January 19th, 2009, 04:55 PM
Found this article linked on Slashdot ... What do you guys think? Are multiple wipes/rewrites a waste of time?
A computer forensics specialist has a message for security-minded computer users: A single wipe will make drives impossible to read.
"Although there is a good chance of recovery for any individual bit from a drive, the chances of recovery of any amount of data from a drive using an electron microscope are negligible," Wright stated. "The fallacy that data can be forensically recovered using an electron microscope or related means needs to be put to rest."
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
January 19th, 2009, 08:10 PM
If you overwrite once, you will not be able to recover data using "normal" hardware/software techniques.
After all, if you could, how would normal software work if it is being confused by these "ghost" images?
Get yourself a nice $250,000 spin up table, some other fancy hardware and software and a >$75,000 a year technician and you have a whole new ballgame.
You have a better chance of recovery if you know what overwriting sequence was used, but there rapidly comes a point where the "ghost" is so faint that it is not decipherable. Also consider that what you are interested in might be overlaid on top of other valid data so which "layer" do you really want? And these "layers" could be at different levels depending on how many times that part of the drive has been used.
The concepts of magnetic remnance and track overlay are valid, but please remember that Guttman was writing in 1996. Hard drives are quite different these days
It is not a "fallacy" as such, but I will say that the evidence seems to be based on very carefully stage managed laboratory scenarios rather than the real World.
Until Wright can show me that he has the combined resources of the NSA, FBI and CIA; I will just mark his card "dork". We just don't know (us mere mortals that is )
"The fallacy that data can be forensically recovered using an electron microscope or related means needs to be put to rest."
One thing that I can tell you from my experience in the defence industry is that if you overwrite 7 times it has gone. And if it were more classified than that it would have been physically destroyed
Last edited by nihil; January 20th, 2009 at 08:09 AM.
January 19th, 2009, 10:34 PM
For businesses in the US, if you use Secure Erase to wipe your drives, you are covered re: liability associated with regulatory compliance e.g. HIPAA, SOX, GLB. I Boot & Nuke.
If you are really paranoid, physically destroy the drive.
In God We Trust....Everything else we backup.
January 20th, 2009, 08:25 AM
I would mention that I am not aware of any commercial data recovery service that offers to recover data that has been overwritten even once. Anyone know of one?
Also, the experiments that i have read about were on a new drive with a single overwrite. The concept was certainly proven, but whether it would be practical in the real World is another matter.
I am not aware of any civilian commercial solutions.
January 20th, 2009, 06:28 PM
You're totally right nihil ..... even software that recovers data not knowingly overwritten doesn't always recover 100% of deleted data.
I know because recently I deleted photos from my camera and had to run some undelete software. Most of the photos were fine, but one was recovered only half properly. I wouldn't begin to know where to look for data that had been overwritten ... and it's important to remember the distinction between overwritten and having had the chance to be overwritten by the camera or PC being subsequently used. I was lucky that my photos hadn't had the marked "free space" used by more photos (in that I hadn't taken more) but if I knew they'd been overwritten, then I'd have had it.
Just on the business of drive wiping, I remembered this being discussed on an old thread (indeed, I still have your wonderful copy of DBAN Nihil!), where I was told by someone I know to be very knowledgeable that a clean install of Vista would be a completely secure wipe:
It was nihil who said:
It overwrites all data with 0s. That's it. The data is gone for all intents and purposes. The drive certainly can't read it again...
it's technically possible that the old data still "shines through" - as in where there used to be a 1, there's now a 0.0001, and where there used to be a 0, there's now a 0.
However unless you happen to have lost the meaning of life, or the location of Osama Bin Laden on that drive, you're unlikely to get half the scientists in the world working on recovering it.
this is called "magnetic remnance", the other concept is "track overlay", which is where the heads don't write to exactly the same spot each time, so there are traces of previous data at the edges.
January 24th, 2009, 07:14 PM
Here is Peter Gutmann's original article to which he has added a postscript regarding this paper.
January 24th, 2009, 09:46 PM
Secure drive wipe utilities use a "pseudo-random" sequence of 0's and 1's, which makes it significantly more difficult to recover the overwritten data.
It overwrites all data with 0s
I thought I should define "pseudo-random". Check out the article below.
Last edited by keezel; January 24th, 2009 at 09:50 PM.
January 28th, 2009, 06:41 AM
Yeah ... you need special computer programs like Yarrow to truly randomise a sample, or produce scientifically accepted random data.
January 28th, 2009, 11:38 AM
Take the drive to the range, put a few rounds of 9MM and it will be unrecoverable!
"Somehow saying I told you so just doesn't cover it" Will Smith in I, Robot
January 28th, 2009, 12:16 PM
Way too violent...but what do you expect from a disgruntled postal worker
I prefer the "better living through chemistry" approach. Drop them in a bucket of acid (no, not that acid you old fart... muriatic acid)
In God We Trust....Everything else we backup.
By cheyenne1212 in forum Miscellaneous Security Discussions
Last Post: February 1st, 2012, 01:51 PM
By slinky2004 in forum Newbie Security Questions
Last Post: February 24th, 2005, 05:04 PM
By Raion in forum Other Tutorials Forum
Last Post: May 10th, 2004, 03:20 AM
By mrleachy in forum AntiOnline's General Chit Chat
Last Post: March 4th, 2003, 09:18 AM
Tags for this Thread