Tody we were discussing about 32 times overwrite.
Is really possible to find something after an overwrite session?
Which tool do you sugegst?
Is really possible to find something after a degauss session?
best regards
If it was possible to recover data after 32 overwrites, then the capacity of drives could be 32 times larger - ie each overwrite could be recovered.
See here http//
From Beetle's link
"Since writing the above, I have noticed a comment attributed to Gutmann conceeding that overwritten sectors on "modern" (post 2003?) drives can not be read by the techniques outlined in the 1996 paper, but he does not withdraw the overwrought claims of the paper with respect to older drives. "
ie once overwritten, the data is gone - for 99.999999999% of the time
thanks, I will study the link
bye
Tody we were discussing about 32 times overwrite.
Is really possible to find something after an overwrite session?
Which tool do you sugegst?
Is really possible to find something after a degauss session?
best regards
Ow, come on, not again.
A single 00 pass makes any data unrecoverable by any software.
It is MAYBE and THEORETICALLY possible to recover SOME data from a single 00 pass by using specialized hardware (something that costs in excess of tens or pèossibly hundreds of thousands of dollars).
Any data (maybe) recovered with this latter method is NOT anyway "data", but rather "probability of data", and it will take AGES to "cover the surface" of a platter.
If something is effectively Degaussed, anything is GONE, FOREVER.
Some additional links/considerations are given in these threads
http//www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=2065
http//www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3237
http//www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=3387
http//www.forensicfocus.com/index.php?name=Forums&file=viewtopic&t=7640
Mind you the above are my personal opinions on the matter (BTW supported by known evidence and also by some of the "vague" additions to the Guttmann paper) but the original 35 (not 32) original passes have been demistyfied UNDOUBTEDLY by Mr. Guttmann himself
http//
Epilogue
In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now.Looking at this from the other point of view, with the ever-increasing data density on disk platters and a corresponding reduction in feature size and use of exotic techniques to record data on the medium, it's unlikely that anything can be recovered from any recent drive except perhaps a single level via basic error-cancelling techniques. In particular the drives in use at the time that this paper was originally written are long since extinct, so the methods that applied specifically to the older, lower-density technology don't apply any more. Conversely, with modern high-density drives, even if you've got 10KB of sensitive data on a drive and can't erase it with 100% certainty, the chances of an adversary being able to find the erased traces of that 10KB in 200GB of other erased traces are close to zero.
Another point that a number of readers seem to have missed is that this paper doesn't present a data-recovery solution but a data-deletion solution. In other words it points out in its problem statement that there is a potential risk, and then the body of the paper explores the means of mitigating that risk.
jaclaz
The reason, why disk drives that were in use for classified information have to be destroyed and not overwritten, is, that you can only write to sectors that are presented to you at the time of overwriting. Physical sectors containing sensitive data may have been remapped to spare sectors during the lifetime of the drive.
The reason, why disk drives that were in use for classified information have to be destroyed and not overwritten, is, that you can only write to sectors that are presented to you at the time of overwriting. Physical sectors containing sensitive data may have been remapped to spare sectors during the lifetime of the drive.
BUT using the internal ATA function Secure Erase even those are overwritten.
http//
Q What is secure erase?
A The ANSI T-13 committee which oversees the ATA (also known as IDE) interface specification and the ANSI T-10 committee which governs the SCSI interface specification have incorporated into their standards a command feature known as Secure Erase (SE). Secure erase is a positive easy-to-use data destroy command, amounting to “electronic data shredding.” It completely erases all possible user data areas by overwriting, including the so-called g-lists that contain data in reallocated disk sectors (sectors that the drive no longer uses because they have hard errors in them). SE is a simple addition to the existing “format drive” command present in computer operating systems and storage system software and adds no cost to hard disk drives. Since the Secure Erase command is carried out within a hard disk drive it doesn’t require any additional software to implement.
More in the quoted document
http//
jaclaz
Jetico's BCWipe Total WipeOut also claims to be able to wipe the DCO and HPA areas.
BCWipe Total WipeOut recognizes and can wipe Host Protected Area (HPA) on hard drives.
BCWipe Total WipeOut can identify the number of sectors hidden by the Device Configuration Overlay (DCO) function (present since ATA-6 standard) and can wipe the DCO hidden sectors.
Berntsson
The point of physical destruction of classified media is you know that it is 'gone'.
You eliminate operator error, software glitches, remapped sectors etc.
When I was working for the Feds we physically destroyed old drives by removing the platters. CDs and DVDs were run through specialized shredders. From time to time, if there were a lot of drives they would go to an automobile shredder.