The 2009 analysis of information remaining on USB storage devices offered for sale on the second hand market

The use of the USB storage device, also known as the USB drive, a thumb drive, a keychain drive and a flash drive has, for the most part, replaced the floppy disk and to some extent the Compact Disk (CD), the DVD (Digital Video Disk or Digital Versatile Disk) and the external hard disk. Their robustness, size and weight make them easy to transport, but also to lose or misplace. They are inexpensive and are often given away as promotional items by organisations. Over the last few years there has been a dramatic increase in the storage capacity of these devices, going from a few tens of megabytes to a current capacity of around 64 gigabytes (equal to around 13 DVDs). The larger capacity and continued low cost has vastly increased the potential uses of the devices and also the volumes and types of data that they may contain

Analysis of Information Remaining on Hand Held Devices Offered for Sale on the Second Hand

The ownership and use of mobile phones, Personal Digital Assistants and other hand held devices is now ubiquitous both for home and business use. The majority of these devices have a high initial cost, a relatively short period before they become obsolescent and a relatively low second hand value. As a result of this, when the devices are replaced, there are indications that they tend to be discarded. As technology has continued to develop, it has led to an increasing diversity in the number and type of devices that are available, and the processing power and the storage capacity of the digital storage in the device. All organisations, whether in the public or private sector increasingly use hand held devices that contain digital media for the storage of information relating to their business, their employees or their customers. Similarly, individual private users increasingly use hand held devices containing digital media for the storage of information relating to their private lives. The research revealed that a significant number of organisations and private users are ignorant or misinformed about the volume and type of information that is stored on the hand held devices and the media on which it is stored. It is apparent that they have either not considered, or are unaware of, the potential impact of this information becoming available to their competitors or those with criminal intent. This main purpose of this study was to gain an understanding of the volume and type of information that may remain on hand held devices that are offered for sale on the second hand market. A second aim of the research was to determine the level of damage that could, potentially be caused, if the information that remains on the devices fell into the wrong hands. The study examined a number of hand held devices that had been obtained from sources in the UK and Australia that ranged from internet auction sites, to private sales and commercial resellers. The study was carried out by the security research team at the BT IT Futures Centre in conjunction with Edith Cowan University in Australia and the University of Glamorgan in the UK. The basis of the research was to acquire a number of second hand hand held devices from a diverse range of sources and then determine whether they still contained information relating to a previous owner or whether the information had been effectively removed. The devices that were obtained for the research were supplied blind to the researchers through a third party. The ‘blind’ supply of the devices meant that the people undertaking the research were provided with no information about the device and that the source of the devices and any external markings were hidden from them. This process was put in place to ensure that any findings of the research were based solely on the information that could be recovered from the digital storage media that was contained within the device. The underlying methodology that was used in the research was based on the forensic imaging of the devices. A forensic image of a device is a copy of the digital media that has been created in a scientifically sound manner to a standard that is acceptable to the courts. This procedure was implemented to ensure that the evidential integrity of the devices was maintained, with the devices also then being stored in a secure manner. All subsequent research was then conducted on the image of the device. This was considered to be a sensible precaution against the possibility that information discovered on a device might indicate criminal activity and require the involvement of law enforcement. Following the forensic imaging of the devices, the images that were created were then analysed to determine whether any information remained and whether it could be easily recovered using commonly available tools and techniques that anyone who had purchased the device could acquire

Analysis of Information Remaining on Hand Held Devices for Sale on the Second Hand Market

The ownership and use of mobile phones, Personal Digital Assistants and other hand held devices is now ubiquitous both for home and business use. The majority of these devices have a high initial cost, a relatively short period before they become obsolescent and a relatively low second hand value. As a result of this, when the devices are replaced, there are indications that they tend to be discarded. As technology has continued to develop, it has led to an increasing diversity in the number and type of devices that are available, and the processing power and the storage capacity of the digital storage in the device. All organisations, whether in the public or private sector increasingly use hand held devices that contain digital media for the storage of information relating to their business, their employees or their customers. Similarly, individual private users increasingly use hand held devices containing digital media for the storage of information relating to their private lives. The research revealed that a significant number of organisations and private users are ignorant or misinformed about the volume and type of information that is stored on the hand held devices and the media on which it is stored. It is apparent that they have either not considered, or are unaware of, the potential impact of this information becoming available to their competitors or those with criminal intent. This main purpose of this study was to gain an understanding of the volume and type of information that may remain on hand held devices that are offered for sale on the second hand market. A second aim of the research was to determine the level of damage that could, potentially be caused, if the information that remains on the devices fell into the wrong hands. The study examined a number of hand held devices that had been obtained from sources in the UK and Australia that ranged from internet auction sites, to private sales and commercial resellers. The study was carried out by the security research team at the BT IT Futures Centre in conjunction with Edith Cowan University in Australia and the University of Glamorgan in the UK. The basis of the research was to acquire a number of second hand hand held devices from a diverse range of sources and then determine whether they still contained information relating to a previous owner or whether the information had been effectively removed. The devices that were obtained for the research were supplied blind to the researchers through a third party. The ‘blind’ supply of the devices meant that the people undertaking the research were provided with no information about the device and that the source of the devices and any external markings were hidden from them. This process was put in place to ensure that any findings of the research were based solely on the information that could be recovered from the digital storage media that was contained within the device. The underlying methodology that was used in the research was based on the forensic imaging of the devices. A forensic image of a device is a copy of the digital media that has been created in a scientifically sound manner to a standard that is acceptable to the courts. This procedure was implemented to ensure that the evidential integrity of the devices was maintained, with the devices also then being stored in a secure manner. All subsequent research was then conducted on the image of the device. This was considered to be a sensible precaution against the possibility that information discovered on a device might indicate criminal activity and require the involvement of law enforcement. Following the forensic imaging of the devices, the images that were created were then analysed to determine whether any information remained and whether it could be easily recovered using commonly available tools and techniques that anyone who had purchased the device could acquire

