[clug] Re: More (almost free) stuff. - 3.5" WD 200GB IDE - $10

Michael Cohen scudette at gmail.com
Tue Sep 9 13:56:29 GMT 2008


On Tue, Sep 9, 2008 at 10:40 PM, Paul Wayper <paulway at mabula.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ian wrote:
> | I have heard a technique described to recover data from an overwritten
> | drive - no idea whether it would actually work or not though.
> |
> | The idea is that you would hook up some sort of digital oscilloscope
> | directly to the read head to be able to observe the magnetic pattern
> | on the disk as the head reads it and compare that to what the drive
> | tells you is in that location. You build up a profile of what a 1
> | generally looks like by taking the profile of every individual 1 on
> | the disk and averaging them together, do the same for every 0. Then
> | you go through and for every bit on the disk you subtract the average
> | profile from the individual profile. This will leave you with a new
> | much more subtle profile left over from whatever data was in that
> | location on the disk previously. Repeat the process however many times
> | the disk was overwritten - as you can imagine the recoverability of
> | the data would be dependant on the sensitivity of the head &
> | oscilloscope and how many times the data has been overwritten since
> | the left over profile will be harder to detect for each overwrite.
> | More overwrites will require more expensive equipment to recover the
> | data with.
>
> This is more or less what they do to recover data when it has been
> overwritten
> by amateurs.  They also look at the cylinder edges, noting that sometimes
> the
> head may have not perfectly aligned with the sector and may be hanging over
> in
> one direction or another.

I doubt very much that such a technique would work. according to
http://www.patentstorm.us/patents/6408419/claims.html the actual
magnetic encoding on the disk has nothing to do with north/south pole
representing 1s and 0s. The actual data is encoded in such a way that
the decoder has the highest probabililty of deducing the data based on
the statistical response of the magnetic media. The data is also error
corrected heavily because the noise floor is very high. The result is
that even over writing it with 0s ( note that 0s actually get
translated to a complex patten by the encoder because you cant have a
long run of zeros on the actual platter) will affect the statistical
signal so much that there will be very little left over from previous
data. The reason is that the system is running so close to the noise
floor that any interference makes it fall below the noise floor -
there just is no margin there.

As an aside, these days it makes no sense to have unencrypted drives
anyway - if your drive is encrypted you dont really care if someone
can read it, and you can dispose of it without having to dd it very
much (maybe just the headers with the encrypted keys if you are really
paranoid).

> The thing that annoys me is, ultimately, the truly paranoid argue for
> burning
> the drive in a furnace.  This is a waste of a perfectly good functioning
> hard
> disk, often (since the real application of this kind of security is in
> corporate and government data centres) a fairly costly one.  Effectively
> these
> people are throwing more of your and my money down the drain in the name of
> paranoia without any real proof that their actions are saving any money.

Most of the other equipment is sold off at auction with very little
money recovered going back to the organization anyway (most gets
cyphoned off by auctioneer fees, charges etc). So its not as big a
different as you might think to destroy the harddrive or to sell it
off.

>  It's
> all security theatre.

Isnt everything? Quite often the simplest solutions are the most
secure but they are as spectacular as this.

Michael.


More information about the linux mailing list