Home page logo
/

basics logo Security Basics mailing list archives

Re: Interesting One
From: "Chet Uber" <chet.uber () cox net>
Date: Wed, 30 Oct 2002 15:44:55 -0600

Fact: You cannot read the drive if it is overwritten without being able to
manipulate the path of the drive head. I do not mean deleting a file in DOS,
I mean overwriting the drive with dd for example. What they are talking
about is that the edges of the tracks have data still, and you can
disassemble the drive and use force microscopy to read what is left. This is
a well known issue.

The overwritten by X times is irrelevant if you are trying to recover using
software. You cannot recover these drives.

http://www.c3i.osd.mil/org/cio/doc/computerdisposal.doc.


Chet Uber





----- Original Message -----
From: "Greg van der Gaast" <greg.van.der.gaast () ordina nl>
To: <security-basics () securityfocus com>
Sent: Wednesday, October 30, 2002 4:53 AM
Subject: RE: Interesting One


Last I heard from some DoD/NIPC people (and this was well over a year
ago) is that they were able to successfully retrieve at least partial
information off a disk that had been overwritten 153 times. Assume that
(at least government) forensic techniques have improved since.

Hope this helps!

Regards,

Greg van der Gaast
Ordina Public SDS West
Security Services

-----Oorspronkelijk bericht-----
Van: Carol Stone [mailto:carol () carolstone com]
Verzonden: Tuesday, October 29, 2002 9:58 PM
Aan: security-basics () securityfocus com
Onderwerp: Re: Interesting One

I don't know much about this, but yesterday I read in one of the later
chapters of Bruce Schneier's book, "Secrets and Lies," (link to amazon
follows) that over-writing data on a disk does *not* completely
obliterate it, it just makes it a lot more difficult to recover with
each over-write. I believe he said just how many re-writes were still
recoverable was a secret one of our governmental organizations wasn't
about to give up.  I'll look at my book later when I have it in my
hands and see if I can't find part and post a pointer to *his*
reference.

-carol

http://www.amazon.com/exec/obidos/tg/detail/-
/0471253111/qid=1035924654/sr=8-3/ref=sr_8_3/104-4454644-5987143?
v=glance&n=507846

Greetings Folks,

I had an interesting conversation today with someone from FAST
(Federation
Against Software Theft) They pretend not to be a snitch wing of the
BSA.
Anyway, to get to the point, the guy that came to see me said that
their
forensics guys could read data off a hard drive that had been written
over
up to thirty times. I find this very hard to believe and told him I
thought
he was mistaken but the guy was adamant that it could be done. My
question
is, does anyone have any views on this, or, can anyone point me to a
source
of information where I can get the facts on exactly how much data can
be
retrieved off a hard drive and under what conditions etc etc.

Thanks

Dave Adams



This message (and any associated files) is intended only for the
use of the individual or entity to which it is addressed and may
contain information that is confidential, subject to copyright or
constitutes a trade secret. If you are not the intended recipient
you are hereby notified that any dissemination, copying or
distribution of this message, or files associated with this message,
is strictly prohibited. If you have received this message in error,
please notify us immediately by replying to the message and deleting
it from your computer. Messages sent to and from
John Crowley (Maidstone) Ltd may be monitored.

Internet communications cannot be guaranteed to be secure or error-
free
as information could be intercepted, corrupted, lost, destroyed,
arrive
late or incomplete, or contain viruses. Therefore, we do not accept
responsibility for any errors or omissions that are present in this
message, or any attachment, that have arisen as a result of e-mail
transmission. If verification is required, please request a hard-copy
version. Any views or opinions presented are solely those of the
author
and do not necessarily represent those of John Crowley (Maidstone)
Ltd.



--
Real people for the virtual world.
http://www.elirion.net





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault