Hard Drive scrub

Discussion in 'Computer Security' started by ---, Jun 17, 2005.

  1. ---

    --- Guest

    I've scrubed one of my hard drives using an application that does multiple wipes followed by a final writing of all zeros to every sector of the hard drive.

    How can I verify that the hard drive has truely been scrubed before I send it offiste?

    Thank you
     
    ---, Jun 17, 2005
    #1
    1. Advertising

  2. On Fri, 17 Jun 2005 06:18:56 GMT, "---" <> wrote:

    >I've scrubed one of my hard drives using an application that does multiple wipes followed by a final writing of all zeros to every sector of the hard drive.
    >
    >How can I verify that the hard drive has truely been scrubed before I send it offiste?
    >
    >Thank you



    Have a look here

    www.roadkil.net/

    ....for some disk sector tools etc...one of these will allow you to
    examine the disk for data.

    Regards,



    --
    Stephen Howard - Woodwind repairs & period restorations
    www.shwoodwind.co.uk
    Emails to: showard{whoisat}shwoodwind{dot}co{dot}uk
     
    Stephen Howard, Jun 17, 2005
    #2
    1. Advertising

  3. ---

    nemo_outis Guest

    "---" <> wrote in news:kXtse.1721605$6l.1632425@pd7tw2no:

    > Content-Type: text/plain; charset="iso-8859-1"
    > Content-Transfer-Encoding: quoted-printable
    >
    > I've scrubed one of my hard drives using an application that does
    > multiple wipes followed by a final writing of all zeros to every
    > sector of the hard drive.
    >
    > How can I verify that the hard drive has truely been scrubed before I
    > send it offiste?
    >
    > Thank you


    Use any of the file-recovery tools, especially the forensic ones, such as
    Encase, etc.

    This will confirm *software* unrecoverability - if someone is willing to
    spend serious bucks, hardware recovery may still be possible.

    Regards,
     
    nemo_outis, Jun 17, 2005
    #3
  4. ---

    someone2 Guest

    "nemo_outis" <> wrote in message
    news:Xns96784A18143F3abcxyzcom@127.0.0.1...
    > "---" <> wrote in news:kXtse.1721605$6l.1632425@pd7tw2no:
    >
    >> Content-Type: text/plain; charset="iso-8859-1"
    >> Content-Transfer-Encoding: quoted-printable
    >>
    >> I've scrubed one of my hard drives using an application that does
    >> multiple wipes followed by a final writing of all zeros to every
    >> sector of the hard drive.
    >>
    >> How can I verify that the hard drive has truely been scrubed before I
    >> send it offiste?
    >>
    >> Thank you

    >
    > Use any of the file-recovery tools, especially the forensic ones, such as
    > Encase, etc.
    >
    > This will confirm *software* unrecoverability - if someone is willing to
    > spend serious bucks, hardware recovery may still be possible.
    >
    > Regards,
    >


    Not true.
    After a 3 times overwrite virtually nothing is recoverable by any
    professional
    After a 30 times over write nothing is recoverable.

    If someone has the capability to recover anything of use after 7 times over
    write I want to speak to them. I will refer DR jobs to them!

    Re the OP and his ?. Winhex or similar and examine some random sectors for
    text or data.
     
    someone2, Jun 17, 2005
    #4
  5. ---

    nemo_outis Guest

    "someone2" <> wrote in
    news:mjDse.50345$iU.44518@lakeread05:

    >
    > "nemo_outis" <> wrote in message
    > news:Xns96784A18143F3abcxyzcom@127.0.0.1...
    >> "---" <> wrote in news:kXtse.1721605$6l.1632425@pd7tw2no:
    >>
    >>> Content-Type: text/plain; charset="iso-8859-1"
    >>> Content-Transfer-Encoding: quoted-printable
    >>>
    >>> I've scrubed one of my hard drives using an application that does
    >>> multiple wipes followed by a final writing of all zeros to every
    >>> sector of the hard drive.
    >>>
    >>> How can I verify that the hard drive has truely been scrubed before
    >>> I send it offiste?
    >>>
    >>> Thank you

    >>
    >> Use any of the file-recovery tools, especially the forensic ones,
    >> such as Encase, etc.
    >>
    >> This will confirm *software* unrecoverability - if someone is willing
    >> to spend serious bucks, hardware recovery may still be possible.
    >>
    >> Regards,
    >>

    >
    > Not true.
    > After a 3 times overwrite virtually nothing is recoverable by any
    > professional
    > After a 30 times over write nothing is recoverable.
    >
    > If someone has the capability to recover anything of use after 7 times
    > over write I want to speak to them. I will refer DR jobs to them!
    >
    > Re the OP and his ?. Winhex or similar and examine some random
    > sectors for text or data.



    The limits of the possible in data recovery are NOT set by the commercial
    recovery houses.

    The US DoD recommends *destruction* of any HD that is to pass outside the
    agency, EVEN for those used just for general office work, let alone those
    those that once contained classified data (see, for instance, DoD
    Directive 8500.1, October 2002. The ancient DoD 5220.22-M with its
    overwrite specs was rescinded as obsolete long ago!).

    Even degaussing is viewed askance (since only the top-end units can
    handle modern high-coercivity drives, and, even then, reliability - 80+
    dB suppression - is spotty). Software methods, such as overwriting, just
    don't cut it against a serious adversary (even ignoring, for the moment,
    that things such as HD buffers - some bigger than 8 megs - may result in
    7 overwrites really only resulting in one!).

    Yes, a disk that has been overwritten many times times will not be
    recoverable by an ordinary recovery shop, but they do not use methods
    such as second-harmonic magnetoresistive microscopy and newer variants
    (since they would never be economically viable See, for instance,
    http://www.boulder.nist.gov). Ordinary users need not worry about such
    recovery methods, but they are well within the capabilities of TLAs and
    some other labs (which is why I used "may" in my post).

    If a HD contains, or has ever contained, sensitive data it should be
    destroyed, not erased, when one is finished with it. Since new drives
    cost less than $1/gig these days, anything else is madness.

    Regards,
     
    nemo_outis, Jun 17, 2005
    #5
  6. ---

    Jim Watt Guest

    On 17 Jun 2005 17:51:45 GMT, "nemo_outis" <> wrote:

    >If a HD contains, or has ever contained, sensitive data it should be
    >destroyed, not erased, when one is finished with it. Since new drives
    >cost less than $1/gig these days, anything else is madness.


    For sensitive data maybe, but otherwise its a pity to trash something
    useful, and <4gb disks that work are getting a rarity and are needed
    for older machines that won't recognise the current crop.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jun 17, 2005
    #6
  7. ---

    Unruh Guest

    "nemo_outis" <> writes:

    >"someone2" <> wrote in
    >news:mjDse.50345$iU.44518@lakeread05:


    >>
    >> "nemo_outis" <> wrote in message
    >> news:Xns96784A18143F3abcxyzcom@127.0.0.1...
    >>> "---" <> wrote in news:kXtse.1721605$6l.1632425@pd7tw2no:
    >>>
    >>>> Content-Type: text/plain; charset="iso-8859-1"
    >>>> Content-Transfer-Encoding: quoted-printable
    >>>>
    >>>> I've scrubed one of my hard drives using an application that does
    >>>> multiple wipes followed by a final writing of all zeros to every
    >>>> sector of the hard drive.
    >>>>
    >>>> How can I verify that the hard drive has truely been scrubed before
    >>>> I send it offiste?
    >>>>
    >>>> Thank you
    >>>
    >>> Use any of the file-recovery tools, especially the forensic ones,
    >>> such as Encase, etc.
    >>>
    >>> This will confirm *software* unrecoverability - if someone is willing
    >>> to spend serious bucks, hardware recovery may still be possible.
    >>>
    >>> Regards,
    >>>

    >>
    >> Not true.
    >> After a 3 times overwrite virtually nothing is recoverable by any
    >> professional
    >> After a 30 times over write nothing is recoverable.


    Not true. The tracks on the disk can shift by small amounts.Thus the
    rewrite can cover a track that is shifted from the original (eg temp
    changes, electronics changes in the head positioning etc). Those small side
    tracks can still have useful info on them. It hard to read, and cannot be
    done with the usual disk hardware, but with special read heads or STMs
    information may well be recoverable.

    >>
    >> If someone has the capability to recover anything of use after 7 times
    >> over write I want to speak to them. I will refer DR jobs to them!
    >>
    >> Re the OP and his ?. Winhex or similar and examine some random
    >> sectors for text or data.