Industrial Espionage from Residual Data: Risks and Countermeasures

This paper outlines the possible recovery of potentially sensitive corporate information from residual data. It outlines previous work on the recovery of information contained on second hand hard disks and handheld devices and discusses the risk of individuals conducting industrial espionage by targeting specific organizations. It examines the possible avenues for an attacker to obtain a storage device, then discusses the skill level required to extract information from the storage devices and considers the potential risk to an organization from this particular avenue of attack. The paper concludes by proposing a number of possible countermeasures to enable organizations to reduce the risk of this particular form of attac

The 2012 Analysis of Information Remaining on Computer Hard Disks Offered for Sale on the Second Hand Market in the UAE

The growth in the use of computers in all aspects of our lives has continued to increase to the point where desktop, laptop, netbook or tablet computers are now almost essential in the way that we communicate and work. As a result of this, and the fact that these devices have a limited lifespan, enormous numbers of computers are being disposed of at the end of their useful life by individuals or/and organisations. As the cost of computing has reduced, the level of ‘consumerisation’ has increased together with the requirement for mobility. This has led to an increasing use of these devices both in the work environment and for personal data, which has resulted in computers containing high levels of both personal and corporate data. Computers have a relatively short life and are replaced on a regular basis. If not properly cleansed of data when they are released into the public domain they may contain data that is sensitive to the organisation or the individual and which may be relatively up to date. This problem is further exacerbated by the increasing popularity and use of smart phones, which may also contain significant storage capacity. This research describes the first survey of data remaining on computer hard disks sold on the second hand market in the United Arab Emirates (UAE). Similar studies have been carried over the last six years in the United Kingdom, Australia, USA, Germany and France. This research was undertaken to gain insight into the volumes of data found on disks purchased in the UAE compared to other regions of the world and to gain an understanding of the relative level of the problem of residual data in the UAE. The study was carried out by Khalifa University of Science, Technology and Research and was sponsored by Verizon Ltd, a security management and consultancy company.The core methodology of the research that was adopted for the study was the same as has been used for the other studies referred to above. The methodology included the acquisition of a number of second hand computer disks from a range of sources and then analysing them to determine whether any data could be recovered from the disk and if so, whether the data that it contained could be used to determine the previous owner or user. If information was found on the disks and the previous user or owner could be identified, the research examined whether it was of a sensitive nature or in a sufficient volume to represent a risk

The 2012 Analysis of Information Remaining on Computer Hard Disks Offered for Sale on the Second Hand Market in the UAE

The growth in the use of computers in all aspects of our lives has continued to increase to the point where desktop, laptop, netbook or tablet computers are now almost essential in the way that we communicate and work. As a result of this, and the fact that these devices have a limited lifespan, enormous numbers of computers are being disposed of at the end of their useful life by individuals or/and organisations. As the cost of computing has reduced, the level of ‘consumerisation’ has increased together with the requirement for mobility. This has led to an increasing use of these devices both in the work environment and for personal data, which has resulted in computers containing high levels of both personal and corporate data. Computers have a relatively short life and are replaced on a regular basis. If not properly cleansed of data when they are released into the public domain they may contain data that is sensitive to the organisation or the individual and which may be relatively up to date. This problem is further exacerbated by the increasing popularity and use of smart phones, which may also contain significant storage capacity. This research describes the first survey of data remaining on computer hard disks sold on the second hand market in the United Arab Emirates (UAE). Similar studies have been carried over the last six years in the United Kingdom, Australia, USA, Germany and France. This research was undertaken to gain insight into the volumes of data found on disks purchased in the UAE compared to other regions of the world and to gain an understanding of the relative level of the problem of residual data in the UAE. The study was carried out by Khalifa University of Science, Technology and Research and was sponsored by Verizon Ltd, a security management and consultancy company.The core methodology of the research that was adopted for the study was the same as has been used for the other studies referred to above. The methodology included the acquisition of a number of second hand computer disks from a range of sources and then analysing them to determine whether any data could be recovered from the disk and if so, whether the data that it contained could be used to determine the previous owner or user. If information was found on the disks and the previous user or owner could be identified, the research examined whether it was of a sensitive nature or in a sufficient volume to represent a risk

