| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 39119 | 2003-10-28 04:57:00 | Secure erasure of data from your HDD | Billy T (70) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 187229 | 2003-10-29 03:38:00 | the trick is to make the cost of recovery more than the cost of the data it self. no one will spend $20,000 to recover your shopping list from a few years ago........ |
robsonde (120) | ||
| 187230 | 2003-10-29 03:40:00 | And if you did chemistry, you might be able to find chemicals that react with the materials an HDD is comprised... preferrably a chemical reaction, so as that it cannot be changed back. :D | agent (30) | ||
| 187231 | 2003-10-29 03:44:00 | Lets not get carried away people.. BillyT I'm still waiting for your rebuttal on my comments, is there one coming. ?:| |
PoWa (203) | ||
| 187232 | 2003-10-29 03:45:00 | It took me five minutes to recover the NZ Army DB2 database files from a formatted (20 MB) hard disk on a computer I bought once. The records of percentages of training time and idle time of a unit of carpenters and plumbers at Burnham would have been worth about nothing from the KGB. I might have got more than that from the CIA. :D | Graham L (2) | ||
| 187233 | 2003-10-29 07:16:00 | > Billy T I'm still waiting for your rebuttal on my > comments, is there one coming? Sorry PoWa, you've lost me there . What's to rebut . ?:| I have showed you that scanning electron microscopes can recover data from places other beers don't touch, and I have drawn your attention to your own post from 2002 where you said much the same thing . If you are referring to my comments in Alastair's post, I have shown you the error of your ways in that instance by making it plain you mistakenly read and answered something I hadn't said . I wasn't, and I am still not debating the efficiency or economics of sophisticated hi-tech forensic data recovery, and I am not suggesting that 100% data recovery is possible . I simply made the point that it is not possible to erase all traces of data from a hard disk by any method that relies upon the same write heads and tracking mechanism . If a law or security agency wants to recover data from an erased HDD in the hope of finding useful scraps of evidence, money will be no object . In fact, if National Security was at stake, they'd probably throw even more technology at it . However, normal people have nothing to hide so a simple reformat will suffice, and for the terminally paranoid, nothing short of incineration will do, but then, they will probably trot off home and fill their new disk with more of the same . Go figure! Cheers Billy 8-{) :| [pre][b]If I missed something PoWa, do let me know and I'll rebut like nobody's business . :D |
Billy T (70) | ||
| 187234 | 2003-10-29 08:48:00 | > But they obviously had not done a decent backup. Obviously :D well that'd probably be because it wasn't actually their drive to start with ;) Mike. |
Mike (15) | ||
| 187235 | 2003-10-29 09:17:00 | Grrr . . . I'll have to re-explain myself . Please read carefully and slowly :) Firstly you haven't shown me any proof that data can be recovered from special multiple overwrites like a 35+ pass method . All I've got is your word, and pheonix's . And who are you? Not security experts I'm sure, yet you claim to be . Also if you had read something, don't you think it would be weird they would publish it in the first place? Being able to recover anything and everything off a hard drive if it had been overwritten lots of times would be classifed level A . Lets say the americans discovered it, then they wouldn't want that technology falling into anyone elses hands lest the attacker happened to come across a military hard drive . If anyone else reported this information, you would have to question the validity of it, maybe its just scare tactics or superstitions . "The second problem with official data destruction standards is that the information in them may be partially inaccurate in an attempt to fool opposing intelligence agencies (which is probably why a great many guidelines on sanitizing media are classified) . By deliberately under-stating the requirements for media sanitization in publicly-available guides, intelligence agencies can preserve their information-gathering capabilities while at the same time protecting their own data using classified techniques . " -Peter Gutmann So as you can see the governments might have their own special way of erasing data that would be foolproof . Still possible to recover data eh? Note: A pass is actually 3 overwrites on the same block of data . E . g . 