlideShare una empresa de Scribd logo

Threats to Privacy in the Management of Data Stored in Computer Systems by Gustavo Betarte

AltheimPrivacy
AltheimPrivacy
1 de 29
Descargar para leer sin conexión
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Threats to privacy arising in the management of data stored in Computer Systems Gustavo Betarte Instituto de Computación, Facultad de Ingeniería Universidad de la República, Uruguay www.fing.edu.uy/~gustun 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data 1 Overview 2 Data preservation and analysis 3 Data revelation 4 An Investigation on remnant data 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Overview The use of any modern computer system (pc, tablet, smartphone, ...) leaves unintended traces of expired data and remnants of users’ past activities 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Overview The use of any modern computer system (pc, tablet, smartphone, ...) leaves unintended traces of expired data and remnants of users’ past activities We put forward the issue of the unintended persistence of data stored in digital repositories 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Overview The use of any modern computer system (pc, tablet, smartphone, ...) leaves unintended traces of expired data and remnants of users’ past activities We put forward the issue of the unintended persistence of data stored in digital repositories This data can be recovered by forensic analysis, and it may pose a threat to privacy 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data preservation and analysis Preserving a historical record of activities and data is critical for a wide range of applications To recover after system failure To analyze past events after a breach To audit compliance with security policies 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data preservation and analysis Preserving a historical record of activities and data is critical for a wide range of applications To recover after system failure To analyze past events after a breach To audit compliance with security policies Intentional preservation of history can thus serve a good purpose (inexpensive storage makes it possible) 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data preservation and analysis Preserving a historical record of activities and data is critical for a wide range of applications To recover after system failure To analyze past events after a breach To audit compliance with security policies Intentional preservation of history can thus serve a good purpose (inexpensive storage makes it possible) Conversely, in many scenarios, retaining a history of past data or operations can pose a serious threat to privacy and confidentiality In large institutions and enterprises, systems that retain data for too long risk unwanted disclosure, for example by security breach 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data remnants Modern computer systems unintentionally preserve history 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data remnants Modern computer systems unintentionally preserve history It can be surprisingly difficult to remove traces of the past from computer systems 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data remnants Modern computer systems unintentionally preserve history It can be surprisingly difficult to remove traces of the past from computer systems Without precise control over data destruction, unwelcome remnants of past data can become a serious problem 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data remnants Modern computer systems unintentionally preserve history It can be surprisingly difficult to remove traces of the past from computer systems Without precise control over data destruction, unwelcome remnants of past data can become a serious problem A wealth of sensitive data, including financial and medical records, have been recovered from decommissioned hard drives 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data remnants Modern computer systems unintentionally preserve history It can be surprisingly difficult to remove traces of the past from computer systems Without precise control over data destruction, unwelcome remnants of past data can become a serious problem A wealth of sensitive data, including financial and medical records, have been recovered from decommissioned hard drives Digital documents published on the Web have been found to include sensitive content believed to be deleted 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data remnants Modern computer systems unintentionally preserve history It can be surprisingly difficult to remove traces of the past from computer systems Without precise control over data destruction, unwelcome remnants of past data can become a serious problem A wealth of sensitive data, including financial and medical records, have been recovered from decommissioned hard drives Digital documents published on the Web have been found to include sensitive content believed to be deleted Email was used in court cases against Enron employees and released to the public, some of which was contained in deleted items in folders 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Unintended data retention Example scenarios Businesses can unintentionally violate privacy regulations by leaving data in table or file storage 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Unintended data retention Example scenarios Businesses can unintentionally violate privacy regulations by leaving data in table or file storage Analysts that investigate data repositories recovered from lost or stolen computers can reveal sensitive information that was thought to be deleted 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Unintended data retention Example scenarios Businesses can unintentionally violate privacy regulations by leaving data in table or file storage Analysts that investigate data repositories recovered from lost or stolen computers can reveal sensitive information that was thought to be deleted Authorized investigators may recover data from equipment subpoenaed or seized from a crime scene, or simply in situations where company policy has been violated 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Unintended data retention Embedded Database storage Message headers and time stamps for messages believed to be deleted can be found on disk in embedded databases (Mail.app in OS X) 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Unintended data retention Embedded Database storage Message headers and time stamps for messages believed to be deleted can be found on disk in embedded databases (Mail.app in OS X) Firefox allows applications to store data that persists across sessions in an SQLite database. This storage is a sophisticated replacement for cookies, and can be a prime resource for forensic investigators to recover inadvertently retained deleted data 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data Revelation Through forensic analysis Remnants of past data and activities are revealed through forensic analysis 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data Revelation Through forensic analysis Remnants of past data and activities are revealed through forensic analysis When forensic analysis is performed by authorized investigators it can be a valuable tool, helping to hold individuals or systems accountable for malicious or mistaken actions, but 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data Revelation Through forensic analysis Remnants of past data and activities are revealed through forensic analysis When forensic analysis is performed by authorized investigators it can be a valuable tool, helping to hold individuals or systems accountable for malicious or mistaken actions, but When tools and methods of forensic analysis are used by an unauthorized party, it threatens privacy 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data Revelation Threat model Threats to privacy and confidentiality usually result from unintended retention of data in lower storage layers, where data is accessible through interfaces that are not controlled by the application or the database 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data Revelation Threat model Threats to privacy and confidentiality usually result from unintended retention of data in lower storage layers, where data is accessible through interfaces that are not controlled by the application or the database Existing security threats make it impossible to ensure that users will be limited to the intended interface provided by the application or the database where is stored the data. It is necessary to consider that an intruder will have unrestricted access to storage on disk 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data Revelation Threat model Threats to privacy and confidentiality usually result from unintended retention of data in lower storage layers, where data is accessible through interfaces that are not controlled by the application or the database Existing security threats make it impossible to ensure that users will be limited to the intended interface provided by the application or the database where is stored the data. It is necessary to consider that an intruder will have unrestricted access to storage on disk This models the capabilities of a system administrator, a forensic investigator, a hacker who has gained privileges on the system, or an intruder who has breached physical security 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Investigation: remnant data on memory cards Description Memory cards are widely used in numerous electronic devices Provide interfaces allowing for a large array of private and confidential data to be stored into the card Investigation conducted by a team of Australian researchers [Szewczyk, Sansurooah; 2011] Goal: to determine the sensitivity, type and amount of data that remained on second hand card memory post sale In 2011, 119 second hand memory cards were randomly purchased from eBay Australia Findings: highly sensitive data is stored on memory cards and it is not destroyed prior to sale 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Investigation: remnant data on memory cards Results State of the cards 75% had their data deleted and or formatted 12% were not recoverable 13% were purchased with all data intact and no sign of data deletion attempt Some of the information types recovered driver’s license together with full name, address and date of birth and photo of the driver with a luxury card real state settlement documents including names, addresses and purchasing information together with copies of bank deposit cheques hundreds of photographics images of an office party where the name of the company was showed and exposed photos of employees towards the end of the night 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Some concluding remarks Digital devices provide a false view of stored data Tools for removing data might not be effective Transparency principles to improve privacy seems to be needed 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data References T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum Data Lifetime is a System Problem. In Proceedings of ACM SIGOPS European Workshop, 2004. M. Geiger, L. Cranor Scrubbing Stubborn Data: An evaluation of counter-forensic privacy tools. IEEE Security and Privacy Magazine, 4(5): 16-25, 2006. P Stahlberg, G. Miklau, B. N. Levine . Threats to Privacy in the Forensic Analysis of Database Systems. In Proceedings of SIGMOD 07, Beijin, China, 2007. W. Enck, D. Octeau, P McDaniel,S. Chaudhuri . A Study of Android Application Security. In Proceedings of the 20th USENIX Conference on Security, Berkeley, CA, USA, 2011. P Szewczyk, K. Sansurooah . A 2011 investigation into remnant data on second hand memory cards sold in Australia. In Proceedings of the 9th Australian Digital Forensics Conference, Perth Western, Australia, 5th -7th, December 2011 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data

Recomendados

Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityAlchemist095
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Digital Forensic Case Study
Digital Forensic Case StudyDigital Forensic Case Study
Digital Forensic Case StudyMyAssignmenthelp.com
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 

Recomendados

Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityAlchemist095
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidencerakesh mishra
 
Digital Forensic Case Study
Digital Forensic Case StudyDigital Forensic Case Study
Digital Forensic Case StudyMyAssignmenthelp.com
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsLalit Garg
 
DF Process Models
DF Process ModelsDF Process Models
DF Process ModelsCostas Katsavounidis
 
Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemAlchemist095
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...GarethKnight
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensicsMarco Alamanni
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsVikas Jain
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensiknewbie2019
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsVidoushi B-Somrah
 
Computer forencis
Computer forencisComputer forencis
Computer forencisTeja Bheemanapally
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicTawhidur Rahman
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
computer forensics
computer forensics computer forensics
computer forensics samantha jarrett
 
06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - NotesKranthi
 
Digital forensic
Digital forensicDigital forensic
Digital forensicChandan Sah
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
Chapter 1 Introducing Hardware
Chapter 1 Introducing HardwareChapter 1 Introducing Hardware
Chapter 1 Introducing HardwareApril Lorraine
 
Types of computer
Types of computer Types of computer
Types of computer B M ASHIK MAHMUD
 

Más contenido relacionado

La actualidad más candente

Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemAlchemist095
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...GarethKnight
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensicsRahul Baghla
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensicsMarco Alamanni
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsVikas Jain
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensiknewbie2019
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - NotesKranthi
 
Digital forensic
Digital forensicDigital forensic
Digital forensicChandan Sah
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 

La actualidad más candente (20)

DF Process Models
DF Process ModelsDF Process Models
DF Process Models
 
Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file system
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensics
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensik
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
 
computer forensics
computer forensics computer forensics
computer forensics
 
06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes
 
Digital forensic
Digital forensicDigital forensic
Digital forensic
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedure
 

Destacado

Chapter 1 Introducing Hardware
Chapter 1 Introducing HardwareChapter 1 Introducing Hardware
Chapter 1 Introducing HardwareApril Lorraine
 
Why Is Information "Capture" Now More Than Just Scanning Documents Into An Ar...
Why Is Information "Capture" Now More Than Just Scanning Documents Into An Ar...Why Is Information "Capture" Now More Than Just Scanning Documents Into An Ar...
Why Is Information "Capture" Now More Than Just Scanning Documents Into An Ar...AIIM International
 
Information Storage and Retrieval : A Case Study
Information Storage and Retrieval : A Case StudyInformation Storage and Retrieval : A Case Study
Information Storage and Retrieval : A Case StudyBhojaraju Gunjal
 
The Why and How of Knowledge Management: Some Applications in Teaching and Le...
The Why and How of Knowledge Management: Some Applications in Teaching and Le...The Why and How of Knowledge Management: Some Applications in Teaching and Le...
The Why and How of Knowledge Management: Some Applications in Teaching and Le...Olivier Serrat
 
Unit 3 Storage And Retreival Of Information
Unit 3 Storage And Retreival Of InformationUnit 3 Storage And Retreival Of Information
Unit 3 Storage And Retreival Of Informationiarthur
 
Information Retrieval, Encoding, Indexing, Big Table. Lecture 6 - Indexing
Information Retrieval, Encoding, Indexing, Big Table. Lecture 6 - IndexingInformation Retrieval, Encoding, Indexing, Big Table. Lecture 6 - Indexing
Information Retrieval, Encoding, Indexing, Big Table. Lecture 6 - IndexingSean Golliher
 
Effective Information Management V2 18sep2008
Effective Information Management V2 18sep2008Effective Information Management V2 18sep2008
Effective Information Management V2 18sep2008Collabor8now Ltd
 
Information Management in a Web 2.0 World May 2009
Information Management in a Web 2.0 World May 2009Information Management in a Web 2.0 World May 2009
Information Management in a Web 2.0 World May 2009Collabor8now Ltd
 
Types, purposes and applications of information systems
Types, purposes and applications of information systemsTypes, purposes and applications of information systems
Types, purposes and applications of information systemsMary May Porto
 
Computer Architecture - Hardware - Lesson 5 - Memory - Eric Vanderburg
Computer Architecture - Hardware - Lesson 5 - Memory - Eric VanderburgComputer Architecture - Hardware - Lesson 5 - Memory - Eric Vanderburg
Computer Architecture - Hardware - Lesson 5 - Memory - Eric VanderburgEric Vanderburg
 
American Urbanization: New York City
American Urbanization: New York CityAmerican Urbanization: New York City
American Urbanization: New York Citymeggss24
 
Day ın the Lıfe Template
Day ın the Lıfe TemplateDay ın the Lıfe Template
Day ın the Lıfe TemplateNoel Hatch
 
Day ın the Lıfe - Example
Day ın the Lıfe - ExampleDay ın the Lıfe - Example
Day ın the Lıfe - ExampleNoel Hatch
 
Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...
Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...
Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...Ronald Voorn
 
PIX:MAG webdesign magazin
PIX:MAG webdesign magazinPIX:MAG webdesign magazin
PIX:MAG webdesign magazinZsuzsanna Tóth
 
Government Publications August 2015 Library Guide (4)
Government Publications August 2015 Library Guide (4)Government Publications August 2015 Library Guide (4)
Government Publications August 2015 Library Guide (4)Mary Howrey
 
Applying technology to school
Applying technology to schoolApplying technology to school
Applying technology to schoolAditi Sameer
 
Brazil: Nation Report
Brazil: Nation ReportBrazil: Nation Report
Brazil: Nation Reportmeggss24
 

Destacado (20)

Chapter 1 Introducing Hardware
Chapter 1 Introducing HardwareChapter 1 Introducing Hardware
Chapter 1 Introducing Hardware
 
Types of computer
Types of computer Types of computer
Types of computer
 
Why Is Information "Capture" Now More Than Just Scanning Documents Into An Ar...
Why Is Information "Capture" Now More Than Just Scanning Documents Into An Ar...Why Is Information "Capture" Now More Than Just Scanning Documents Into An Ar...
Why Is Information "Capture" Now More Than Just Scanning Documents Into An Ar...
 
Information Storage and Retrieval : A Case Study
Information Storage and Retrieval : A Case StudyInformation Storage and Retrieval : A Case Study
Information Storage and Retrieval : A Case Study
 
The Why and How of Knowledge Management: Some Applications in Teaching and Le...
The Why and How of Knowledge Management: Some Applications in Teaching and Le...The Why and How of Knowledge Management: Some Applications in Teaching and Le...
The Why and How of Knowledge Management: Some Applications in Teaching and Le...
 
Unit 3 Storage And Retreival Of Information
Unit 3 Storage And Retreival Of InformationUnit 3 Storage And Retreival Of Information
Unit 3 Storage And Retreival Of Information
 
Information Retrieval, Encoding, Indexing, Big Table. Lecture 6 - Indexing
Information Retrieval, Encoding, Indexing, Big Table. Lecture 6 - IndexingInformation Retrieval, Encoding, Indexing, Big Table. Lecture 6 - Indexing
Information Retrieval, Encoding, Indexing, Big Table. Lecture 6 - Indexing
 
Effective Information Management V2 18sep2008
Effective Information Management V2 18sep2008Effective Information Management V2 18sep2008
Effective Information Management V2 18sep2008
 
Information Management in a Web 2.0 World May 2009
Information Management in a Web 2.0 World May 2009Information Management in a Web 2.0 World May 2009
Information Management in a Web 2.0 World May 2009
 
Types, purposes and applications of information systems
Types, purposes and applications of information systemsTypes, purposes and applications of information systems
Types, purposes and applications of information systems
 
Computer Architecture - Hardware - Lesson 5 - Memory - Eric Vanderburg
Computer Architecture - Hardware - Lesson 5 - Memory - Eric VanderburgComputer Architecture - Hardware - Lesson 5 - Memory - Eric Vanderburg
Computer Architecture - Hardware - Lesson 5 - Memory - Eric Vanderburg
 
American Urbanization: New York City
American Urbanization: New York CityAmerican Urbanization: New York City
American Urbanization: New York City
 
Day ın the Lıfe Template
Day ın the Lıfe TemplateDay ın the Lıfe Template
Day ın the Lıfe Template
 
Day ın the Lıfe - Example
Day ın the Lıfe - ExampleDay ın the Lıfe - Example
Day ın the Lıfe - Example
 
Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...
Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...
Warmte en Competentie als voorspellers van merkgedrag:Een Nederlandse benader...
 
