destorying the hard drive

[John John]

Mike Y wrote:

>>Nope that's a total myth.
>>No drive zero-wiped to government standards has even had any data
>
> recovered
>
>>from it.
>
>
> Actually, I'd suspect the 'government standard' is a myth. As far as I
> know, I've
> never been able to find ANY hard reference to a standard for wiping a drive,
> other than 'second/third' or a 'friend of a friend said that' kind of thing.

Which pretty well tells us a lot about your level of expertise in this
field.

US Dept of Defense Standard 5220.22-M
http://www.qsgi.com/usdod_standard_dod_522022m.htm

Before posting about hearsay and myths that you heard you should do a
bit of research.

John

 

[Mike Y]

"John John" <audetweld@nbnet.nb.ca> wrote in message
news:eT190Q1iIHA.1204@TK2MSFTNGP03.phx.gbl...
> Mike Y wrote:
>
> > "John John" <audetweld@nbnet.nb.ca> wrote in message
> > news:enRecXxiIHA.6084@TK2MSFTNGP06.phx.gbl...
> >
> >>Lee wrote:
> >>
> >>
> >>>Best advice yet is correct, but your advice on zero filled data is
> >>>totally incorrect.
> >>
> >>No, his advice is totally correct! I challenge you, or anyone reading
> >>these groups, to offer concrete proof that they can recover zero
> >>written/wiped files or to give us the names of data recovery firms who
> >>can do it.
> >>
> >>It cannot be done, it has never been done, no one has ever been able to
> >>do it and no one has ever been able to offer a shred of evidence that
> >>they have successfully recovered files on securely wiped disks.
> >>
> >>John
> >>
> >
> >
> > Special hardware can could overwritten data. Either with an analog
> > analysis or looking for bit shifts. Don't get confused in thinking that
> > digital is digital, it's still an analog media...
>
> That is not true, there is no such magical machine available at any cost
> that can recover data on securely wiped (zero filed) drives. No one can
> recover data on properly wiped drives, the notion that it can be done is
> nothing more than a myth.
>
> John

Well, when you say securely wiped, by that meaning multiple wipes, I agree.
(The most secure is to wipe multiple times with multiple and DIFFERENT
data)

Also, if you imply that there exists no machine that interfaces to the IDE,
then I also agree. At least, I've not heard of any. And I don't know of
any manufacturer that has backdoor hooks to allow the capabilities needed
to be implemented. (I'm not sure, but reasonably confident that most,
if not all, drives out there don't have the capability, even if a hacker had
ability to reprogram the firmware to do his bidding.)

However, there are TWO methods that will extract 'overwritten' info
from media. Both have strong points and caveats, and both involve
being able to access the drive other than through the 'user' interface.
Neither are 100% or secure, and neither can work through multiple
wipes. Or at least none that I know of can. But then...

It is NOT a myth.

The myth is telling people that it cannot be done.

Granted, it's beyond the abilities of almost any hacker I've heard of, but
it's NOT beyond the capabilities of manufacturers or certain organizations.

Risk to the consumer? Almost zilch.

But please don't come out with your blatant statement that it's a myth or
that it can't be done. You are just plain wrong, and either ignorant of
the technologies involved (I'll grant you that much) or are spouting a
'company line'. Which is it?

Mike

 

[Mike Y]

>
> Nope that's a total myth.
> No drive zero-wiped to government standards has even had any data
recovered
> from it.

Actually, I'd suspect the 'government standard' is a myth. As far as I
know, I've
never been able to find ANY hard reference to a standard for wiping a drive,
other than 'second/third' or a 'friend of a friend said that' kind of thing.

Yes, I've heard the '7-wipes with alternate data' thing. But I've never
seen
it where it could be formally referenced. Just hearsay.

 

[John John]

Mike Y wrote:

>>you will not be able to recover any data whatsoever on a wiped hard
>>drive, it can't be done, period!
>>
>>John
>>
>>And by the way, I do not work for any company that is in anyway involved
>>in the sale or development of anything to do with computer technology or
>>software.
>
>
> Well, I do, and did. I've been involved with the 380 chip set way back, and
> I do know a bit about how it and hard drives in general work. And while
> I've
> not personally done it, I AM aware of the technologies involved, the theory
> behind the technologies, and the practice implementing those technologies.
> Granted, I've not heard much about the techniques since drives moved into
> the ZBR (a LOT changed when drives went that route) world with the high
> speed transfers (compared to early MFM), but there's nothing in the
> techniques or theory that would make it impossible other than that the
> tools and techniques have to stay 'ahead of the game' the same way they
> were then.
>
> It's doable. Period!

