The study was done by Mike Wright, a senior information system analyst with Butte County in Northern California.
He is also a certified ethical hacker, something about which I must admit I had never heard, but it's a real certification.
presentation was titled "Garage Sale Forensics," which gives some indication of where he
By spending $356 to acquire old discs, Wright
was able to access a treasure trove of valuable and sensitive data, most of which should have been protected by responsible IT managers.
was able to buy 89 discs.
Using free or inexpensive tools to examine the readable drives, Wright
found that 23 percent were from a school district, 18 percent were from businesses, and 18 were percent from government and law enforcement.
The rest, 41 percent, had been owned by individuals.
A lot of sensitive data was still readable.
found 1,092 name-social security pairs, 823 name-birthdate pairs, and 151 credit card or ATM numbers.
There were long lists of Web username-password combinations, full tax returns, medical records, and domain information including passwords.
was able to use VMware to boot Windows from 28 of the drives.
has two levels of solutions.
showed pictures after drives had been shot with an assortment of firearms.