    >The limits of the possible in data recovery are NOT set by the commercial
    >recovery houses.


    >The US DoD recommends *destruction* of any HD that is to pass outside the
    >agency, EVEN for those used just for general office work, let alone those
    >those that once contained classified data (see, for instance, DoD
    >Directive 8500.1, October 2002. The ancient DoD 5220.22-M with its
    >overwrite specs was rescinded as obsolete long ago!).


    >Even degaussing is viewed askance (since only the top-end units can
    >handle modern high-coercivity drives, and, even then, reliability - 80+
    >dB suppression - is spotty). Software methods, such as overwriting, just
    >don't cut it against a serious adversary (even ignoring, for the moment,
    >that things such as HD buffers - some bigger than 8 megs - may result in
    >7 overwrites really only resulting in one!).


    >Yes, a disk that has been overwritten many times times will not be
    >recoverable by an ordinary recovery shop, but they do not use methods
    >such as second-harmonic magnetoresistive microscopy and newer variants
    >(since they would never be economically viable See, for instance,
    >http://www.boulder.nist.gov). Ordinary users need not worry about such
    >recovery methods, but they are well within the capabilities of TLAs and
    >some other labs (which is why I used "may" in my post).


    >If a HD contains, or has ever contained, sensitive data it should be
    >destroyed, not erased, when one is finished with it. Since new drives
    >cost less than $1/gig these days, anything else is madness.


    Agree completely.
    And when you destroy it, make sure that you heat the platters to a high
    temp.


    >Regards,
     
    Unruh, Jun 17, 2005
    #7
  8. ---

    Unruh Guest

    Jim Watt <_way> writes:

    >On 17 Jun 2005 17:51:45 GMT, "nemo_outis" <> wrote:


    >>If a HD contains, or has ever contained, sensitive data it should be
    >>destroyed, not erased, when one is finished with it. Since new drives
    >>cost less than $1/gig these days, anything else is madness.


    >For sensitive data maybe, but otherwise its a pity to trash something
    >useful, and <4gb disks that work are getting a rarity and are needed
    >for older machines that won't recognise the current crop.


    The OP wanted to remove data. He has to decide how sensitive the data is.
    If the data would be worth $10M if it fell into the wrong hands then
    recycling the disk for the $100 savings is lunacy. If the data is worth
    $50, then by all means recycle the disk.
     
    Unruh, Jun 17, 2005
    #8
  9. ---

    nemo_outis Guest

    Jim Watt <_way> wrote in
    news::

    > On 17 Jun 2005 17:51:45 GMT, "nemo_outis" <> wrote:
    >
    >>If a HD contains, or has ever contained, sensitive data it should be
    >>destroyed, not erased, when one is finished with it. Since new drives
    >>cost less than $1/gig these days, anything else is madness.

    >
    > For sensitive data maybe, but otherwise its a pity to trash something
    > useful, and <4gb disks that work are getting a rarity and are needed
    > for older machines that won't recognise the current crop.
    > --
    > Jim Watt
    > http://www.gibnet.com



    I agree that it's up to the owner to do a risk/threat assessment and decide
    how sensitive the data was and if software overwriting is sufficient.
    Maybe for some the answer will be "it's OK." For most, however, the answer
    will be that its a needless risk for very little benefit - to them or to
    others.

    A 4-gig drive's replacement value is less than $4 and it seems to me that
    taking any risk for that sort of money is silly. One recovered bad sector
    (possibly, say, passed over in the overwriting) might mean a serious data
    leak, a massive lawsuit, or a major PR hit for a firm. Seems foolhardy and
    penny-wise, pound-foolish to me.

    Moreover, any motherboard that won't recognize anything except a 4-gig
    drive should be of interest only to the Smithsonian. Junk both it and the
    drive!

    We're talking nickle and dime stuff here. Just the time to erase the disk
    and verify its cleanliness is worth much more than the disk (unless you
    value your time under $1/hour :) Destroy the drive and give $50 to
    charity: a bigger benefit than 10 such used disks, no risk, no endless
    jacking around, and a nice warm fuzzy feeling..

