Security Basics mailing list archives
Re: Interesting One
From: Greg van der Gaast <greg.van.der.gaast () ordina nl>
Date: Fri, 01 Nov 2002 14:11:48 +0100
This is exactly what I meant. The magnetic trace elements that are left off to the sides of the track can contain data from a write to that location that has since been overwritten, multiple times. This trace information even layers, to some degree, making it possible to actually see what was on the same specific area of the drive at different times. Much like layers of sedimentory rock.
There are limits to this as you can only have a fixed X number of layers with a fixed amount Y of magnetic material. I hope it's obvious to everyone here that any material off to the side of the tracks isn't going to be recoverable by any software method as the read thereof is beyond the hardware of the drive.
Regards, Greg van der Gaast Where do you want to hit your account manager today? (tm) Chet Uber wrote:
Fact: You cannot read the drive if it is overwritten without being able to manipulate the path of the drive head. I do not mean deleting a file in DOS,I mean overwriting the drive with dd for example. What they are talking about is that the edges of the tracks have data still, and you candisassemble the drive and use force microscopy to read what is left. This isa well known issue.The overwritten by X times is irrelevant if you are trying to recover usingsoftware. You cannot recover these drives. http://www.c3i.osd.mil/org/cio/doc/computerdisposal.doc . Chet Uber ----- Original Message ----- From: "Greg van der Gaast" <greg.van.der.gaast () ordina nl> To: <security-basics () securityfocus com> Sent: Wednesday, October 30, 2002 4:53 AM Subject: RE: Interesting OneLast I heard from some DoD/NIPC people (and this was well over a year ago) is that they were able to successfully retrieve at least partial information off a disk that had been overwritten 153 times. Assume that (at least government) forensic techniques have improved since. Hope this helps! Regards, Greg van der Gaast Ordina Public SDS West Security Services -----Oorspronkelijk bericht----- Van: Carol Stone [mailto:carol () carolstone com] Verzonden: Tuesday, October 29, 2002 9:58 PM Aan: security-basics () securityfocus com Onderwerp: Re: Interesting One I don't know much about this, but yesterday I read in one of the later chapters of Bruce Schneier's book, "Secrets and Lies," (link to amazon follows) that over-writing data on a disk does *not* completely obliterate it, it just makes it a lot more difficult to recover with each over-write. I believe he said just how many re-writes were still recoverable was a secret one of our governmental organizations wasn't about to give up. I'll look at my book later when I have it in my hands and see if I can't find part and post a pointer to *his* reference. -carol http://www.amazon.com/exec/obidos/tg/detail/ - /0471253111/qid=1035924654/sr=8-3/ref=sr_8_3/104-4454644-5987143? v=glance&n=507846Greetings Folks, I had an interesting conversation today with someone from FAST (Federation Against Software Theft) They pretend not to be a snitch wing of theBSA.Anyway, to get to the point, the guy that came to see me said thattheirforensics guys could read data off a hard drive that had been written over up to thirty times. I find this very hard to believe and told him I thought he was mistaken but the guy was adamant that it could be done. My question is, does anyone have any views on this, or, can anyone point me to a source of information where I can get the facts on exactly how much data canberetrieved off a hard drive and under what conditions etc etc. Thanks Dave Adams This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Messages sent to and from John Crowley (Maidstone) Ltd may be monitored. Internet communications cannot be guaranteed to be secure or error-freeas information could be intercepted, corrupted, lost, destroyed,arrivelate or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If verification is required, please request a hard-copy version. Any views or opinions presented are solely those of theauthorand do not necessarily represent those of John Crowley (Maidstone)Ltd.-- Real people for the virtual world. http://www.elirion.net
Current thread:
- RE: Interesting One lvickers (Oct 31)
- <Possible follow-ups>
- RE: Interesting One Jimmy Liang (Oct 31)
- Re: Interesting One easy (Oct 31)
- RE: Interesting One Michael Vaughan (Oct 31)
- Re: Interesting One Candice Ward (Oct 31)
- RE: Interesting One Tim Donahue (Oct 31)
- RE: Interesting One Carol Stone (Oct 31)
- RE: Interesting One Rygg Christian (Oct 31)
- RE: Interesting One Trevor Cushen (Oct 31)
- Re: Interesting One ONEILL David J (Nov 01)
- Re: Interesting One Greg van der Gaast (Nov 01)
- RE: Interesting One Leonard.Ong (Nov 01)
- RE: Interesting One Holmes, Ben (Nov 01)
- RE: Interesting One Trevor Cushen (Nov 01)
- Re: Interesting One Meritt James (Nov 01)
- Re: Interesting One Chet Uber (Nov 01)
- Re: Interesting One Pablo Gietz (Nov 01)
- RE: Interesting One Rodney, John (Nov 01)