01010101, 10101010, 01010101 . So 35passes is actually 35x3 = 105 overwrites on that block! Now lets talk about the electron microscopes Ok lets say that everytime something is written to the disk the heads never quite track over the exact same path, and the magnetic field also writes outside of the allocated track area . With different and random bit patterns written over a specific block of data about 105 times, it is possible that it will overwrite the erroneous bits outside the track area, and also scramble any magnetic fields . With all the different bit patterns being written, the hard drive will be constantly oscillating in a different area each time, enough to erase the data in the different paths . Now lets say that every time you write something to your hard drive, even in the same spot, gives a different magnetic signature . Note: hard drives don't store data in sequential blocks . Disk interleaving is used as the disk can spin while waiting for DMA transfer to take place . So a part of file could be 2 blocks away on a different sector . Ok say a file is recorded onto a block, and then continues onto another block but this time with a different magnetic signature . The different magnetic signatures couldn't possibly be predictable and have the same magnetic signature for different parts on the disk, because hard drive manufacturers don't build that feature purposely . Now how would you possibly make order or understanding out of the different magnetic signatures? Given that a part of the incriminating file could be on a different sector, and be a completely different magnetic signature . How do you distinguish which goes with what to piece the original file back? Lets add 105 different overwrites on top of that (35passes), plus multiple overwrites of the data with everyday use . Now with a different magnetic signature on each overwrite, then there could be literally thousands of possible magnetic combinations to retrieve the original file . Also how would you know which magnetic signature went with another from a different sector or track? Add another few combinations because the disk interleaving would also mess things up as well . What about filesystem types . If the disk has been wiped, how do you know which filing system was used to store the data? A windows block of data has different sized header information than a linux disk header . So add another few combinations because you have no idea how the data is formatted . So as you can see it would practically be impossible to analyse and incriminate over the 1000's if not millions of possible combinations available to piece an original file back together, let alone piece together the original information into humanly readable form . You would probably need like 3 Cray X1 Super computers to calculate the possibilities in any reasonable amount of time, and probably by then the person who the file belonged to would probably have died of old age . Even the data on the file would have lost its usefulness by then . Are you understanding me yet? Now lets see some evidence to prove that you can recover data from a 35+pass overwrite . |
PoWa (203) | ||
| 187236 | 2003-10-29 09:27:00 | > Firstly you haven't shown me any proof that > data can be recovered from special multiple > overwrites like a 35+ pass method. All I've got is I'm not gonna prove it - I don't have a spare $100k :D Besides I'm not worried if it can or cannot be done. > your word, and pheonix's. And who are you? Not > security experts I'm sure, yet you claim to be. When did I claim to be a security expert? > Also if you had read something, don't you think it > would be weird they would publish it in the first > place? Being able to recover anything and everything I didn't say I read it. I said I heard it. I heard it because it was told to me by someone who just happens to work in that company who did it. > off a hard drive if it had been overwritten > lots of times would be classifed level A. Lets I didn't say it was a drive that had been overwritten lots of times. I don't know if it had or hadn't been. I said that the drive had been destroyed, meaning physically inoperable. And just to clarify a little more, this company didn't do the recovery themselves, they sent the destroyed drive (with the $100k+) to the US to have the contents recovered. > So as you can see the governments might have their > own special way of erasing data that would be > foolproof. Still possible to recover data eh? A different type of hard drive perhaps? Or perhaps a very hot furnace? > Are you understanding me yet? Now lets see > some evidence to prove that you can recover data from > a 35+pass overwrite. I don't really care whether its 0 pass overwritten or 29384793 pass overwritten :D You can't prove either way on this one - well perhaps you could prove that it can be, once its been done, but its impossible to prove that it can't. Mike. |
Mike (15) | ||
| 187237 | 2003-10-29 09:40:00 | Hey, butt out, it wasn't directed at you - my debate is is with BillyT :D | PoWa (203) | ||
| 187238 | 2003-10-29 10:03:00 | I saw an interesting thing on TV a while ago where a yank soldier in the Phillapines or somewhere like that chopped a 5.25 disk into little peices to obliterate the data but it was sent back to the US and recovered enough data to incriminate him for murder. The disk had not been overwritten. In my view if some data had been overwritten more than once the retrievable info would be as good as useless. Even that place in England that cracked the German codes would have great trouble because of the random nature. |
mikebartnz (21) | ||
| 1 2 3 | |||||