    Regards,
     
    nemo_outis, Jun 18, 2005
    #9
  10. ---

    Jim Watt Guest

    On 18 Jun 2005 02:38:37 GMT, "nemo_outis" <> wrote:

    >A 4-gig drive's replacement value is less than $4 and it seems to me that
    >taking any risk for that sort of money is silly. One recovered bad sector
    >(possibly, say, passed over in the overwriting) might mean a serious data
    >leak, a massive lawsuit, or a major PR hit for a firm. Seems foolhardy and
    >penny-wise, pound-foolish to me.
    >
    >Moreover, any motherboard that won't recognize anything except a 4-gig
    >drive should be of interest only to the Smithsonian. Junk both it and the
    >drive!
    >
    >We're talking nickle and dime stuff here. Just the time to erase the disk
    >and verify its cleanliness is worth much more than the disk (unless you
    >value your time under $1/hour :) Destroy the drive and give $50 to
    >charity: a bigger benefit than 10 such used disks, no risk, no endless
    >jacking around, and a nice warm fuzzy feeling..


    Yes and no.

    I recently spent lots of hours fixing a machine that would only work
    with a <4gb drive. The problem was finding one that worked because
    several found in our junk collection are there because they have been
    replaced for being dodgy. They are now safely binned.

    The clients machine has lots of ISA slots with special cards to drive
    external hardware and the software only runs on win/98. A new
    machine is not the solution.

    I jsut hope that the drive on my Northstar Horizon holds out because
    MFM drives are hard to find ...
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jun 18, 2005
    #10
  11. ---

    nemo_outis Guest

    Jim Watt <_way> wrote in
    news::

    > Yes and no.
    >
    > I recently spent lots of hours fixing a machine that would only work
    > with a <4gb drive. The problem was finding one that worked because
    > several found in our junk collection are there because they have been
    > replaced for being dodgy. They are now safely binned.
    >
    > The clients machine has lots of ISA slots with special cards to drive
    > external hardware and the software only runs on win/98. A new
    > machine is not the solution.
    >
    > I jsut hope that the drive on my Northstar Horizon holds out because
    > MFM drives are hard to find ...
    > --
    > Jim Watt
    > http://www.gibnet.com
    >



    Yes, I'm sure being the curator of a museum of junk must have its
    tribulations :)

    Regards,
     
    nemo_outis, Jun 18, 2005
    #11
  12. ---

    Jim Watt Guest

    On 18 Jun 2005 13:26:52 GMT, "nemo_outis" <> wrote:

    >>
    >> I jsut hope that the drive on my Northstar Horizon holds out because
    >> MFM drives are hard to find ...
    >> --
    >> Jim Watt
    >> http://www.gibnet.com
    >>

    >
    >
    >Yes, I'm sure being the curator of a museum of junk must have its
    >tribulations :)


    I had to let my S/36 and AS-400 model 70 go, along with the
    five racks of DASD amounting to nearly 8gb storage ...
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jun 18, 2005
    #12
  13. ---

    someone2 Guest

    "nemo_outis" <> wrote in message
    news:Xns967878AC1CCAEabcxyzcom@127.0.0.1...
    > "someone2" <> wrote in
    > news:mjDse.50345$iU.44518@lakeread05:
    >
    >>
    >> "nemo_outis" <> wrote in message
    >> news:Xns96784A18143F3abcxyzcom@127.0.0.1...
    >>> "---" <> wrote in news:kXtse.1721605$6l.1632425@pd7tw2no:
    >>>
    >>>> Content-Type: text/plain; charset="iso-8859-1"
    >>>> Content-Transfer-Encoding: quoted-printable
    >>>>
    >>>> I've scrubed one of my hard drives using an application that does
    >>>> multiple wipes followed by a final writing of all zeros to every
    >>>> sector of the hard drive.
    >>>>
    >>>> How can I verify that the hard drive has truely been scrubed before
    >>>> I send it offiste?
    >>>>
    >>>> Thank you
    >>>
    >>> Use any of the file-recovery tools, especially the forensic ones,
    >>> such as Encase, etc.
    >>>
    >>> This will confirm *software* unrecoverability - if someone is willing
    >>> to spend serious bucks, hardware recovery may still be possible.
    >>>
    >>> Regards,
    >>>

    >>
    >> Not true.
    >> After a 3 times overwrite virtually nothing is recoverable by any
    >> professional
    >> After a 30 times over write nothing is recoverable.
    >>
    >> If someone has the capability to recover anything of use after 7 times
    >> over write I want to speak to them. I will refer DR jobs to them!
    >>
    >> Re the OP and his ?. Winhex or similar and examine some random
    >> sectors for text or data.

