[clug] Re: More (almost free) stuff. - 3.5" WD 200GB IDE - $10

Paul Wayper paulway at mabula.net
Tue Sep 9 12:40:01 GMT 2008

Hash: SHA1

Ian wrote:
| I have heard a technique described to recover data from an overwritten
| drive - no idea whether it would actually work or not though.
| The idea is that you would hook up some sort of digital oscilloscope
| directly to the read head to be able to observe the magnetic pattern
| on the disk as the head reads it and compare that to what the drive
| tells you is in that location. You build up a profile of what a 1
| generally looks like by taking the profile of every individual 1 on
| the disk and averaging them together, do the same for every 0. Then
| you go through and for every bit on the disk you subtract the average
| profile from the individual profile. This will leave you with a new
| much more subtle profile left over from whatever data was in that
| location on the disk previously. Repeat the process however many times
| the disk was overwritten - as you can imagine the recoverability of
| the data would be dependant on the sensitivity of the head &
| oscilloscope and how many times the data has been overwritten since
| the left over profile will be harder to detect for each overwrite.
| More overwrites will require more expensive equipment to recover the
| data with.

This is more or less what they do to recover data when it has been overwritten
by amateurs.  They also look at the cylinder edges, noting that sometimes the
head may have not perfectly aligned with the sector and may be hanging over in
one direction or another.

This is why the most common methods of securely erasing a disk work by writing
multiple passes of randomly-chosen combinations of patterns specifically
designed to cause patterns that include long(ish) runs of zeros or ones,
random data, and other patterns.  Twenty-six rewrites is the usual margin of
comfort for secure data destruction.  After reading that first layer, the
second layer will be that much harder to detect, and so forth down to the
coercivity limit of the media.

So it's _plausible_.  It requires hardware beyond the standard equipment used
for reading drives (which is why that challenge is so bogus), equipment that
is probably standard only in very expensive, very secret labs.

Realistically, by the same argument, I think there's probably a fairly good
case for just writing twenty-six alternating all-ones and all-zeros layers.
By the time the medium has been switched back and forth that much you've
probably removed any chance of a signal remaining above the limit of random
noise in the magnetic media.  But the paranoid amongst us prefer to make it
just that little bit more difficult to work backwards.

The thing that annoys me is, ultimately, the truly paranoid argue for burning
the drive in a furnace.  This is a waste of a perfectly good functioning hard
disk, often (since the real application of this kind of security is in
corporate and government data centres) a fairly costly one.  Effectively these
people are throwing more of your and my money down the drain in the name of
paranoia without any real proof that their actions are saving any money.  It's
all security theatre.

Have fun,

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org


More information about the linux mailing list