On Tue, 26 Jan 2010 11:11:52 EST, T Biehn said:
Overwritten files require analysis with a 'big expensive machine.'
Assuming a disk drive made this century, if the block has actually been
overwritten with any data even *once*, it is basically unrecoverable using any
available tech.
Proof: In a decade of looking, I haven't found a *single* data-recovery outfit
that claimed to recover from even a single overwrite. Blown partition table?
No problem. Metadata overwritten, data not? We can scavenge the blocks. Disk
been in a fire? Flood? Run over by truck? Sure. We can go in and scavenge the
individual intact bits with big expensive machines. Overwritten? <crickets>.
Seriously - lot of companies can recover data by reading the magnetic fields of
intact data. But anybody know of one that claims it can recover actual
over-writes, as opposed to "damn we erased it" or "damn the first part of the
disk is toast"?
No? Nobody knows of one? I didn't think so.
20 or 25 years ago, it may still have been feasible to use gear to measure the
residual magnetism in the sidebands after an over-write. However, those
sidebands have shrunk drastically, as they are the single biggest problem when
trying to drive densities higher. You can't afford a sideband anymore - if
you have one, it's overlapping the next bit.
There *may* be some guys inside the spook agencies able to recover overwrites.
But you don't need to worry about any evidence so recovered ever being used
against you in a court of law - as then they'd have to admit they could do it.
Just like in WWII we allowed the German U-boats to sink our convoys rather
than let them figure out we had broken Enigma, they'll let the prosecution
fail rather than admit where the data came from.