    >
    >
    > The limits of the possible in data recovery are NOT set by the commercial
    > recovery houses.
    >
    > The US DoD recommends *destruction* of any HD that is to pass outside the
    > agency, EVEN for those used just for general office work, let alone those
    > those that once contained classified data (see, for instance, DoD
    > Directive 8500.1, October 2002. The ancient DoD 5220.22-M with its
    > overwrite specs was rescinded as obsolete long ago!).
    >
    > Even degaussing is viewed askance (since only the top-end units can
    > handle modern high-coercivity drives, and, even then, reliability - 80+
    > dB suppression - is spotty). Software methods, such as overwriting, just
    > don't cut it against a serious adversary (even ignoring, for the moment,
    > that things such as HD buffers - some bigger than 8 megs - may result in
    > 7 overwrites really only resulting in one!).
    >
    > Yes, a disk that has been overwritten many times times will not be
    > recoverable by an ordinary recovery shop, but they do not use methods
    > such as second-harmonic magnetoresistive microscopy and newer variants
    > (since they would never be economically viable See, for instance,
    > http://www.boulder.nist.gov). Ordinary users need not worry about such
    > recovery methods, but they are well within the capabilities of TLAs and
    > some other labs (which is why I used "may" in my post).
    >
    > If a HD contains, or has ever contained, sensitive data it should be
    > destroyed, not erased, when one is finished with it. Since new drives
    > cost less than $1/gig these days, anything else is madness.
    >
    > Regards,


    "second-harmonic magnetoresistive microscopy "
    Please provide a direct link to factual information.

    I contacted NIST, a few forensics companies, Ontrack and some other DR
    companies in 2004.
    All stated at that time DR via microscopy was not feasible.

    It's been a great long standing rumor, but I cannot find any factual
    information to back the rumor.

    If you have a factual and credible source please post the information.

    re some of your other postings on this topic - you may have no need or
    interest in a 4 Gb hdd (let alone a 250Mb) - but there are individuals and
    groups that will never have
    access to any computer. Why are we trashing something of value when it could
    be re used and have value to someone else?

    Many home computer users never have anything of value on their computers
    (data wise) and how many dumpster divers would spend a week trying to find
    anything of value on
    a discarded computer.

    Once again, my challenge stands (as I will remarket the services of a DR
    company with the capability) - if I re write a hdd to the DoD std -
    demonstrate recovery of any data of relevance!

    btw, before reposting, if I had national secrets or financial information
    for 1,0000,0000 individuals on a hdd I would physically destroy it too.
    The solution is simple, remove the hdd platters and use them for a
    windchime!



    >
     
    someone2, Jun 18, 2005
    #13
  14. ---

    nemo_outis Guest

    "someone2" <> wrote in
    news:c2Xse.50429$iU.16228@lakeread05:

    > "nemo_outis" <> wrote in message
    > news:Xns967878AC1CCAEabcxyzcom@127.0.0.1...



    >> If a HD contains, or has ever contained, sensitive data it should be
    >> destroyed, not erased, when one is finished with it. Since new
    >> drives cost less than $1/gig these days, anything else is madness.
    >>
    >> Regards,

    >
    > "second-harmonic magnetoresistive microscopy "
    > Please provide a direct link to factual information.
    >
    > I contacted NIST, a few forensics companies, Ontrack and some other DR
    > companies in 2004.
    > All stated at that time DR via microscopy was not feasible.



    You don't quite seem to get it. It's not whether I can *prove* that data
    recovery is possible by TLAs or others using sophisticated hardware
    methods but whether it is worth *risking* it. While the technology may
    not be commercially viable for ordinary recovery houses (e.g., Ontrack)
    that does not set the limits of the possible. Peter Gutmann - in whom I
    have far greater confidence than you - was warning about sophisticated
    hardware data recovery back in 1996 - and I have no doubt that the
    technology has improved markedly since then.

    Despite your bland assurances that data recovery is not possible after
    software overwriting, I prefer instead - and recommend to others - that
    they exercise the prudence which the DoD *requires* even for ordinary
    business-use computers: destruction of the HD after use. I regard as
    highly indicative the fact that the orange-book recommendations for
    overwriting (DoD 5200.28-M) were last revised back in 1988 and
    specifically *rescinded and revoked* in 2002!

    Moreover, aside from data recovery, there are any number of ways to
    *bungle* the overwriting in the first place! These include skipping over
    sectors marked "bad" (but which may nonetheless contain valuable data) to
    the overwrites being buffered and resulting in a single write. There is
    also the possibility, for instance, of disk areas such as the HPA being
    completely overlooked. Lots of ways for all but an expert user to screw
    up and leave valuable data behind.

    Add to that the additional overhead of verifying that the data has been
    effectively erased (or do you prefer to run blind?) and the cost to scrub
    goes up further.

    As for whether the drive has ever held sensitive data, the overwhelming
    likelihood is that the company *does not know!* While the drive may have
    ended its life on the shipping dock, it might have started life in the
    office of the vice-president.

    You may choose to roll the dice - that's entirely up to you - But IMHO
    it's both foolhardy and a waste of time for a drive that's worth less
    than 5 bucks!

    Regards,
     
    nemo_outis, Jun 18, 2005
    #14
  15. ---

    nemo_outis Guest

    "nemo_outis" <> wrote in
    news:Xns967967BD16F88abcxyzcom@127.0.0.1:


    An afterthought...


    One area I neglected to mention but which is very important is procedural
    screwups.

    If you regularly dispose of - supposedly erased - HDs to outside agencies
    there is a high risk of procedural screwups resulting in serious data
    leaks.

    For example, out of a pile of a dozen drives to be erased, one gets
    accidentally placed in the "finished" pile even though nothing was done to
    it. Or the computer housing a drive during erasure is accidentally shut
    down before erasure is complete and a half-erased drive is carelessly
    thrown on the "finished" pile.

    Let's face it, if your company's policy is to "erase and give away," then a
    company of any size is going to be handling many (perhaps hundreds?) of
    drives a year. And it is unlikely to assign the "challenging and
    interesting" task of HD erasure to its top-notch IT pros. Nope, it will be
    done casually and sloppily by inexperienced low-level employees. And,
    sooner or later - for such is Murphy's law - unerased drives will get
    through!

    In short, recycling "erased" drives has to be considered as a "business
    process" and not just in terms of the technology of erasing. Tunnel vision
    concentrating solely on technology is not a good model for effective
    security and privacy practice.

    Regards,
     
    nemo_outis, Jun 18, 2005
    #15
  16. ---

    someone2 Guest

    "nemo_outis" <> wrote in message
    news:Xns967967BD16F88abcxyzcom@127.0.0.1...
    > "someone2" <> wrote in
    > news:c2Xse.50429$iU.16228@lakeread05:
    >
    >> "nemo_outis" <> wrote in message
    >> news:Xns967878AC1CCAEabcxyzcom@127.0.0.1...


    You missed the point.
    Not that you don't make a few good points, ie. if I was wiping 10 hdd's
    simultaneously (only one now), I could easily not wipe down a hdd.
    That hdd may or may not have anything of any value to anyone.

    You did not provide any further details re "second-harmonic magnetoresistive
    microscopy "

    So, that topic must still be fiction and not fact!

    Btw, I quote an article from Peter Gutmann on my website, he states
    microscopic recovery of data from hdd is not feasible.(2004)

    Facts, not B.S please!

    btw jobs I have sent to Ontrack have been $2000 or more, I am sure if there
    is a feasible commercial solution to read data from platters they would have
    it available!
    Their representative for Ontrack resellers (once again 2004) stated they
    cannot recover via any microscopic methods.

    FACTS, not BS!

    If, and I doubt it, you have a link to DR via microscopy, nothing general
    but a company or detailed info, I would really appreciate the link.




    >
    >
    >>> If a HD contains, or has ever contained, sensitive data it should be
    >>> destroyed, not erased, when one is finished with it. Since new
    >>> drives cost less than $1/gig these days, anything else is madness.
    >>>
    >>> Regards,

    >>
    >> "second-harmonic magnetoresistive microscopy "
    >> Please provide a direct link to factual information.
    >>
    >> I contacted NIST, a few forensics companies, Ontrack and some other DR
    >> companies in 2004.
    >> All stated at that time DR via microscopy was not feasible.