A Study of the Data Remaining on Second-Hand Mobile Devices in the UK

This study was carried out intending to identify the level and type of information that remained on portable devices that were purchased from the second-hand market in the UK over the last few years. The sample for this study consisted of 100 second hand mobile phones and tablets. The aim of the study was to determine the proportion of devices that still contained data and the type of data that they contained. Where data was identified, the study attempted to determine the level of personal identifiable information that is associated with the previous owner. The research showed that when sensitive and personal data was present on a mobile device, in most of the cases there had been no attempt to remove it. However, fifty two percent of the mobile devices had been reset to the factory settings or had had all of the data erased, which demonstrates the previous owner’s attempt to permanently remove personal identifiable information. Twenty eight percent of the devices that were sold were not functional or recognized by the software used in the research. Twenty percent of the devices that contained data contained data that gave away the identity of the previous owner

The Geography of \u3cem\u3eRevlon\u3c/em\u3e-Land

In Revlon, Inc. v. MacAndrews & Forbes Holdings, Inc., the Delaware Supreme Court explained that, when a target board of directors enters Revlon-land, the board’s role changes from that of “defenders of the corporate bastion to auctioneers charged with getting the best price for the stockholders at a sale of the company.” Unfortunately, the Court’s colorful metaphor obfuscated some serious doctrinal problems. What standards of judicial review applied to director conduct outside the borders of Revlon-land? What standard applied to director conduct falling inside Revlon-land’s borders? And when did one enter that mysterious country? By the mid-1990s, the Delaware Supreme Court had worked out a credible set of answers to those questions. The seemingly settled rules made doctrinal sense and were sound from a policy perspective. Indeed, my thesis herein is that Revlon and its progeny should be praised for having grappled—mostly successfully—with the core problem of corporation law: the tension between authority and accountability. A fully specified account of corporate law must incorporate both values. On the one hand, corporate law must implement the value of authority in developing a set of rules and procedures providing efficient decision making. U.S. corporate law does so by adopting a system of director primacy. In the director primacy (a.k.a. board-centric) form of corporate governance, control is vested not in the hands of the firm’s so-called owners—the shareholders—who exercise virtually no control over either day-to-day operations or long-term policy, but in the hands of the board of directors and their subordinate professional managers. On the other hand, the separation of ownership and control in modern public corporations obviously implicates important accountability concerns, which corporate law must also address. Academic critics of Delaware’s jurisprudence typically err because they are preoccupied with accountability at the expense of authority. In contrast, or so I will argue, Delaware’s takeover jurisprudence correctly recognizes that both authority and accountability have value. Achieving the proper mix between these competing values is a daunting—but necessary—task. Ultimately, authority and accountability cannot be reconciled. At some point, greater accountability necessarily makes the decision-making process less efficient. Making corporate law therefore requires a careful balancing of these competing values. Striking such a balance is the peculiar genius of Unocal and its progeny. In recent years, however, the Delaware Chancery Court has gotten lost in Revlon-land. A number of chancery decisions have drifted away from the doctrinal parameters laid down by the Delaware Supreme Court. In this Article, I argue that they have done so because the Chancellors have misidentified the policy basis on which Revlon rests. Accordingly, I argue that chancery should adopt a conflict of interest–based approach to invoking Revlon, which focuses on where control of the resulting corporate entity rests when the transaction is complete

Change within the Mobile Communications Market - an initial assessment of the structural and organisational repercussions of 3G

Over the last year or so the mobile telecommunications industry has undergone a complete sea change; the initial euphoria surrounding the German and UK licensing process, where widely optimistic claims about the array of possible services and uptake were made, has been replaced by widespread anxiety and pessimism. This anxiety and pessimism is driven by the large debts that companies have incurred to enter the market, doubts as to the validity of claims that 3G will usher in a whole new era of service development and the increasing belief that subscribers will not migrate in the required numbers to the new technology. The organisational and market repercussions of 3G are addressed in the following main section that is divided into three parts. In the first part infrastructure sharing between 3G license winners is dealt with, whilst in the second mergers and acquisition activity is examined. The third part focuses on the organisational form of 3G license winners and network scale. Conclusions are then drawn in the final main section