There are a few things I would like to say.
The first I will say is the same thing I tell anyone that takes a class, or asks me. I never said I was the best, I never said I knew it all. I tell everyone that it is all about research, experience and persistence. The important part is persistence. If you don’t keep trying you will never get it. All I am teaching people are the things I have learned and how to do some of the research to accomplish it on your own.
When I do a presentation that gets video taped and posted, and you see it, you have to understand in 50 minutes there is no way to cover everything, so like most presenters you gloss over some things, and focus on the topic and sometimes it will get misconstrued. The speech about doing multi-platters was my first DEFCON speech and in front of 3000 people. The goal was the DIY recovery. I told people that there was not a way for them to do a multi-platter DIY, so that I did not take them out and screw up the drive. I did not go into the more advanced Multi-Platter tool until the next year to answer the questions that were asked, not that IT did not exist or was not possible.
It is one of the downsides of doing a 50 minute complicated speech. However, I welcome someone else stepping up and doing a presentation even if the point was to debunk what I am saying. Please do, I would love to learn more. But so far, I don’t see anyone sharing. Feel free to come to DEFCON, or maybe publish your own videos.
However, in the classes I go into way more detail. My class is not for everyone. It is a beginner’s course for people that have never done a head replacement or swapped platters. I cover clean rooms, head combs, how to make your own tools, and during class I show people how I would replace a head assembly. I cover some basics of the PC3000, DeepSpar Disk Imager, and dozens of other tools. The point is the introduction of what the basics are. In the class the students rebuild 6 hard drives by tearing them down to bear metal and then rebuilding them to a working state and recovering files from them. By the 4th day, generally 90% of the class can make their own head combs from foil, and rebuild them to a working state again. That is quite an accomplishment that I think most would agree. I am there to help and just to show what I would do.
Now in addition to that, I am a forensic expert. I have worked on cases, federal trials, testified in federal court about “forensics” and data. I know the MFT and can reconstruct records by hand. I can get the job done, and when it comes to taking the data apart and rebuilding it, I have done that for over a decade. I don’t need to go into all that here, there is plenty of evidence to back up that I know what to do with the data and how to reconstruct all the major OS’s and find the evidence. For example, when the Fat table has a file deleted in Windows the sequence numbers are stomped on. But in some versions of Linux when a file is deleted on fat it destroys the 11th byte, which is the indicator for a long file name, which should never change. So you can tell from the data and how it was changed even what OS it was done from by a single Byte. There is also some other issues with file names and date time stamps that most people never seem to know about or any tool covers. These are also some things I cover in the class since a portion of the class also does forensics.
All I am saying is information should be shared, and if you are skilled, you will still be skilled after you help someone. If you are not part of the solution you are part of the problem.
Most of you respond with there is no way to learn it, or send it to me and for $2000 I will fix it. That info is not very helpful to say, people working at the FBI, or the IRS. One thing that most of you tech people don’t know is how to communicate with other people and get your point across. If you look above, there is no detail because all people do is say everything is crap. I will tell you there are things to learn and people can build on the base. Why don’t you help the community you are a part of. Hard drives have been around 30 years, so why is it all still a black art? Be the guy that people come to for information. Do a presentation, learn how to communicate, share your knowledge. Don't wait for someone else, you are someone.
Since all the responses never seem to know anything about my class there is a fairly famous forensic person who has written many many books and knows plenty about the job required. His name is well respected, Dave Kleiman. Look here for him.
http://davekleiman.com/He wrote an article after taking my class, which you can see below. One thing I will say, that no one here seems to be offering, is help for people who want to know.
http://computerforensicexaminer.com/com ... xperience/Scott A. Moulton
SANS Instructor for SEC606
Forensic Data Recovery
http://www.sans.org/info/37599
FAQ
Search
Login
Register
HDDGURU FILES
I will teach you half of what he offered you. 
