Personal Disaster Recovery on a stick
What started out as a simple knowledge management life-hacking exercise has now blossomed into a full-blown personal disaster recovery solution. Aside from the traditional paper filing system, a redundant electronic version of my life’s inventory was nonexistent. I lacked a personal electronic data management policy. A data management policy where the documents that represent my life are secure and stored on my person at all times. With the help of a scanner and a custom JDBC application to store and retrieve BLOBs, I’ve corralled all of my personal documents into an encrypted Apache Derby database. An Apache Derby database is stored in platform-independent files in a directory of the same name as the database. Apache Derby encryption provides complete encryption of on-disk data: indexes, tables, transaction log file, table data, metadata, etc. Using Apache Derby also allows me to provide my relatives with secure backups of my life’s inventory.
I’m still shopping for ruggedized USB sticks to use as actual containers. I need USB sticks that will withstand accidental washings, foul weather if I am caught in a storm while riding my bicycle, have heightened crush resistance, etc. USB sticks like the IronKey or those that utilize biometric information look interesting. HD Tach reported that my Verbatim 2GB Store ‘n’ Go was the fastest USB stick that I had lying around; however, at 1.0” by .5” my ADATA 4GB offered the best form factor especially when attached to a dog tag style personal ID.
Everyone talks about the desert island applications, tools, pictures, and music that they carry with them on their USB stick, but not many people consider using a USB stick to communicate information to first responders. In addition to including an ICE(In Case of Emergency) text document for first responders, I also run XAMPP/MediaWiki directly from the USB stick to manage my daily brain-dumps.
In Case Of Emergency
So why include first responder ICE data on my USB stick when I don’t have any medical conditions to speak of? Some of my personal activities (bicycle racing and training) are dangerous, and I prefer to carry a product like RoadID instead of a wallet for these activities. I want emergency personnel to have immediate access to my emergency information in the event of an accident. The information includes: full name, all emergency contacts, doctors, blood type, conditions, regular medications, allergies, basic health insurance info (name and phone only no ids). I will have a USB stick affixed to my RoadID whenever I head out of the house, and the RoadID includes a line that says “EMERGENCY SEE USB”. A simple text document named “In Case Of Emergency.txt” on my USB stick will provide quick access to my emergency information. There are USB products for this purpose of course, but there is no reason that a DIY labeled “In Case Of Emergency” USB is any less effective/visible with a first responder. In fact, I asked the Police Chief of my little Pennsylvania Borough about first responders and USB sticks, and hear is his response:
“Currently, there is no protocol to look for USB flash drives on an injured, unconscious, and/or Alzheimer type persons. The only thing that first responders have been asked to look for in these situations are the commercially available Medic Alert bracelets and or necklaces.
Through the years as an Assistant Fire Chief, EMT/Paramedic Assistant, and Police Officer, I’ve received a lot of info on this issue. As of yet, we have not been told to look for USB flash drives. We do look for a wallet, purse, mobile phone or the Road ID type of info shown on the site that you provided etc. and then go through it to check for any info such as medical issues and contact information.
I am certain if a person is in the unfortunate position that you described, and we found a USB flash drive marked as you indicated, we would quickly plug it into our car computer to see what we could find.”
While I appreciate the willingness of RoadID, Google, Microsoft Corp, and Revolution Health Group, LLC to manage my personal emergency information online and possibly make it available to first responders, I plan on keeping this information as close to me as possible. It is interesting to note that only 14% of medical practices keep records electronically, so at some point my encrypted Apache Derby database will expand to include some scanned medical records as well.
Let’s move on to brain-dumps. While I invest regularly in my knowledge portfolio, I have not done the greatest job of electronically centralizing all those wonderful little nuggets of continuous self-improvement. Problem solved – “Wiki on a Stick”. I downloaded two compressed files (XAMMP Lite and MediaWiki), decompressed both files, and copied the contents to my USB stick. Some simple property settings using my browser, and my wiki was alive and serving all of my desktops.
The most important piece of this discussion is managing my life’s inventory in an embedded Apache Derby database. This is the data that will help me rebuild my world in the event of some personal disaster such as a fire, tornado, or earthquake. I’m talking about storing scanned documents that include the following information:
• all account information and recent bills
• important receipts and canceled checks
• birth/marriage certificates
• tax papers
• insurance policies
• stock/bond certificates
• professional appraisals.
• photographs of possessions that include a member of the family holding the item.
• photographs of the house, every room, every closet, basement, garage, and automobiles
Testing Apache Derby Encryption
Is my data safe in an Apache Derby BLOB? To establish an encryption test baseline, I inserted scanned documents into an unencrypted Derby database. I then made a DD image of the USB stick using FTK Imager Lite. Finally, using scalpel I was able to easily carve out the scanned PDF documents stored in Apache Derby in under a minute. I expected that the scanned PDF documents were easily retrievable from an unencrypted Apache Derby database regardless of database user authentication settings. I repeated the same process for an encrypted Apache Derby database, and was unable to carve out the scanned documents using scalpel. I now have a warm fuzzy that my life’s inventory is safe.
I'll post the JDBC application source shortly.