Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Erasing a hard disk easily
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Mon, 12 Jul 2004 18:42:23 -0700


Since that time I have seen sensationalist TV shows showing how FBI and
CIA
operatives get stuff out written to a sector BEFORE the sector was
overwritten and I honestly cannot understand how that could be, if at all
possible. Am I right in thinking those shows are bull?

simple...

by analizing the magnetics of the disk ....
one write makes 010101 etc
the 0's and 1's are written to the disk by a magnetic manipulation to the
disk
there is a "level" of magnetisim than can be measured
the disk electronics detect this "difference".
lets say a "0" can be between .000 and .010 and a "1" is between .996 and
1.00

when you write again over the data, the magnetic properties of the disk
"rember" slightly the previous write.

now when you analize the disk there is a "ghosting" of the previous data
example...
new data pits "0" =.009 "1"=.999
( ghost pits )  "0"=.003 "1"=.997

the drive electronics will detect the higher magnetic "pits" as actual data
and discard
the data below the new threshold.

recovering the "ghost" data is now trivial by setting the thresholds below
the new data levels..
logic: discard any data over .004 for "0" and .996 for "1"s


this is a very basic example of course but shows how this technique is used.


Donnie Werner

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]