Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Disk wiping -- An alternate approach?
From: T Biehn <tbiehn () gmail com>
Date: Tue, 26 Jan 2010 13:32:08 -0500

I should have brought up the increased density problem Valdis, excellent points.

-Travis

On Tue, Jan 26, 2010 at 1:26 PM,  <Valdis.Kletnieks () vt edu> wrote:
On Tue, 26 Jan 2010 11:11:52 EST, T Biehn said:
Overwritten files require analysis with a 'big expensive machine.'

Assuming a disk drive made this century, if the block has actually been
overwritten with any data even *once*, it is basically unrecoverable using any
available tech.

Proof: In a decade of looking, I haven't found a *single* data-recovery outfit
that claimed to recover from even a single overwrite.  Blown partition table?
No problem. Metadata overwritten, data not? We can scavenge the blocks. Disk
been in a fire? Flood? Run over by truck? Sure. We can go in and scavenge the
individual intact bits with big expensive machines. Overwritten? <crickets>.

Seriously - lot of companies can recover data by reading the magnetic fields of
intact data.  But anybody know of one that claims it can recover actual
over-writes, as opposed to "damn we erased it" or "damn the first part of the
disk is toast"?

No?  Nobody knows of one?  I didn't think so.

20 or 25 years ago, it may still have been feasible to use gear to measure the
residual magnetism in the sidebands after an over-write.   However, those
sidebands have shrunk drastically, as they are the single biggest problem when
trying to drive densities higher.  You can't afford a sideband anymore - if
you have one, it's overlapping the next bit.

There *may* be some guys inside the spook agencies able to recover overwrites.
But you don't need to worry about any evidence so recovered ever being used
against you in a court of law - as then they'd have to admit they could do it.
Just like in WWII we allowed the German U-boats to sink our convoys rather
than let them figure out we had broken Enigma, they'll let the prosecution
fail rather than admit where the data came from.





-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]