PIX:MAG webdesign magazin
PIX:MAG webdesign magazinPIX:MAG webdesign magazin
PIX:MAG webdesign magazin
 
Government Publications August 2015 Library Guide (4)
Government Publications August 2015 Library Guide (4)Government Publications August 2015 Library Guide (4)
Government Publications August 2015 Library Guide (4)
 
Advanced sql injection 2
Advanced sql injection 2Advanced sql injection 2
Advanced sql injection 2
 
Applying technology to school
Applying technology to schoolApplying technology to school
Applying technology to school
 
Brazil: Nation Report
Brazil: Nation ReportBrazil: Nation Report
Brazil: Nation Report
 

Similar a Threats to Privacy in the Management of Data Stored in Computer Systems by Gustavo Betarte

Data Transformation Technique for Protecting Private Information in Privacy P...
Data Transformation Technique for Protecting Private Information in Privacy P...Data Transformation Technique for Protecting Private Information in Privacy P...
Data Transformation Technique for Protecting Private Information in Privacy P...acijjournal
 
Big Data in Distributed Analytics,Cybersecurity And Digital Forensics
Big Data in Distributed Analytics,Cybersecurity And Digital ForensicsBig Data in Distributed Analytics,Cybersecurity And Digital Forensics
Big Data in Distributed Analytics,Cybersecurity And Digital ForensicsSherinMariamReji05
 
hel29999999999999999999999999999999999999999999.ppt
hel29999999999999999999999999999999999999999999.ppthel29999999999999999999999999999999999999999999.ppt
hel29999999999999999999999999999999999999999999.pptgealehegn
 
SWOT of Bigdata Security Using Machine Learning Techniques
SWOT of Bigdata Security Using Machine Learning TechniquesSWOT of Bigdata Security Using Machine Learning Techniques
SWOT of Bigdata Security Using Machine Learning Techniquesijistjournal
 
A Survey Paper on an Integrated Approach for Privacy Preserving In High Dimen...
A Survey Paper on an Integrated Approach for Privacy Preserving In High Dimen...A Survey Paper on an Integrated Approach for Privacy Preserving In High Dimen...
A Survey Paper on an Integrated Approach for Privacy Preserving In High Dimen...IJSRD
 
IT Security and Risk Management
IT Security and Risk ManagementIT Security and Risk Management
IT Security and Risk ManagementARNOOSH
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
Techniques in Computer Forensics: A Recovery Perspective
Techniques in Computer Forensics: A Recovery PerspectiveTechniques in Computer Forensics: A Recovery Perspective
Techniques in Computer Forensics: A Recovery PerspectiveCSCJournals
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsAlchemist095
 
TIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__revTIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__revjackpopo
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Mukesh Chinta
 
Isaca how innovation can bridge the gap between privacy and regulations
Isaca how innovation can bridge the gap between privacy and regulationsIsaca how innovation can bridge the gap between privacy and regulations
Isaca how innovation can bridge the gap between privacy and regulationsUlf Mattsson
 
IoT module 3- 22ETC15H-2022-23 by Dr.Suresha V1.pdf
IoT module 3- 22ETC15H-2022-23 by Dr.Suresha V1.pdfIoT module 3- 22ETC15H-2022-23 by Dr.Suresha V1.pdf
IoT module 3- 22ETC15H-2022-23 by Dr.Suresha V1.pdfSURESHA V
 

Similar a Threats to Privacy in the Management of Data Stored in Computer Systems by Gustavo Betarte (20)

Data Transformation Technique for Protecting Private Information in Privacy P...
Data Transformation Technique for Protecting Private Information in Privacy P...Data Transformation Technique for Protecting Private Information in Privacy P...
Data Transformation Technique for Protecting Private Information in Privacy P...
 
10probs.ppt
10probs.ppt10probs.ppt
10probs.ppt
 
Big Data in Distributed Analytics,Cybersecurity And Digital Forensics
Big Data in Distributed Analytics,Cybersecurity And Digital ForensicsBig Data in Distributed Analytics,Cybersecurity And Digital Forensics
Big Data in Distributed Analytics,Cybersecurity And Digital Forensics
 
hel29999999999999999999999999999999999999999999.ppt
hel29999999999999999999999999999999999999999999.ppthel29999999999999999999999999999999999999999999.ppt
hel29999999999999999999999999999999999999999999.ppt
 
SWOT of Bigdata Security Using Machine Learning Techniques
SWOT of Bigdata Security Using Machine Learning TechniquesSWOT of Bigdata Security Using Machine Learning Techniques
SWOT of Bigdata Security Using Machine Learning Techniques
 
A Survey Paper on an Integrated Approach for Privacy Preserving In High Dimen...
A Survey Paper on an Integrated Approach for Privacy Preserving In High Dimen...A Survey Paper on an Integrated Approach for Privacy Preserving In High Dimen...
A Survey Paper on an Integrated Approach for Privacy Preserving In High Dimen...
 
