| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 39119 | 2003-10-28 04:57:00 | Secure erasure of data from your HDD | Billy T (70) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 187219 | 2003-10-28 04:57:00 | Hi Team So as not to further hijack Alastair's post on his file deletion problem, here is a fresh post that answers PoWas' question and takes up his challenge. Take a look here, PoWa (www.usenix.org) for Mr Gutman's own views on the erasability of disks. And if anybody else is really keen, go back in time to one of PF1's longer posts (pressf1.pcworld.co.nz) in which the use of electron microscopes to read data off incinerated disks was postulated. After that, anything is possible so Mr Gutman's 35+ is a panacea for the mildly paranoid only. *Cough* be aware that the time taken to open a PF1 archive can be extended at busy times, especially if you are on dial-up. :( The faithful will continue to incinerate their hard drives before deep-sixing the remains in the Atlantic Trench. :D Seriously though, the technology available today makes data recovery possible from almost any form of erasure short of physical destruction of the disk platters as the following quotes from three separate data recovery companies indicate: #1 Supported by professional technicians and equipment (super clean worktable, electron microscope), Nanjing Leichao Technology specializes in the data recovery and maintenance of hard disks. Currently, the company offers convenient and secure service to hard disks, especially data recovery technology (including open disk data recovery), which can solve the problem of any data disaster caused by hardware or software faults. #2 Off-track reading relies on the fact that the disk heads are never exactly aligned on the same track twice, an effect that is heightened after a period of wear or when a floppy disk is written to in two different drives. This means that the remains of an earlier write may be found running along the edge of the track of the latest write. That such data can be recovered has been demonstrated by investigation using a scanning electron microscope. #3 You cannot really erase a hard drive. Magnetic media including hard drives are all similar in that every write leaves faint traces behind, even when the media have been overwritten numerous times. Special electron microscopes can be used to recover overwritten tracks, bit by bit. Be vewy vewy afwaid :D Cheers Billy 8-{) :| |
Billy T (70) | ||
| 187220 | 2003-10-28 05:04:00 | It might be possible. But I don't think it would ever be cost-effective. Those who might have the money for such techniques would find it much cheaper and quicker to use traditional methods. Burglary, blackmail, bribery, and seduction have been used for centuries. |
Graham L (2) | ||
| 187221 | 2003-10-28 05:15:00 | Precisely Graham, but the point is that it is a practical technological proposition in disaster recovery situations where cost doesn't have quite the same relevance. It is also practicable in forensic matters where the Police want to get to grips with an issue (e.g. child pornographers) and they don't need to recover much more than a representative sample to support charges. In the final analysis it all comes down to the old adage: You can run but you can't hide! The best way to wash a hard disk is with salt water at 100 fathoms :D Cheers Billy 8-{) |
Billy T (70) | ||
| 187222 | 2003-10-28 05:23:00 | That's covered by the another cheap method: perjury. Who would ever doubt the word of a policeman? :D (One computer forensic policeman has just been let out on home leave --- to set up a copmuter forensics company :D) | Graham L (2) | ||
| 187223 | 2003-10-28 07:43:00 | Tsk tsk BillyT, real mature having to start up a new thread to continue the discussion :| I kinda enjoy hijacking threads :) Anyway, I'd like to see some real evidence and proof in an experiment where they recovered the whole hard drive that had been erased 35 times over . Link! Link! But maybe this is just an attempt to ridicule a fellow Pressf1'er for his views, oh well I'll grin and bear it . > And the gnomes in Nevada or wherever can read the original files using an electron microscope to read the orientation of the magnetic domains on your disk PoWa . They can read several layers back, because in electron microscope terms, the heads never quite track over the exact same path, and the magnetic field also writes outside of the allocated track area . Differential magnetisation between 0s and 1s allows recovery of data from almost any disk . That is why incineration or physical destruction is the only safe bet for the paranoid . > Sorry to burst your bubble PoWa, but I too have read an artiicle about this, concerning the secret squirrels in the States . They use some kind of instrument that will detect the different magnetic signatures of each part that can be written . Every time you write something to your hard drive, even in the same spot, gives a different magnetic signature . Admitted, it is only economical and practical for Government department or big industry to utilise . But even so, it can be done, which BT has pointed out . Ok lets say that everytime something is written to the disk the heads never quite track over the exact same path, and the magnetic field also writes outside of the allocated track area . - Ok then with different bit patterns written over the disk at least 35 times, isn't it also possible that during those writes the erroneous bits that are slightly out of place get overwritten in the process, making the recovery of the bits difficult if not impossible . Now lets say that every time you write something to your hard drive, even in the same spot, gives a different magnetic signature . Ok say some data is recorded into a sector, and then continues into another sector but this time with a different magnetic signature . We know that the magnetic signature couldn't possibly be predictable and have the same magnetic signature for different parts on the disk, because hard drive manufacturers don't build that feature purposely . Now how would you possibly make order or understanding out of the data? Lets add 35 different overwrites on top of that, plus multiple overwrites of the data with everyday use . Now with a different magnetic signature on each overwrite, then there could be literally thousands of possible magnetic combinations to retrieve the original data . Also how would you know which magnetic signature went with another from a different sector or track? Add another 1000 possible combinations . So as you can see it would practically be impossible to analyse and incriminate over the 1000's of possible combinations, let alone piece together the original information into humanly readable form . You also realise what you just said, means that encryption and other techniques could be thrown out the window . Becuase heck, they could just get the hard drive and recover the magnetic signatures to a time before they encrypted the data, and have all the original information . :O When will you be publishing your thesis stating that hard drive encryption is a waste of time, and try and disprove the governments and programmers and mathematicians who invented it? |
PoWa (203) | ||
| 187224 | 2003-10-28 07:54:00 | > It might be possible. But I don't think it would > ever be cost-effective. I've heard of places (in NZ) spending well in excess of $100,000 to recover data from destroyed hard drives. And no, they didn't send them to Computer Forensics :p Mike. |
Mike (15) | ||
| 187225 | 2003-10-28 10:40:00 | Yeah and there were the two Auckland coppers who planted the twenty two shells in the Auther Allen Thomas case. | mikebartnz (21) | ||
| 187226 | 2003-10-28 10:45:00 | But they obviously had not done a decent backup. Between a sledgehammer and a massive magnet I think I would be quite happy with the security of my previous data. |
mikebartnz (21) | ||
| 187227 | 2003-10-29 01:24:00 | A few good writeovers with properly random bit patterns would be good enough for me. It's all very well recovering "up to 35" copies of what's been recorded on tracks --- the decoding (especially since they use GCR/RLL encoding) would be a diabolically "computer intensive" task. If the content is encrypted first, it would be not nice. That's the sort of thing usually referred to as a "challenge". :D |
Graham L (2) | ||
| 187228 | 2003-10-29 03:38:00 | a) Buy the mobo that has built in encryption between the IDE channels - your data on the HDD is protected from anyone shoving the drive in another computer (although it is, of course, crackable encryption - consider nothing safe from the hands of evil government agencies). I think the manufacturer was Gigabyte, but I don't remember. b) Darik's Boot and Nuke (DBAN) (http://dban.sourceforge.net/) I quote from the website: "If you are seriously concerned... then consider drilling open your hard disk, grinding down the platters, and melting all of the parts in a furnace". "DBAN is 'good enough' for 'most people'". It takes DBAN well over eight hours to wipe a 6GB HDD, so many wipes of the same HDD might suit some of you, and perhaps combining that with some healthy salt water baths, exposure to nasty chemicals (think mild acids through to industrial strength concentrated weed killer), a few minutes with an angle grinder, a sand blaster, and a furnace should suit those of you who are more inclined to think government agencies are after your data in particular... |
agent (30) | ||
| 1 2 3 | |||||