Secure Deletion: Myth vs Reality

Discussion in 'NZ Computing' started by Lawrence D'Oliveiro, Apr 22, 2010.

  1. So Peter Gutmann was wrong? This report
    <http://www.h-online.com/newsticker/news/item/Secure-deletion-a-single-overwrite-will-do-it-739699.html>
    says that a single overwrite of data with zeroes reduces the probability of
    correct reconstruction of a single bit, under ideal conditions, to 56%, that
    of a whole byte to 0.97%, anything more than that ... well, you get the
    idea.
     
    Lawrence D'Oliveiro, Apr 22, 2010
    #1
    1. Advertising

  2. Lawrence D'Oliveiro

    peterwn Guest

    On Apr 22, 7:35 pm, Lawrence D'Oliveiro <l...@geek-
    central.gen.new_zealand> wrote:
    > So Peter Gutmann was wrong? This report
    > <http://www.h-online.com/newsticker/news/item/Secure-deletion-a-single...>
    > says that a single overwrite of data with zeroes reduces the probability of
    > correct reconstruction of a single bit, under ideal conditions, to 56%, that
    > of a whole byte to 0.97%, anything more than that ... well, you get the
    > idea.


    I think that recovering original data from over-written tracks has
    always required a significant forensic effortwhich would be warranted
    in the most extreme cases eg national security concerns or where an
    enemy's HD containing cryptographic information becomes available. It
    may have required a microscopic examination of the platters bit by
    bit. Possibly if a HD or FD drive was adjusted so the head was to one
    side of the track it might pick up the residue of a deleted track.
    Higher data densities and tighter tolerances would nowadays make such
    an operation almost impossible.
     
    peterwn, Apr 22, 2010
    #2
    1. Advertising

  3. On Thu, 22 Apr 2010 03:45:00 -0700 (PDT), peterwn <>
    wrote:

    >On Apr 22, 7:35 pm, Lawrence D'Oliveiro <l...@geek-
    >central.gen.new_zealand> wrote:
    >> So Peter Gutmann was wrong? This report
    >> <http://www.h-online.com/newsticker/news/item/Secure-deletion-a-single...>
    >> says that a single overwrite of data with zeroes reduces the probability of
    >> correct reconstruction of a single bit, under ideal conditions, to 56%, that
    >> of a whole byte to 0.97%, anything more than that ... well, you get the
    >> idea.

    >
    >I think that recovering original data from over-written tracks has
    >always required a significant forensic effortwhich would be warranted
    >in the most extreme cases eg national security concerns or where an
    >enemy's HD containing cryptographic information becomes available. It
    >may have required a microscopic examination of the platters bit by
    >bit. Possibly if a HD or FD drive was adjusted so the head was to one
    >side of the track it might pick up the residue of a deleted track.
    >Higher data densities and tighter tolerances would nowadays make such
    >an operation almost impossible.


    I always thought that they used to use the same techniques used now
    for perpendicular recording. So they could get a previous write from
    a lower layer of disk. Now that perpendicular recording is used, that
    would not work very well at all. Of course, I really have no idea if
    that is how or if it was able to be done - it was just a guess.
     
    Stephen Worthington, Apr 22, 2010
    #3
  4. Lawrence D'Oliveiro

    Sweetpea Guest

    On Fri, 23 Apr 2010 04:21:02 +1200, Stephen Worthington wrote:

    > On Thu, 22 Apr 2010 03:45:00 -0700 (PDT), peterwn <>
    > wrote:
    >
    >>On Apr 22, 7:35 pm, Lawrence D'Oliveiro <l...@geek-
    >>central.gen.new_zealand> wrote:
    >>> So Peter Gutmann was wrong? This report
    >>> <http://www.h-online.com/newsticker/news/item/Secure-deletion-a-single...>
    >>> says that a single overwrite of data with zeroes reduces the
    >>> probability of correct reconstruction of a single bit, under ideal
    >>> conditions, to 56%, that of a whole byte to 0.97%, anything more than
    >>> that ... well, you get the idea.

