«

On Sat, 22 Jul 2006 12:41:14 -0400, ASAAR <> wrote:

>On Sat, 22 Jul 2006 09:50:48 +0100, Prometheus wrote:
>
>> A normal format does not. I have recovered data from a card that had
>> been formatted after repair damage cause be a battery failure during a
>> write. Incidentally, if you want to ensure data is never recovered from
>> a card you should incinerate it, overwriting is not adequate.
>
> That's true for magnetic media, where a small percentage of
>previously written data can be recovered.

Small is right.
After reading many papers and articles on tis subject (I became
curious after an FBI man did a 'dog and pony' show at a UG meeting,
implying (without actually saying so) that they (the FBI) can reliably
recover overwritten data), I've come to the conclusion that the
ability of three-letter Gov't agencies can recover about 20% at best
of data that's been overwritten once; 5% is much more likely. If the
data is overwritten three times, this drops to about .05%.
That's not much, but with the software they have, they can sometimes
come up with enough reconstructed data to point their investigations
in certain directions.
(The software uses probablity to reconstruct the small amount of data
they get, often single characters here and there, to give them an idea
of what might have been the underlying data. Unless the recovery
actually gives something that can be easily read, such recovery
results aren't something that can be used in court. Of course, a lot
of people aren't smart enough to even delete their incriminating data,
much less overwrite it.)
>Flash cards aren't
>compromised by imprecise mechanical alignment, and any recovery of
>previous data would be far less successful, would probably require
>physically removing the flash memory from its case so that
>sophisticated electronics could replace the card's controller, and
>what little might be recovered would depend on the data pattern that
>was used to overwrite the previously written data. If recovering
>overwritten data was a simple as you may (or may not) be implying,
>then by overwriting a 1GB card several times (with varying data
>patterns), 2GB, 3GB or even many GB's of data could be recovered
>from it, which is well beyond the capabilities of even a Poindexter.

Absolutely, in a lot of cases.
Overwriting 3 times (first with zeroes, then with ones, then with
ramdom characters, will foil all but the most determined and
well-funded.
There's a well-known shop here in the Phoenix area that advertises
that they can recover data with remarkable regularity. They aren't
quite right; they can recover if the data hasn't been overwritten, but
so can I.
--
Bill Funk
replace "g" with "a"

On Mon, 24 Jul 2006 03:56:04 -0500, Ron Hunter <>
wrote:

>Bill Funk wrote:
>> On Sun, 23 Jul 2006 19:18:33 -0400, ASAAR <> wrote:
>>
>>> As for the card readers, there's no documentation on them that I'm
>>> aware of, but they're *not* plugged into one of the 6 available
>>> external USB 2.0 HS ports. They're built into the top of the
>>> computer's case (just above the DVD writer), with 4 physical slots
>>> supporting 6 or 7 card types. I can live with their lack of speed
>>> for now, but if and when I get a camera whose image files are larger
>>> than my current S5100's, and have more than 1GB to transfer at a
>>> time, or if I get an mp3 player, then I'll start looking for an
>>> external card reader that's USB 2.0 HS compatible.
>>
>> Something I ran across recently...
>> http://www.trustedreviews.com/articl...ge=7501&head=0
>> According to this review, the card reader has a lot to do with the
>> speed the card delivers.
>> And none of the cards they tested/reviewed came close to their
>> advertised speeds.
>> I've noticed the difference in reader speeds, as I have one for my
>> desktop and one for my laptop, and they differ in speed with the same
>> cards.
>
>I am aware of no USB 2.0 devices that actually approach the 480mbps
>transfer rates advertised for USB 2.0. I have an external USB 2.0 HD on
>my wife's machine that comes closest, but it is still far less than half
>the 480mbps rate.
>Another case of the interface not living up to specifications. No
>surprise there.

You put that differently than I did, thanks.
If the readers are the bottlenecks, what do the card makers use to
test their cards' speeds?
--
Bill Funk
replace "g" with "a"

On Tue, 25 Jul 2006 12:47:14 -0700, Bill Funk <> wrote:


>On Fri, 21 Jul 2006 23:46:53 -0700, "Daryl Bryant"
><> wrote:

>>Doesn't really matter when formatting card using the camera formatting
>>utility!!! - I just do a move from card to hard drive. That way there is no
>>need to delete!

>Many of us cringe when someone uses <move>.
>We've been caught when using <move> because there isn't a safety
>involved; if the write goes wrong, the erase doesn't leave you
>anything without a time-consuming recovery process; and if the
>recovery isn't done right away, totasl loss can occur.
>I realize that nowadays, such things don't happen often, but once (or
>many times) bitten...

You were taught wrong.
In a move, just the filename information is written. It is much safer
and faster than copying.

>You were taught wrong.
>In a move, just the filename information is written. It is much safer
>and faster than copying.

The above is correct only if moving files from one location to another on
the same drive. Moving from one drive to another (for example, from the
flash card to your hard drive) involves a copy to new location and a delete
from old location.

On Tue, 25 Jul 2006 20:50:15 GMT, imagejunkie <> wrote:


>>You were taught wrong.
>>In a move, just the filename information is written. It is much safer
>>and faster than copying.

>The above is correct only if moving files from one location to another on
>the same drive. Moving from one drive to another (for example, from the
>flash card to your hard drive) involves a copy to new location and a delete
>from old location.

agreed.

On Tue, 25 Jul 2006 12:47:14 -0700, Bill Funk wrote:

> Many of us cringe when someone uses <move>.
> We've been caught when using <move> because there isn't a safety
> involved; if the write goes wrong, the erase doesn't leave you
> anything without a time-consuming recovery process; and if the
> recovery isn't done right away, totasl loss can occur.
> I realize that nowadays, such things don't happen often, but once (or
> many times) bitten...

As I mentioned here several months ago, while Windows Explorer was
moving files the computer crashed. After rebooting it wasn't just
some of the "moved" files that suffered. Even though they were on a
different physical drive, dozens of system files on the C: drive
were wiped out as well, and one of the few apps that remained usable
(fortunately) was my tape backup/restore software. The computer had
previously crashed a time or two during "moves" during the previous
half year, but they didn't result in any data loss. But when a
computer crashes, almost anything is possible. Sometimes it's a lot
more than just some of the files that are being moved. I now tend
to copy first and delete later. But where image files from my
camera are concerned, they're usually never deleted until they've
been copied to at least two CDs. With my new computer I also have
another copy on a large external hard drive.

On Tue, 25 Jul 2006 20:24:04 GMT, AZ Nomad wrote:

> You were taught wrong.
> In a move, just the filename information is written. It is much safer
> and faster than copying.

And you're mistaken as well if the move is between different hard
drives, as was the case when disaster struck my computer (that I
described in a post several minutes ago). And in this particular
case the discussion was about moving files from a flash card to a
hard drive, and that requires all of the files to be copied. In
such a case Windows doesn't move only the filename information.

On Tue, 25 Jul 2006 13:00:41 -0700, Bill Funk wrote:

> (The software uses probablity to reconstruct the small amount of data
> they get, often single characters here and there, to give them an idea
> of what might have been the underlying data. Unless the recovery
> actually gives something that can be easily read, such recovery
> results aren't something that can be used in court. Of course, a lot
> of people aren't smart enough to even delete their incriminating data,
> much less overwrite it.)

Prosecutor speaking in court: "The recovered data clearly shows
that defendant made admissions that are consistent with him being
armed with a deadly weapon at the time of the murder."

Recovered email data: " ...arving knif... . . . remov... ...urkey
leg . . . anksgiv...olida..."


Back in time before the advent of IBM's PC, a non-working software
package was returned by (IIRC) an FBI employee. The 8" floppy disk
was accompanied by a cover letter explaining and sort of apologizing
because he said that the policy was that the contents of the disk
had to be "sanitized" before returning it. I examined the disk and
found that all that had been done to the disk was that the files had
been erased, and by replacing the "e5" character used for the first
byte of the directory entries, all of the original files were
quickly restored. He may have known what was going on and simply
wrote the cover letter as a butt-protector, but given that decades
later we found that FBI employees were generally computer illiterate
and didn't have the software resources to do more than the simplest
single word text searches, one has to wonder . . . Now that I think
about it, I'm pretty sure that many of the FBI field agents were
comfortable with computers. It was just the D.C. brass, especially
the technophobic Freeh that had an aversion to computers.

On Tue, 25 Jul 2006 19:48:06 -0400, ASAAR <> wrote:


>On Tue, 25 Jul 2006 20:24:04 GMT, AZ Nomad wrote:

>> You were taught wrong.
>> In a move, just the filename information is written. It is much safer
>> and faster than copying.

> And you're mistaken as well if the move is between different hard
>drives, as was the case when disaster struck my computer (that I
>described in a post several minutes ago). And in this particular
>case the discussion was about moving files from a flash card to a
>hard drive, and that requires all of the files to be copied. In
>such a case Windows doesn't move only the filename information.

Yes. That has already been pointed out.

On Wed, 26 Jul 2006 00:43:49 GMT, AZ Nomad wrote:

>> . . . and that requires all of the files to be copied. In
>> such a case Windows doesn't move only the filename information.
>
> Yes. That has already been pointed out.

You didn't have to be so polite. It might confuse someone into
thinking they're in the wrong newsgroup.


"Wild thing, you move me.
But I want to know for sure."