It cannot be done! Period! It is a theory only and it has never been
proven! Not too long ago the US Department of Defense issued a tender
call for someone to provide methods to recover data from wiped drives
and no one stepped up to the plate to fill the tender request.

I invite you to contact all the data recovery experts and all the data
recovery companies out there and tell them that you have done a Secure
wipe on a drive and then ask them if they can recover your data. 99.98%
of them will outright tell you that they cannot recover the data on the
drive, they will tell you that they can't even recover the data if it
was simply overwritten once with other data, never mind secure wiping.
Go ahead search the net and email them all and find out for yourself!
Of the .02% remaining who tell you that they can .01% are lying and the
other .01% will tell you to expect to pay at least $100,000 to even
"try" to recover the data and they will make no guarantee of anything
other than you will end up $100,000 poorer!

The claims that data recovery can be made on wipe drives comes from Dr.
Gutmann's research where he has shown that using Magnetic Force
Microscopy he might be able to recover data from wiped drives. Even Dr.
Gutmann later stated that many were making Voodoo science of his
research and that some were making greatly exaggerated claims of
successful data recovery on wiped drives, Dr. Gutmann stated that the
claims were even more so exaggerated considering the size of today's
hard disks, his research was done on a different class of disks and when
disks were relatively small.

Using MFM or software that analyzes analog magnetic signals it is said
that data can be recovered from wiped drives but keep in mind that MFM
actually takes photographs of the bits where data is stored, quoting one
source:

"This pains taking process takes several months, and when it is finished
these pictures have to be stitched together.

Consider that a 20GB hard drive consists of 160, 000, 000, 000 bits.
Including overheads that could rise to around 300, 000, 000, 000 bits,
with each individual bit represented by a magnetic flux change. Since
each MFM picture displaying this flux change uses around 100 bytes, the
result is 40 Terabytes of data to be analyzed. Data recovery by this
means can cost 100, 000s of Dollars..."

And once again, there is no guarantee that the above procedure will
recover data. On today's hard disks of hundreds of GB such recovery
efforts would take thousands of man hours to gather and years to analize!

The plain and simple fact, as stated in one of the reference papers
below, is that: "Although such exotic methods of data recovery are
theoretically possible, and have even been discussed in the
peer-reviewed literature [11, 12], I have found no evidence of
commercially viable recoveries being performed with them. Furthermore,
I have seen no public demonstrations of any of these methods that show
the recovery of files or even user data – only images or raw encoded data."


John

J. Sawyer- MAGNETIC DATA RECOVERY - THE HIDDEN THREAT (PDF)
http://tinyurl.com/2mvkay

Recovering Unrecoverable Data - The Need for Drive-Independant Data
Recovery 527KB PDF.
Charles H. Sobey Published April 14, 2004.
http://www.actionfront.com/whitepaper/Drive-Independent Data Recovery
Ver14Alrs.pdf

Secure Deletion of Data from Magnetic and Solid-State Memory
Peter Gutmann
Department of Computer Science
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

Overwitten data: Why even the Secret Service can't get it back
http://www.computerworld.com/blogs/node/5756

Is overwritten data really unrecoverable?
http://blogs.computerworld.com/node/5687

Can Intelligence Agencies Read Overwritten Data?
http://www.nber.org/sys-admin/overwritten-data-guttman.html

Ontrack Eraser
http://www.ontrackdatarecovery.com/hard-drive-software/ontrack-eraser.aspx

Examining DoD-level secure erasure guidelines
http://searchsecurity.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid14_gci1273281,00.html

Secure Erase
http://cmrr.ucsd.edu/people/Hughes/CmrrSecureEraseProtocols.pdf
http://cmrr.ucsd.edu/people/Hughes/DataSanitizationTutorial.pdf
http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml

John

 

[Mike Y]

> you will not be able to recover any data whatsoever on a wiped hard
> drive, it can't be done, period!
>
> John
>
> And by the way, I do not work for any company that is in anyway involved
> in the sale or development of anything to do with computer technology or
> software.