    >
    >
    > You don't quite seem to get it. It's not whether I can *prove* that data
    > recovery is possible by TLAs or others using sophisticated hardware
    > methods but whether it is worth *risking* it. While the technology may
    > not be commercially viable for ordinary recovery houses (e.g., Ontrack)
    > that does not set the limits of the possible. Peter Gutmann - in whom I
    > have far greater confidence than you - was warning about sophisticated
    > hardware data recovery back in 1996 - and I have no doubt that the
    > technology has improved markedly since then.
    >
    > Despite your bland assurances that data recovery is not possible after
    > software overwriting, I prefer instead - and recommend to others - that
    > they exercise the prudence which the DoD *requires* even for ordinary
    > business-use computers: destruction of the HD after use. I regard as
    > highly indicative the fact that the orange-book recommendations for
    > overwriting (DoD 5200.28-M) were last revised back in 1988 and
    > specifically *rescinded and revoked* in 2002!
    >
    > Moreover, aside from data recovery, there are any number of ways to
    > *bungle* the overwriting in the first place! These include skipping over
    > sectors marked "bad" (but which may nonetheless contain valuable data) to
    > the overwrites being buffered and resulting in a single write. There is
    > also the possibility, for instance, of disk areas such as the HPA being
    > completely overlooked. Lots of ways for all but an expert user to screw
    > up and leave valuable data behind.
    >
    > Add to that the additional overhead of verifying that the data has been
    > effectively erased (or do you prefer to run blind?) and the cost to scrub
    > goes up further.
    >
    > As for whether the drive has ever held sensitive data, the overwhelming
    > likelihood is that the company *does not know!* While the drive may have
    > ended its life on the shipping dock, it might have started life in the
    > office of the vice-president.
    >
    > You may choose to roll the dice - that's entirely up to you - But IMHO
    > it's both foolhardy and a waste of time for a drive that's worth less
    > than 5 bucks!
    >
    > Regards,
    >
     
    someone2, Jun 19, 2005
    #16
  17. ---

    nemo_outis Guest

    "someone2" <> wrote in
    news:4M1te.50467$iU.22818@lakeread05:

    >
    > "nemo_outis" <> wrote in message
    > news:Xns967967BD16F88abcxyzcom@127.0.0.1...


    > You missed the point.
    > Not that you don't make a few good points, ie. if I was wiping 10
    > hdd's simultaneously (only one now), I could easily not wipe down a
    > hdd. That hdd may or may not have anything of any value to anyone.
    >
    > You did not provide any further details re "second-harmonic
    > magnetoresistive microscopy "
    >
    > So, that topic must still be fiction and not fact!




    Sadly, once again, you are staring at the pointing finger rather than at
    the moon to which it is pointing. Fixation on one phrase rather than on
    the main point.

    And, in the words of Darth Vader, "I find your lack of faith disturbing."

    However, unlike Darth, I am a kindly man and so... Re "second-harmonic
    magnetoresistive microscopy," I don't suppose it entered your mind to
    search for the phrase in Google, did it?

    But there it is, large as life, on the NIST site:

    Magnetic Recording Measurements
    http://www.boulder.nist.gov/div818/81803/2001/MagneticRecordingMeasuremen
    ts/

    or, even more specifically, as applied to data recovery from HDs, under
    the subheading "New Technique Finds Lost Data:"

    http://www.nist.gov/public_affairs/taglance/tagwin01/winter2001.htm



    > Btw, I quote an article from Peter Gutmann on my website, he states
    > microscopic recovery of data from hdd is not feasible.(2004)
    >
    >
    > btw jobs I have sent to Ontrack have been $2000 or more, I am sure if
    > there is a feasible commercial solution to read data from platters
    > they would have it available!
    > Their representative for Ontrack resellers (once again 2004) stated
    > they cannot recover via any microscopic methods.



    $2000? A piffle, a mere bagatelle. Of course Ontrack doesn't do any of
    the advanced techniques. Data recovery is a niche market - one that
    caters to idiots, the imprudent, and the careless - those who don't have
    backups. And even within the small cadre of idiots willing to pay
    anything to recover from their stupidity, those who are willing to spend
    $2000 are a still much smaller niche market. That there is essentially
    NO commercial market for data recovery using still more advanced - and
    still more expensive - techniques like magnetic force microscopy and its
    enhancements is hardly surprising. I said as much in several of my
    previous posts.

