Results 1 to 7 of 7

Thread: TV Show - Numbers

  1. #1
    Senior Member
    Join Date
    Jul 2004
    Posts
    469

    TV Show - Numbers

    I am a fan of the TV show numbers. This weeks episode included some computer forensic type activity. For those of you who don't watch this show let me do a brief explanation of what was happening.

    To make things short there was a scientist who was working on some formulas at home. He saved the data to his harddrive on his home machine. Someone broke into his house and killed him and then did some "work" on his computer.

    The investigator immediately said it was not possible that the intruder copied any data from the drive as there wasn't anything in the event log showing this. I find this completely false, as the intruder could have easily used a hardware duplicator and accomplished this.

    None the less following this they found there was a part of the drive that was scrubbed. The technique that they described in the show was that a scrubber randomly changed 1s and 0s thus scrambling the stored data and making it unretrievable. All of the scrubbers I have dealt with methodically write 1s and then 0s with approximately 7 passes to the drive to scrub the data away. Typically deleting a file just deletes the entry in the FAT table, or the inode. This is not acceptable to make data retrieval impossible.

    Has anyone had any experience with any type of scrubber that uses the random writing of 1's and 0's? I haven't ever seen anything that uses this concept for scrubbing. They were planning to reverse engineer the program that "randomly" erased the data to find a pattern and then unerase the data back to its original state. This seems very feasible if this type of scrubber even exists.

  2. #2
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    If it doesn't it'd be pretty easy to write one. I've been out of the 'coding loop' for years now, but back in the day you could set up a generator that would do random from 1 to 255 with no real effort at all, and could install ifchecks to redo the generation if too many instances of a number occurred. With today's computing power I'm sure it's more on the order of 1 to 255^255 or greater - giving a lot more 'random leeway' as to what order the 0's and 1's are placed in.

    Given the necessary speed involved in an 'emergency dump' - IE the feds are busting through your door NOW and you light off the program, I'd do something like (plain english/pseudo since I don't code anymore):

    goto the first file on the hard drive that is designated priority dump (a flag you establish and put on files you want deleted in this fashion - don't do too many, remember speed is of the essence and your computer only writes to the drive so fast..)

    generate a random number X between 1 and 4
    generate a random number Y between 1 and X
    if the number X is odd, overwrite the file in question with all 1's
    if the number X is even, overwrite the file in question with all 0's
    if the number Y is equal to X, overwrite the file in question with 101's
    if the number Y !=X, overwrite the file in question with 010's
    repeat 8 times
    goto next file flagged priority dump.

    That one's simple, but you get the picture. You could set it to flip a coin to pick out if it'll write a 1 or a zero based on odd/even, prime/not prime, or any other key you wish.

    Even after the feds pick out what key you used in writing the 1's and 0's on the first layer, there is still 7 other layers of overwrite to pick through before they get down to the original file - meaning it's virtually impossible to recover.

    The trick isn't knowing how to overwrite the specific file, however, it's knowing where else in the operating system the file exists. Personally, (after watching it on DVD last night) I prefer the 'Whistler' method from Blade Trinity - dump the files, after file dump is complete, blow up the box.

    [edit] I know the if statements will overwrite the file twice each pass - it's also weighted to overwrite 010's a whole lot - these choices were put in off the top of my head just to give an idea on what all could be done, not to be accurate (told ya I didn't code anymore :P) That does give the cool concept of overwriting each file 16 separate times though, and thereby makes it more thoroughly scrubbed than DoD requires for classified stuff).[/edit]
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

  3. #3
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Good Day,

    I watched the same flick last night and as we observed, several things were Hollywoodized. But they have that "Literary License" to make movies entertaining. (Must admit I coughed "BS" several times though). However they did display some thought provoking "emi/tempest" techniques.

    Anyway, NIS - 7 passes and 35 passes is Gutmann. The Cleaners I have used writes 0’s over everything, no secret, no pattern, just place a 0 where another value exists/existed, and/or on free space. Seems pretty straightforward and probably secure enough for most applications. I usually do a couple of passes with the 0’s on the entire drive before I partition/format.

    To be secure, you’d have to place the platters in a furnace and turn them into ash and stir the ash up really good!

    cheers
    Connection refused, try again later.

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    NIS and Gutman scrubbing use specifically designed bit patterns when overwriting data, although I'm not sure exactly what those patterns are. They are not random 1's and 0's. though.

    When overwriting data, a trace of the old data is left behind, much like taping over a bad quality adusiotape and still hering the previuos recording in the background. SO essentially, a 1 overwritten with a 0 becomes, say, a 0.05, and wehn overwritten with a 1 it becomes a 1.05. This is within limits prescribed by the hard drive manufacturer, so the hard drive elctronics will only report a 1 or a 0. Software data recovery after overwriting with 0's (or anything, for that matter) is impossible.

    However, the platters can be taken out of the drive and placed into much more sensitive equipment which can detect the 1.05's and 0.05's for what they are, and figure out what was written there before. Government organizations have this technology, as do some specialized data recovery firms.

    Unless you're actually worried about somebody ripping your hard drives apart and inspecting them with an electron microscope, a simple overwrite with zeroes is sufficient. You'd have to have some pretty secret stuff on there and be accused of some pretty heinous crimes for that to happen. Software recovery methods cannot recover data once it has been overwritten.

    But back to your original question, the random use of 1's and 0's is not as effective as using a prescribed scrubbing pattern, such as NIS or Gutmann. Anyone with something that secret to hide should be aware of that.

    Of course, I would think that incinerating the drive would be a bit more effective. If something is that secret, the cost of another hard drive should be acceptable.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  5. #5
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Yeah, "NUMB3RS" is an intersting show, but while their story plots usually have a scientifically true basis, they often over do it by abusing the techno-babble or other more or less subtle techinical exagerations...

    Usually, such "inconsitencies" tend to get on my nerves, but I usually watch this show with my sister who's a student in nuclear phyiscs* (starting her master's this summer at Stanfords...), which most of the time ends up sparking conversations just as, if not more, interesting than the show itself!

    *As you might guess, nuclear physiscs research also involves some pretty heavy maths too..!


    Ammo
    Credit travels up, blame travels down -- The Boss

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    But back to your original question, the random use of 1's and 0's is not as effective as using a prescribed scrubbing pattern, such as NIS or Gutmann. Anyone with something that secret to hide should be aware of that.
    That is not quite true. The problem with using a prescribed pattern is that its effects can be predicted, and thereby reverse engineered.

    A good wiping tool will perform a prescribed wipe, but will randomise the sequence in which it performs the steps and will include random 1 and 0 writes.

    The objectives are to maximise coverage of the issues of track offset and magnetic overlay whilst avoiding the possibility of back tracking the overwrite. This is why random writes form a part of the whole sequence.


  7. #7
    All the Certs! 11001001's Avatar
    Join Date
    Mar 2002
    Location
    Just West of Beantown, though nobody from Beantown actually calls it "Beantown."
    Posts
    1,230
    I can't find it now in the documentation, but I'm 87.342% positive that Iolo's "Drive Scrubber" wipes with random binary...

    http://iolo.com/ds/index.cfm
    Above ground, vertical, and exchanging gasses.
    Now you see me | Now you don't
    "Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
    sometimes my computer goes down on me

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •