How do I do hard drive forensics?

Use a LiveCD that supports forensics.

I don't know what's in it.

I just know there was a bunch of corporate data written on it.

That's hardly informative. Is it busted or not?

Not busted, but wiped.

For future reference, this is known as forensic analysis. What happens next largely depends on two factors: if the wipe was up to NIST standards (STFW for "Guttman Wipe") or simply formatted.

I'd use photorec to take a quick look around if you want to do this casually, or you can take the official route of making a proper forensic image.

Choice is yours, really.

install gentoo

Thanks, user.

Think nothing of it. A bit of knowledge and usable experience here can be nice when applied properly. What a pity it doesn't happen more often.

what ya do, is put the HDD under the microscope and read the data.

Another interested user here. What is the "official" route? Just clone onto another disk?

In a sense. In forensic acquisition, it is absolutely imperative that the contents of the disk do not become modified while in acquisition, transit or storage. While most would rely on a copy of software like Encase to verify this, I would assume hash sums and a block-for-block copy of the disk may be sufficient.

While working with these forensic images, take great care to throw them through a loopback set as read only- it would be like a detective fudging a crucial piece of evidence in a case!

You need a really good microscope. Preferably an electron microscope to see all the little electrons

The tools off kali worked well. I forget the name of the one I used, but it was able to scan a block device for regex strings (SSN, CCN, etc) :^)

I think u mean telescope