    But that there are too few numbskulls with deep pockets to support a
    commercial market doesn't mean that it isn't an entirely feasible method
    for those with different motivations and deeper pockets. For instance,
    there were any number of well-heeled pirates who weren't averse to using
    techniques such as focussed-ion-beam technology to reverse-engineer smart
    cards for European TV. The capital cost of these and similar laser tools
    ran into the millions (BTW today these tools can be rented for a lousy
    few hundred an hour!).

    Regards,
     
    nemo_outis, Jun 19, 2005
    #17
  18. ---

    Jim Watt Guest

    On 19 Jun 2005 00:12:24 GMT, "nemo_outis" <> wrote:

    <snip>

    Speaking of data recovery, the largest problem we saw was those
    shitty Fujitsu drives that died after a year due to a manufacturing
    defect. A chip overheated.

    I found it was possible to copy some of them by squirting freezer
    spray onto the chip.

    There was a class action against them for it in the US and their
    general reaction to complaints was 'bugger off'. Haven't bought
    any of their product since.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jun 19, 2005
    #18
  19. ---

    nemo_outis Guest

    Jim Watt <_way> wrote in
    news::

    > On 19 Jun 2005 00:12:24 GMT, "nemo_outis" <> wrote:
    >
    > <snip>
    >
    > Speaking of data recovery, the largest problem we saw was those
    > shitty Fujitsu drives that died after a year due to a manufacturing
    > defect. A chip overheated.
    >
    > I found it was possible to copy some of them by squirting freezer
    > spray onto the chip.
    >
    > There was a class action against them for it in the US and their
    > general reaction to complaints was 'bugger off'. Haven't bought
    > any of their product since.
    > --
    > Jim Watt
    > http://www.gibnet.com
    >




    And then there were the infamous IBM Deskstars with the "click of
    death." I've got one that has worked flawlessly for years, but I'm
    always listening :)

    Actually it's amazing how primitive the techniques are in most commercial
    data-recovery houses.

    1. The first line is just plain software recovery.

    2. Next up, they have an inventory of same-make-&-model drives
    from which to swap electronics.

    3. While they do occasionally open the drive case, they seldom
    do anthing fancier than try to free a stuck spindle or head assembly, or,
    about as far as they ever go, swap out a head assembly. For certain, they
    do no serious platter recovery using advanced microscopy methods.

    4. The fanciest piece of equipment they are likely to use is an
    Ace Labs PC-3000 (or equivalent home-rolled hardware). Capital cost:
    less than $5000

    They are, of course, likely to have an inventory of specialized software
    and knowledge, such as the firmware of various drives (you can buy this
    sort of stuff commercially from Salvation Data but they're pretty flaky -
    hit and miss).

    All in all, not that impressive. No super-high-tech and not a capital-
    intensive business, despite their PR attempts to seem sexy. But, then
    again, they are mostly a niche market for idiots who don't do backups.
    (In the very early days recovering the hardware could be commercially
    worthwhile. Not any more. Now with drives so cheap only software
    recovery has any commercial value, and, even then, few are willing to pay
    for anything beyond the simplest methods described above).

    Regards,
     
    nemo_outis, Jun 19, 2005
    #19
  20. ---

    Tetractys Guest

    nemo_outis wrote:

    > or, even more specifically, as applied to data recovery
    > from HDs, under the subheading "New Technique Finds
    > Lost Data:"
    >
    > http://www.nist.gov/public_affairs/taglance/tagwin01/winter2001.htm


    I looked for and did not find any recent reference to
    this technique actually being used after the 2000-1
    flurry of press releases about the NIST announcement
    that they had discovered a new method that "could"
    result in a new method of data recovery -- a method that
    was tested with audio tape.

    Do you have any references that show this method
    has actually been developed as a forensic or data
    recovery tool? I have not found any. All of your cites
    refer back to the original NIST press release.
     
    Tetractys, Jun 19, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Nate
    Replies:
    1
    Views:
    1,131
    Ed Mullen
    Feb 21, 2004
  2. Anthropy
    Replies:
    4
    Views:
    1,073
    Anthropy
    Feb 24, 2004
  3. Replies:
    0
    Views:
    1,262
  4. Howard

    Reg scrub

    Howard, Mar 3, 2004, in forum: NZ Computing
    Replies:
    2
    Views:
    513
  5. Spin
    Replies:
    7
    Views:
    757
    Bill in Co.
    Apr 9, 2008
Loading...

Share This Page