Pre-empting the response to the above question, if the zone is on the same physical disk and you zero pass the physical disk I would say the zone would get wiped as well?
Ronan
We have to consider that we have two types of 'zones'.
The first type is the active zone, where the disk controller allows us access and data may be written.
The second type is the zone that the disk controller has decided not to address as it has some flaw. We cannot read or write to this physical area any more as the disk controller has marked it as flawed and the disk controller has taken a copy of this data and copied it to another active zone.
Hard disk manufacturers leave some space on the disk to allow this action to be performed and we are none the wiser. Our physical disk view is totally dependant on what the manufacturers disk controller allows us to see.
A good example of this is when disk manufacturers limit 500GB disks to 250GB disks simply because they may need to produce 250GB disks. The device is 500GB but we only see 250GB due to the disk controller being our interface.
I am not a hard disk data recovery expert but hopefully somebody who is may like to comment!
The following link contains a sample from a book where the power of the disk controller is mentioned.
http//
Cheers Neddy,
Do you need the controller to wipe a drive.
I thought that you could wipe a drive using any tool connected to the correct adapter without the need for any controller to interface with the drive?
Is there something special when wiping drives that use a controller? I presume you're referring to raid arrays when talking about this?
Ronan
Neddy
I think you are getting Zone Bit Recording mixed up with Spare sectors.
ALL ZBR doe sis record more sectors on the outer, longer, tracks than are recorded on the inner, shorter, tracks.
It is really irrelvant to this discussion
Ronan
If the drive supports the ATA advanced security specification then there is a command to get the drive to wipe itself. I used to supply a software package BXDR that could instruct a drive to wipe itself, including the secure wipe that also wipes the spare sectors. A link to the old BXDR manual is below so you can see what can be done and the technical info can be found in the ATA 3 spec.
http//
Hi Ronan,
The hard disk controller I am referring to exists as part of the hard disk itself, therefore you have no choice but to use it to interface with the physical disk. I am not referring to raid systems but rather single physical disks.
Hi Paul,
I have to presume that your reference to Spare sectors concerns the sectors used by the hard disk manufacturer to compensate for what is in effect 'bad clusters'.
If I am correct, error correction within a modern hard drive results in sectors that may still contain data and are not addressable by the host, spare sectors are then used to make up for this loss.
I did not mean to suggest that such error correction was a function of ZBR, rather that the zone once mapped by the ZBR addressing system becomes invisible to the host if deemed flawed due to error correction. The implication being, that this data is still there untouched.
I happily admit that I am not a data recovery expert but I do think that a single-pass wipe over a disk is sufficient for now anyway!
Paul, neddy, Ronan et al. - I've searched for a long time for a definitive yet accessible book which addresses these issues (and more) related to the inner workings of HDDs, does anyone have any recommendations?
Jamie
Page 120 of Forensic Computing a Practitioner's Guide by Sammes & Jenkinson (second Ed) mentions just this issue. Not in great depth and funny enough the same page is missing from this preview provided by Google
http//
Ah, yes, I have the first edition and flicking through it just now I'd forgotten just how good it is. I don't know if you're able to compare but is there a lot more (and more up to date stuff) on disk geometry in the 2nd ed.?
Now you've got me flicking through the rest of it too, it really is superb, my favourite CF book by some margin. Very tempted to pop over to Amazon right now…
Jamie
Just for the record
1-using ATA secure Erase, according to the guys at CMRR
http//
http//
Q What is secure erase?
A The ANSI T-13 committee which oversees the ATA (also known as IDE) interface specification and the ANSI T-10 committee which governs the SCSI interface specification have incorporated into their standards a command feature known as Secure Erase (SE). Secure erase is a positive easy-to-use data destroy command, amounting to “electronic data shredding.” It completely erases all possible user data areas by overwriting, including the so-called g-lists that contain data in reallocated disk sectors (sectors that the drive no longer uses because they have hard errors in them). SE is a simple addition to the existing “format drive” command present in computer operating systems and storage system software and adds no cost to hard disk drives. Since the Secure Erase command is carried out within a hard disk drive it doesn’t require any additional software to implement.
And
Q What are the various ways to sanitize data and what does each approach do?
A UCSD CMRR has established and tested protocols for software secure erase . Their security levels vary between the levels just discussed. Four basic security levels are defined, Weak erase (deleting files), block erase (external overwrite), Normal secure erase (current SE implementation), and Enhanced secure erase (see below). Block and Normal secure erase are intended for elimination of user data up to the Confidential level, and Enhanced secure erase for higher levels. The Enhanced level has recently been implemented in drives by Seagate, Fujitsu and Hitachi. These four erasure protocols exist because users make a tradeoff between the erasure security level and the erasure time required.
2 - Prof. Peter Gutmann has updated the known article
http//
with a "Further Epilogue", in response to the mentioned article by Dr. Craig Wright
http//
while - IMHO unneededly - commenting negatively some aspects of Dr. Wright's article, I presume in order to somehow "defend" his own original findings from attacks from people that evidently FAILED TO READ AND UNDERSTAND both of them, Prof. Gutmann once agains debunks himself the actual possibility to apply his original findings to modern drives
Any modern drive will most likely be a hopeless task, what with ultra-high densities and use of perpendicular recording I don't see how MFM would even get a usable image, and then the use of EPRML will mean that even if you could magically transfer some sort of image into a file, the ability to decode that to recover the original data would be quite challenging.
What I personally find "disturbing" in the "Further Epilogue", is this
OTOH if you're going to use the mid-90s technology that I talked about, low-density MFM or (1,7) RLL, you could do it with the right equipment, but why bother? Others have already done it, and even if you reproduced it, you'd just have done something with technology that hasn't been used for ten years. This is why I've never updated my paper (I've had a number of requests), there doesn't seem to be much more to be said about the topic.
And this
If anyone else is thinking of looking at this sort of thing, do please contact me in advance so that we can talk about it.
Unless, as unfortunately often happens to me, it is one of those days when my English comprehension is very low, it seems to me like Prof. Gutmann is trying to establish two things, both not of my personal liking
- that his original paper is perfect and noone else should never write anything on the same subject
- that should someone want to do so, he should contact before Prof. Gutmann in order to "talk"
As I see it, the original article is very good, very well written (with the minor exception of the use in it of the adjective "palimpsestuous" ;)) and, if properly read, exceptionally accurate. )
But, as stated in the introduction
This paper represents an attempt….
I cannot see any reason why further attempts cannot be carried on or cannot without a talk with Prof. Gutmann. 😯
jaclaz
Ah, yes, I have the first edition and flicking through it just now I'd forgotten just how good it is. I don't know if you're able to compare but is there a lot more (and more up to date stuff) on disk geometry in the 2nd ed.?
Jamie
Jamie,
I have the 2nd Ed, it does cover the topic briefly but I can not compare it to the 1st Ed.
I have recently attended the Forensic Computing Foundation course as taught by Prof Sammes, B. Jenkinson and G. Fellows where this topic was covered in more detail. I believe Prof Sammes has written a white paper on the subject but I have not been able to locate it.
Thanks Neddy, appreciate the reply.
Cheers,
Jamie