1699 1704
1699 17041699 1704
1699 1704
 
1699 1704
1699 17041699 1704
1699 1704
 
IT Security and Risk Management
IT Security and Risk ManagementIT Security and Risk Management
IT Security and Risk Management
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 
F1805023942
F1805023942F1805023942
F1805023942
 
DPIA template
DPIA templateDPIA template
DPIA template
 
Techniques in Computer Forensics: A Recovery Perspective
Techniques in Computer Forensics: A Recovery PerspectiveTechniques in Computer Forensics: A Recovery Perspective
Techniques in Computer Forensics: A Recovery Perspective
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Latest presentation
Latest presentationLatest presentation
Latest presentation
 
TIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__revTIK_4. pengelolaan informasi_20161__rev
TIK_4. pengelolaan informasi_20161__rev
 
Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2Cisco cybersecurity essentials chapter - 2
Cisco cybersecurity essentials chapter - 2
 
Isaca how innovation can bridge the gap between privacy and regulations
Isaca how innovation can bridge the gap between privacy and regulationsIsaca how innovation can bridge the gap between privacy and regulations
Isaca how innovation can bridge the gap between privacy and regulations
 
IOT Forensics
IOT ForensicsIOT Forensics
IOT Forensics
 
IoT module 3- 22ETC15H-2022-23 by Dr.Suresha V1.pdf
IoT module 3- 22ETC15H-2022-23 by Dr.Suresha V1.pdfIoT module 3- 22ETC15H-2022-23 by Dr.Suresha V1.pdf
IoT module 3- 22ETC15H-2022-23 by Dr.Suresha V1.pdf
 

Más de AltheimPrivacy

Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)AltheimPrivacy
 
NYCLA Privacy CLE_october_1_2014_presentation
NYCLA Privacy CLE_october_1_2014_presentationNYCLA Privacy CLE_october_1_2014_presentation
NYCLA Privacy CLE_october_1_2014_presentationAltheimPrivacy
 
Ripped from the Headlines: Cautionary Tales from the Annals of Data Privacy
Ripped from the Headlines: Cautionary Tales from the Annals of Data PrivacyRipped from the Headlines: Cautionary Tales from the Annals of Data Privacy
Ripped from the Headlines: Cautionary Tales from the Annals of Data PrivacyAltheimPrivacy
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...AltheimPrivacy
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...AltheimPrivacy
 
How to Hide Your Page "Likes" from Facebook Graph Search and Social Ads
How to Hide Your Page "Likes" from Facebook Graph Search and Social AdsHow to Hide Your Page "Likes" from Facebook Graph Search and Social Ads
How to Hide Your Page "Likes" from Facebook Graph Search and Social AdsAltheimPrivacy
 
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...AltheimPrivacy
 
Three Easy Steps To Basic Privacy/Security on Facebook
Three Easy Steps To Basic Privacy/Security on FacebookThree Easy Steps To Basic Privacy/Security on Facebook
Three Easy Steps To Basic Privacy/Security on FacebookAltheimPrivacy
 
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
Cross Border Ediscovery vs. EU Data Protection at LegalTech West CoastAltheimPrivacy
 
Facebook New Changes 2011
Facebook New Changes 2011Facebook New Changes 2011
Facebook New Changes 2011AltheimPrivacy
 

Más de AltheimPrivacy (10)

Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
 
NYCLA Privacy CLE_october_1_2014_presentation
NYCLA Privacy CLE_october_1_2014_presentationNYCLA Privacy CLE_october_1_2014_presentation
NYCLA Privacy CLE_october_1_2014_presentation
 
Ripped from the Headlines: Cautionary Tales from the Annals of Data Privacy
Ripped from the Headlines: Cautionary Tales from the Annals of Data PrivacyRipped from the Headlines: Cautionary Tales from the Annals of Data Privacy
Ripped from the Headlines: Cautionary Tales from the Annals of Data Privacy
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
 
How to Hide Your Page "Likes" from Facebook Graph Search and Social Ads
How to Hide Your Page "Likes" from Facebook Graph Search and Social AdsHow to Hide Your Page "Likes" from Facebook Graph Search and Social Ads
How to Hide Your Page "Likes" from Facebook Graph Search and Social Ads
 
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
 
Three Easy Steps To Basic Privacy/Security on Facebook
Three Easy Steps To Basic Privacy/Security on FacebookThree Easy Steps To Basic Privacy/Security on Facebook
Three Easy Steps To Basic Privacy/Security on Facebook
 
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
 
Facebook New Changes 2011
Facebook New Changes 2011Facebook New Changes 2011
Facebook New Changes 2011
 

Threats to Privacy in the Management of Data Stored in Computer Systems by Gustavo Betarte

  • 1. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Threats to privacy arising in the management of data stored in Computer Systems Gustavo Betarte Instituto de Computación, Facultad de Ingeniería Universidad de la República, Uruguay www.fing.edu.uy/~gustun 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 2. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data 1 Overview 2 Data preservation and analysis 3 Data revelation 4 An Investigation on remnant data 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 3. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Overview The use of any modern computer system (pc, tablet, smartphone, ...) leaves unintended traces of expired data and remnants of users’ past activities 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 4. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Overview The use of any modern computer system (pc, tablet, smartphone, ...) leaves unintended traces of expired data and remnants of users’ past activities We put forward the issue of the unintended persistence of data stored in digital repositories 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 5. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Overview The use of any modern computer system (pc, tablet, smartphone, ...) leaves unintended traces of expired data and remnants of users’ past activities We put forward the issue of the unintended persistence of data stored in digital repositories This data can be recovered by forensic analysis, and it may pose a threat to privacy 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 6. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data preservation and analysis Preserving a historical record of activities and data is critical for a wide range of applications To recover after system failure To analyze past events after a breach To audit compliance with security policies 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 7. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data preservation and analysis Preserving a historical record of activities and data is critical for a wide range of applications To recover after system failure To analyze past events after a breach To audit compliance with security policies Intentional preservation of history can thus serve a good purpose (inexpensive storage makes it possible) 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 8. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data preservation and analysis Preserving a historical record of activities and data is critical for a wide range of applications To recover after system failure To analyze past events after a breach To audit compliance with security policies Intentional preservation of history can thus serve a good purpose (inexpensive storage makes it possible) Conversely, in many scenarios, retaining a history of past data or operations can pose a serious threat to privacy and confidentiality In large institutions and enterprises, systems that retain data for too long risk unwanted disclosure, for example by security breach 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 9. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data remnants Modern computer systems unintentionally preserve history 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 10. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data remnants Modern computer systems unintentionally preserve history It can be surprisingly difficult to remove traces of the past from computer systems 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 11. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data remnants Modern computer systems unintentionally preserve history It can be surprisingly difficult to remove traces of the past from computer systems Without precise control over data destruction, unwelcome remnants of past data can become a serious problem 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 12. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data remnants Modern computer systems unintentionally preserve history It can be surprisingly difficult to remove traces of the past from computer systems Without precise control over data destruction, unwelcome remnants of past data can become a serious problem A wealth of sensitive data, including financial and medical records, have been recovered from decommissioned hard drives 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 13. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data remnants Modern computer systems unintentionally preserve history It can be surprisingly difficult to remove traces of the past from computer systems Without precise control over data destruction, unwelcome remnants of past data can become a serious problem A wealth of sensitive data, including financial and medical records, have been recovered from decommissioned hard drives Digital documents published on the Web have been found to include sensitive content believed to be deleted 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 14. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data remnants Modern computer systems unintentionally preserve history It can be surprisingly difficult to remove traces of the past from computer systems Without precise control over data destruction, unwelcome remnants of past data can become a serious problem A wealth of sensitive data, including financial and medical records, have been recovered from decommissioned hard drives Digital documents published on the Web have been found to include sensitive content believed to be deleted Email was used in court cases against Enron employees and released to the public, some of which was contained in deleted items in folders 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 15. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Unintended data retention Example scenarios Businesses can unintentionally violate privacy regulations by leaving data in table or file storage 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 16. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Unintended data retention Example scenarios Businesses can unintentionally violate privacy regulations by leaving data in table or file storage Analysts that investigate data repositories recovered from lost or stolen computers can reveal sensitive information that was thought to be deleted 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 17. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Unintended data retention Example scenarios Businesses can unintentionally violate privacy regulations by leaving data in table or file storage Analysts that investigate data repositories recovered from lost or stolen computers can reveal sensitive information that was thought to be deleted Authorized investigators may recover data from equipment subpoenaed or seized from a crime scene, or simply in situations where company policy has been violated 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 18. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Unintended data retention Embedded Database storage Message headers and time stamps for messages believed to be deleted can be found on disk in embedded databases (Mail.app in OS X) 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 19. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Unintended data retention Embedded Database storage Message headers and time stamps for messages believed to be deleted can be found on disk in embedded databases (Mail.app in OS X) Firefox allows applications to store data that persists across sessions in an SQLite database. This storage is a sophisticated replacement for cookies, and can be a prime resource for forensic investigators to recover inadvertently retained deleted data 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 20. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data Revelation Through forensic analysis Remnants of past data and activities are revealed through forensic analysis 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 21. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data Revelation Through forensic analysis Remnants of past data and activities are revealed through forensic analysis When forensic analysis is performed by authorized investigators it can be a valuable tool, helping to hold individuals or systems accountable for malicious or mistaken actions, but 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 22. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data Revelation Through forensic analysis Remnants of past data and activities are revealed through forensic analysis When forensic analysis is performed by authorized investigators it can be a valuable tool, helping to hold individuals or systems accountable for malicious or mistaken actions, but When tools and methods of forensic analysis are used by an unauthorized party, it threatens privacy 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 23. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data Revelation Threat model Threats to privacy and confidentiality usually result from unintended retention of data in lower storage layers, where data is accessible through interfaces that are not controlled by the application or the database 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 24. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data Revelation Threat model Threats to privacy and confidentiality usually result from unintended retention of data in lower storage layers, where data is accessible through interfaces that are not controlled by the application or the database Existing security threats make it impossible to ensure that users will be limited to the intended interface provided by the application or the database where is stored the data. It is necessary to consider that an intruder will have unrestricted access to storage on disk 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 25. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Data Revelation Threat model Threats to privacy and confidentiality usually result from unintended retention of data in lower storage layers, where data is accessible through interfaces that are not controlled by the application or the database Existing security threats make it impossible to ensure that users will be limited to the intended interface provided by the application or the database where is stored the data. It is necessary to consider that an intruder will have unrestricted access to storage on disk This models the capabilities of a system administrator, a forensic investigator, a hacker who has gained privileges on the system, or an intruder who has breached physical security 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 26. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Investigation: remnant data on memory cards Description Memory cards are widely used in numerous electronic devices Provide interfaces allowing for a large array of private and confidential data to be stored into the card Investigation conducted by a team of Australian researchers [Szewczyk, Sansurooah; 2011] Goal: to determine the sensitivity, type and amount of data that remained on second hand card memory post sale In 2011, 119 second hand memory cards were randomly purchased from eBay Australia Findings: highly sensitive data is stored on memory cards and it is not destroyed prior to sale 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 27. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Investigation: remnant data on memory cards Results State of the cards 75% had their data deleted and or formatted 12% were not recoverable 13% were purchased with all data intact and no sign of data deletion attempt Some of the information types recovered driver’s license together with full name, address and date of birth and photo of the driver with a luxury card real state settlement documents including names, addresses and purchasing information together with copies of bank deposit cheques hundreds of photographics images of an office party where the name of the company was showed and exposed photos of employees towards the end of the night 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 28. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data Some concluding remarks Digital devices provide a false view of stored data Tools for removing data might not be effective Transparency principles to improve privacy seems to be needed 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data
  • 29. Plan Overview Data preservation and analysis Data revelation An Investigation on remnant data References T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum Data Lifetime is a System Problem. In Proceedings of ACM SIGOPS European Workshop, 2004. M. Geiger, L. Cranor Scrubbing Stubborn Data: An evaluation of counter-forensic privacy tools. IEEE Security and Privacy Magazine, 4(5): 16-25, 2006. P Stahlberg, G. Miklau, B. N. Levine . Threats to Privacy in the Forensic Analysis of Database Systems. In Proceedings of SIGMOD 07, Beijin, China, 2007. W. Enck, D. Octeau, P McDaniel,S. Chaudhuri . A Study of Android Application Security. In Proceedings of the 20th USENIX Conference on Security, Berkeley, CA, USA, 2011. P Szewczyk, K. Sansurooah . A 2011 investigation into remnant data on second hand memory cards sold in Australia. In Proceedings of the 9th Australian Digital Forensics Conference, Perth Western, Australia, 5th -7th, December 2011 34th IC Data Protection and Privacy Commissioners G. Betarte - Threats to Privacy of Stored Data