Newtown Killer's Ruined Hard Drive Might Still Yield Clues on Motive
A week after the shooting at the Sandy Hook Elementary School in Newtown, Conn., clues about what set the killer on his deadly path may lie on the platters of a damaged hard drive from his personal computer.
Investigators found the hard drive in the home of Adam Lanza, the 20-year-old man who, on Dec. 14, killed his mother in her bed, then shot his way into the school, and killed 20 children and six adults. In his home, Lanza apparently attempted to destroy the hard drive from his computer with either a screwdriver or a hammer, according to news reports.
Whether the data from the drive can be recovered depends on what sort of damage he did to the storage device, said Tim Ryan, managing director of the cyber-incident response team at Kroll Advisory Solutions, a security services firm. Ryan, a former supervisory special agent with the FBI, said that physical damage to a drive, if not methodically carried out, is far less effective at destroying data than overwriting the drive with multiple passes of random 0s and 1s.
"When done correctly, overwriting the drive is highly effective," he said. "The FBI has pulled hard drives off the battlefield in Afghanistan that had sustained battle damage. It depends on whether the actual physical media was destroyed or some other part of the hard drive was destroyed."
If Lanza did try to damage the hard drive with a hammer or screwdriver, it may have been an unplanned act, says Ryan, although the former FBI agent has no insider knowledge of the case. Unless Lanza actually opened the case to damage the hard-drive platters, it's likely that investigators will be able to recover information from the media, he said.
"So long as the hard-drive plates are intact, there are still things that can be done to read the media," Ryan said.
Recovering data from damaged media has long been a challenge studied by the Department of Defense's Cyber Crime Center (DC3), which organizes an annual digital forensics competition at the high school, university and professional levels. In the 2006 and 2007 challenges, participants had to recover data from damaged floppy disks, CDs and USB drives. Later challenges have focused more on breaking encryption and other tasks.
While the hard drive likely contains valuable information, the public should not focus too much on this one aspect of the case, said Ryan. Few people manage to live their lives without leaving digital tracks online and it's likely that Lanza left myriad clues online as to why he carried out the killings.
"To the extent that they [the investigators] are looking at his online activities, I don't think that they are at the end game because he destroyed the hard drive," Ryan said. "There is going to be a volume of evidence outside the hard drive."
On Friday, Connecticut and other states planned to memorialize the victims of the shooting by a moment of silence and the ringing of bells for the 20 children and the six adult victims of Lanza. The town has been inundated with gifts and acts of kindness. The incident has also spurred new discussions about the need for new gun-control legislation.