Well, I do, and did. I've been involved with the 380 chip set way back, and
I do know a bit about how it and hard drives in general work. And while
I've
not personally done it, I AM aware of the technologies involved, the theory
behind the technologies, and the practice implementing those technologies.
Granted, I've not heard much about the techniques since drives moved into
the ZBR (a LOT changed when drives went that route) world with the high
speed transfers (compared to early MFM), but there's nothing in the
techniques or theory that would make it impossible other than that the
tools and techniques have to stay 'ahead of the game' the same way they
were then.

It's doable. Period!

I'll give you one hint... Writing a 0 or a 1 DOESN'T totally erase what is
under it. Can you understand that? All writing a 0 or a 1 does is put
(actually,
'TRY' to put ) flux transitions down on the media at specific points. Or
try to.
Data already down on the media will influence where those transitions
actually
end up being detected on readback (digital), or distortions in the signal
(analog) ...

I'm through arguing with someone who obviously doesn't know what they are
talking about. You just cannot prove something doesn't exist or that
something
is impossible. You're putting yourself in the same reference frame as
people
who said manned piloted aircraft will never exceed the speed of sound. Or
that rockets just couldn't carry enough fuel in a 'step rocket'
(multi-stage)
to make it to the moon. In both cases, relatively simple technology
advances
led to the solution to the problem. You just can't understand that the
technology you see and touch is not the only technology that may exist.

 

[Mike Y]

> Which pretty well tells us a lot about your level of expertise in this
> field.
>
> US Dept of Defense Standard 5220.22-M
> http://www.qsgi.com/usdod_standard_dod_522022m.htm
>
> Before posting about hearsay and myths that you heard you should do a
> bit of research.
>
> John

Ok, got me. Hmm, I'll bet that came well after... Well, I'll leave that
one
alone. But thank you for the reference.

What I was actually alluding to (and you failed to quote) was the off-touted
'7 times overwrite' often billed (by even the Norton Utilities WipeDisk at
one point) as an NSA standard. That I could never find a hard reference
to no matter how hard I looked.

I really do thank you for that link.

But you actually make my case. That you post something the government
is actually concerned about (because they CAN do it).

From a practical matter, data recovery is probably possible but not solid
at one overwrite, 'iffy' with two, and probably secure at three. And these
are with methods of mathematical analysis in 1993 or so that I'm sure
by now have come a long way. But that's just my gut call. Since drives
went ZBR how the data would interact to an overwrite may be radically
different than before. Who knows, it may be easier!

 

[Bill in Co.]

I certainly would expect that writing pseudorandom, or even identical, bytes
to each and every sector on the disk would make it nigh impossible to
recover anything, - IF that laboriously slow procedure was invoked. How it
could possibly be otherwise makes little sense to me - unless we operate
under the assumption that the electromagnetic writes are somewhat incomplete
(that is, the magnetic domains on the disk are not fully reversed (or
realigned) completely, but still have some very small residual leftover
effects (i.e. retentivity) from a previous write operation). (I'm an EE,
but I'm just making some basic assumptions here).

John John wrote:
> Mike Y wrote:
>
>>> you will not be able to recover any data whatsoever on a wiped hard
>>> drive, it can't be done, period!
>>>
>>> John
>>>
>>> And by the way, I do not work for any company that is in anyway involved
>>> in the sale or development of anything to do with computer technology or
>>> software.
>>
>>
>> Well, I do, and did. I've been involved with the 380 chip set way back,
>> and
>> I do know a bit about how it and hard drives in general work. And while
>> I've
>> not personally done it, I AM aware of the technologies involved, the
>> theory
>> behind the technologies, and the practice implementing those
>> technologies.
>> Granted, I've not heard much about the techniques since drives moved into
>> the ZBR (a LOT changed when drives went that route) world with the high
>> speed transfers (compared to early MFM), but there's nothing in the
>> techniques or theory that would make it impossible other than that the
>> tools and techniques have to stay 'ahead of the game' the same way they
>> were then.
>>
>> It's doable. Period!
>
> It cannot be done! Period! It is a theory only and it has never been
> proven! Not too long ago the US Department of Defense issued a tender
> call for someone to provide methods to recover data from wiped drives
> and no one stepped up to the plate to fill the tender request.