    >>
    >>I think that recovering original data from over-written tracks has
    >>always required a significant forensic effortwhich would be warranted in
    >>the most extreme cases eg national security concerns or where an enemy's
    >>HD containing cryptographic information becomes available. It may have
    >>required a microscopic examination of the platters bit by bit. Possibly
    >>if a HD or FD drive was adjusted so the head was to one side of the
    >>track it might pick up the residue of a deleted track. Higher data
    >>densities and tighter tolerances would nowadays make such an operation
    >>almost impossible.

    >
    > I always thought that they used to use the same techniques used now for
    > perpendicular recording. So they could get a previous write from a
    > lower layer of disk. Now that perpendicular recording is used, that
    > would not work very well at all. Of course, I really have no idea if
    > that is how or if it was able to be done - it was just a guess.


    That begs the question, how would they modify data located on a deeper layer? Multiple writes over
    the same part of the disc?


    --
    "Filtering the Internet is like trying to boil the ocean"
     
    Sweetpea, Apr 22, 2010
    #4
  5. Lawrence D'Oliveiro

    Me Guest

    On 22/04/2010 10:45 p.m., peterwn wrote:
    > On Apr 22, 7:35 pm, Lawrence D'Oliveiro<l...@geek-
    > central.gen.new_zealand> wrote:
    >> So Peter Gutmann was wrong? This report
    >> <http://www.h-online.com/newsticker/news/item/Secure-deletion-a-single...>
    >> says that a single overwrite of data with zeroes reduces the probability of
    >> correct reconstruction of a single bit, under ideal conditions, to 56%, that
    >> of a whole byte to 0.97%, anything more than that ... well, you get the
    >> idea.

    >
    > I think that recovering original data from over-written tracks has
    > always required a significant forensic effortwhich would be warranted
    > in the most extreme cases eg national security concerns or where an
    > enemy's HD containing cryptographic information becomes available. It
    > may have required a microscopic examination of the platters bit by
    > bit. Possibly if a HD or FD drive was adjusted so the head was to one
    > side of the track it might pick up the residue of a deleted track.
    > Higher data densities and tighter tolerances would nowadays make such
    > an operation almost impossible.
    >

    At the "national security" level, I'd expect that they'd be able to read
    analogue data from the disk. Because subsequent layers from
    zero-filling or writing supposed "random" bits can be read, that
    randomness is of little consequence, as it can be read and subtracted
    from the full signal uncovering an underlying analogue signal which can
    be reconstructed to binary. How many iterations of overwriting can be
    uncovered would be limited by s/n ratio of the recorded media.
    Much less difficult than trying to read an overwritten analogue audio
    tape, as in that case subtracting the (last) signal recorded is
    extremely difficult as an analogue sound signal is close to random,
    overwriting another layer which is close to random, so difficult to ever
    identify which part of the total analogue data to subtract.
     
    Me, Apr 23, 2010
    #5
  6. Lawrence D'Oliveiro

    Richard Guest

    Lawrence D'Oliveiro wrote:
    > So Peter Gutmann was wrong? This report
    > <http://www.h-online.com/newsticker/news/item/Secure-deletion-a-single-overwrite-will-do-it-739699.html>
    > says that a single overwrite of data with zeroes reduces the probability of
    > correct reconstruction of a single bit, under ideal conditions, to 56%, that
    > of a whole byte to 0.97%, anything more than that ... well, you get the
    > idea.


    Replaced sectors will still have traces of things that were overwritten
    after that sector was deemed failed.

    Remember all they are usually looking to do is prove that a file did
    exist on the HDD at some time.
     
    Richard, Apr 23, 2010
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. KerplunKuK

    Secure and non secure warnings

    KerplunKuK, Aug 24, 2004, in forum: Computer Support
    Replies:
    8
    Views:
    564
    Blinky the Shark
    Aug 24, 2004
  2. Jupiter

    Secure deletion.

    Jupiter, Apr 8, 2007, in forum: Computer Support
    Replies:
    4
    Views:
    554
    meerkat
    Apr 11, 2007
  3. Replies:
    0
    Views:
    616
  4. Replies:
    0
    Views:
    751
  5. RichA

    In-camera lens correction idea; myth or reality?

    RichA, Jan 27, 2012, in forum: Digital Photography
    Replies:
    7
    Views:
    387
    Bruce
    Jan 30, 2012
Loading...

Share This Page