Since everyone is talking about scrubbing, if i zero out a hard disk using linux, how much chance is there to retrieve data using forensic tools?
If you have any suggestion, do help me? I tested on both encase and ftk and they cant recover or carve anything. (maybe I do not know the proper method for my futile result?)
thanks and regards
Since everyone is talking about scrubbing, if i zero out a hard disk using linux, how much chance is there to retrieve data using forensic tools?
If you have any suggestion, do help me? I tested on both encase and ftk and they cant recover or carve anything. (maybe I do not know the proper method for my futile result?)
There is a zero chance of recovering anything at all with software alone, if the wipe was done correctly.
The chance of recovering anything useful with hardware of some sort depends on your level of magician skills. I believe this is zero as well, personally. Bad blocks and misregistration notwithstanding.
Thanks Gromit. Basically I just did a simple dd if=/dev/zero of=/dev/sda. Good enough not to allow third party to recover?
Thanks Gromit. Basically I just did a simple dd if=/dev/zero of=/dev/sda. Good enough not to allow third party to recover?
Recover what? The third party still has the opportunity to tweak the defect list of the drive (assuming standard ATA drive), and recover the contents of the defective sectors. While they may contain defects, it need not be more than one single bit, and that can be recoverable in certain context. dd can't do anything about those – nor, as far as I know, does DBAN.
If you really want to clean out modern ATA drive, use a program that does ATA SECURE ERASE.
Hi Athulin
guess i know where you are coming from and I watched the video by scott moulton on hacking hard drives for data recovery. ATA secure erase is indeed more preferred.
However, sometimes I do use dd to wipe as there are just too many hard disks and i utilises the target machine to boot from CD or flash drive and hit the dd command. This way, i can wipe as many machines as i can over a short period of time. So long it takes certain experience and skill set to recover from a dd wiped drive, I am comfortable with the idea.
Thanks again.