Preserving shuttle data will be key to finding cause

While it is unlikely that any data on board the space shuttle Columbia survived the fire of re-entry and the fall to earth on Saturday, a computer forensics specialist in Seattle said on Monday that a lot of information transmitted from the spacecraft will be vital to NASA's investigation of what went wrong.

Within an hour or so of the crash, NASA announced that it had locked down computer systems in order to preserve data. That's the first step in preserving data that will be key to any investigation, said David Stenhouse, director of operations at Computer Forensics Inc.

In cases where he has worked at preserving data critical to investigations, Stenhouse said, the computers of key people are essentially frozen and all backup tapes stored. "You have to make sure that no one changes anything on their computer system," said Stenhouse, who worked for the Secret Service before joining Computer Forensics.

After the computer is secure, it can't be altered in any way, meaning it can be started only with a boot disk. That disk will keep the computer from writing data back to its own drive and will allow for a copy of the hard drive to be made. After the copy is made, the computer goes into storage and isn't touched again.

"You want the best evidence, [and] you want it untouched," Stenhouse said.

The backup copy can be pored over, taken apart and analyzed, and investigators will always have the original, preserved and untouched.

Stenhouse said the same would be true for any electronic component that might have survived the crash. If the shuttle's computer systems were working properly and were recording activity just before the breakup began, those systems must be handled very carefully. However, he doubted that anything could have made it to the ground intact. "I am not sure any of that stuff could have survived," Stenhouse said. "That's a long fall."

Another aspect of the investigation will be to find out what NASA officials were thinking prior to the crash. Stenhouse, noting news reports of internal memos in which engineers voiced concern that the shuttle was damaged on takeoff, said, "Those memos were written on a computer."

The computers of all key personnel should be secured and copies or "mirrors" made of the hard drives. In addition, all backup tapes for e-mail and networks should be secured. By studying data on a person's computer, investigators can often get a good idea of what officials were thinking and why, he said.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Brian Sullivan

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?