<snip>

 

[Mike Y]

"John John" <audetweld@nbnet.nb.ca> wrote in message
news:ORSKBd8iIHA.5152@TK2MSFTNGP02.phx.gbl...
> Mike Y wrote:
>
> >>Nope that's a total myth.
> >>No drive zero-wiped to government standards has even had any data
> >
> > recovered
> >
> >>from it.
> >
> >
> > Actually, I'd suspect the 'government standard' is a myth. As far as I
> > know, I've
> > never been able to find ANY hard reference to a standard for wiping a
drive,
> > other than 'second/third' or a 'friend of a friend said that' kind of
thing.
>
> Which pretty well tells us a lot about your level of expertise in this
> field.
>
> US Dept of Defense Standard 5220.22-M
> http://www.qsgi.com/usdod_standard_dod_522022m.htm
>
> Before posting about hearsay and myths that you heard you should do a
> bit of research.
>
> John

Found something else on that link. In a blurb about software they sell.

"The software has the flexibility to overwrite a hard drive up to 99 times.
Each additional overwrite further minimizes the possibility of recovering
any data."

Seems pretty obvious to me that they are concerned about someone reading
data after a single overwrite...

Granted, they sell the software so it means they are not neutral, but
still...

I'm done with this. Again, thanks for the link.

Mike

 

[Lil' Dave]

"Jim Madsen" <justme@nobody.com> wrote in message
news:%23ks9OztiIHA.5280@TK2MSFTNGP02.phx.gbl...
> My daughter has an old Gateway computer running Windows 98. She says no
> one wants it because it is slow and obsolete and she wants to turn it into
> the local recycling place.
>
> She is worried about (personal) data on the hard drive. I wonder if
> reformatting the HD will destroy all the data? My old W95 computer, I
> took the HD out and smashed it with a sledge hammer, but she doesn't want
> to do that.
>
> She took it to a computer store, and they offered to "hose" the HD and
> dispose of the computer for $50.00.
>
> Any suggestions?
>
> Jim

Its my understanding regarding using format.com that:

A quick format simply uses the current file allocation table, indicating
lack of file data in the previously written file allocation table. Does not
verify the data locations as usable.

A format (full) removes/wipes the current file allocation table, verifies
the usable writing area for data file storage, updates that for writing new
file allocation table, then, writes the new file allocation table.

In either case, the file data still exists. And, easily recoverable with
most current data recovery software.

As stated in another reply, zero-write utilities, for the most part, are
suitable for most purposes of preventing the locating of prior written
personal data. Forensic tools can still find such data though. These rely
on the latency of the magnetic field of each bit that may have existed due
to prior writes created by prior use.

Regarding unformat. Was last available in dos 6.22. Its purpose was to
revert to the prior file allocation table. One cannot write files in the
interim and expect full file data access. An immediate unformat is expected
after realizing formatting was a mistake on the user's part. FAT32 did not
exist in the time frame of dos 6.22.
--
Dave

 

[John John]

Lil' Dave wrote:

> As stated in another reply, zero-write utilities, for the most part, are
> suitable for most purposes of preventing the locating of prior written
> personal data. Forensic tools can still find such data though. These rely
> on the latency of the magnetic field of each bit that may have existed due
> to prior writes created by prior use.

FUD! There are no forensic tools available that can recover data on
securely wiped drives. If you think such tools exist please
substantiate your claim and post links to such tools or other verifiable
information.

John

 

[Gary S. Terhune]

Better calm down there, John John. Gonna blow a gasket. If the "recoverable
using special testing" story is a fairy tale, it's a harmless and rather
useful one, don't you think? You've posted your "proof", others have posted
other info. You've made your demands clear. Think maybe that's enough?

Besides, far as I can tell, the answer's the same: "Zero-fill the hard drive
once (or thrice.)"

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"John John" <audetweld@nbnet.nb.ca> wrote in message
news:uqQpngCjIHA.748@TK2MSFTNGP04.phx.gbl...
> Lil' Dave wrote:
>
>> As stated in another reply, zero-write utilities, for the most part, are
>> suitable for most purposes of preventing the locating of prior written
>> personal data. Forensic tools can still find such data though. These
>> rely on the latency of the magnetic field of each bit that may have
>> existed due to prior writes created by prior use.
>
> FUD! There are no forensic tools available that can recover data on
> securely wiped drives. If you think such tools exist please substantiate
> your claim and post links to such tools or other verifiable information.
>
> John

 

[Franc Zabkar]

On Fri, 21 Mar 2008 23:48:43 -0300, John John <audetweld@nbnet.nb.ca>
put finger to keyboard and composed:

>Mike Y wrote:
>
>>>Nope that's a total myth.
>>>No drive zero-wiped to government standards has even had any data
>>
>> recovered
>>
>>>from it.
>>
>>
>> Actually, I'd suspect the 'government standard' is a myth. As far as I
>> know, I've
>> never been able to find ANY hard reference to a standard for wiping a drive,
>> other than 'second/third' or a 'friend of a friend said that' kind of thing.
>
>Which pretty well tells us a lot about your level of expertise in this
>field.
>
>US Dept of Defense Standard 5220.22-M
>http://www.qsgi.com/usdod_standard_dod_522022m.htm
>
>Before posting about hearsay and myths that you heard you should do a
>bit of research.
>
>John

I tried to locate references to "overwriting" in the Feb 28, 2006
NISPOM document but was unable to. See either of the next two URLs.

DoD 5220.22-M, "National Industrial Security Program Operating Manual
http://www.dtic.mil/whs/directives/corres/html/522022m.htm

NISPOM, National Industrial Security Program Operating Manual
reissued February 28, 2006
http://www.fas.org/sgp/library/nispom.htm

However, the following URL led me to an April 1, 2004 "DoD overprint"
of the NISPOM document:
http://www.fas.org/sgp/library/nispom_dod_overprint_rev1.pdf

The DoD's NISPOM overprint has additional DoD stipulations, including
overwriting procedures. It seems to me that industry is not as
paranoid about rigorous data wiping as is the DoD. Then again, the
DoD's April Fools Day 2004 document is two years behind the current
2006 NISPOM.

- Franc Zabkar
--
Please remove one 'i' from my address when replying by email.

 

[Lil' Dave]

"John John" <audetweld@nbnet.nb.ca> wrote in message
news:uqQpngCjIHA.748@TK2MSFTNGP04.phx.gbl...
> Lil' Dave wrote:
>
>> As stated in another reply, zero-write utilities, for the most part, are
>> suitable for most purposes of preventing the locating of prior written
>> personal data. Forensic tools can still find such data though. These
>> rely on the latency of the magnetic field of each bit that may have
>> existed due to prior writes created by prior use.
>
> FUD! There are no forensic tools available that can recover data on
> securely wiped drives. If you think such tools exist please substantiate
> your claim and post links to such tools or other verifiable information.
>
> John

May take months to retrieve such data after its wiped like you indicate, but
it exists. Does not rely on a previously written file table. No one is
willing to spend that much time and patience nowadays for some trivial
personal data retrieval unless paid enough. And, since there is no
guarantee sensitive data like SS#, credit card #s, bank account #s were
previously written to an unknown wiped hard drive no one in their right
mind would spend such amount of time hunting such. That is why a simple
zero wipe is adequate.

http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html


--
Dave

 

[Bill in Co.]

I certainly would expect that writing pseudorandom, or even identical, bytes
to each and every sector on the disk would make it nigh impossible to
recover anything, - IF that laboriously slow procedure was invoked. How it
could possibly be otherwise makes little sense to me - unless we operate
under the assumption that the electromagnetic writes are somewhat incomplete
(that is, the magnetic domains on the disk are not fully reversed (or
realigned) completely, but still have some very small residual leftover
effects (i.e. retentivity) from a previous write operation). (I'm an EE,
but I'm just making some basic assumptions here!).

> John John wrote:
>> Mike Y wrote:
>>
>>>> you will not be able to recover any data whatsoever on a wiped hard
>>>> drive, it can't be done, period!
>>>>
>>>> John
>>>>
>>>> And by the way, I do not work for any company that is in anyway
>>>> involved
>>>> in the sale or development of anything to do with computer technology
>>>> or
>>>> software.
>>>
>>>
>>> Well, I do, and did. I've been involved with the 380 chip set way back,
>>> and
>>> I do know a bit about how it and hard drives in general work. And while
>>> I've
>>> not personally done it, I AM aware of the technologies involved, the
>>> theory
>>> behind the technologies, and the practice implementing those
>>> technologies.
>>> Granted, I've not heard much about the techniques since drives moved
>>> into
>>> the ZBR (a LOT changed when drives went that route) world with the high
>>> speed transfers (compared to early MFM), but there's nothing in the
>>> techniques or theory that would make it impossible other than that the
>>> tools and techniques have to stay 'ahead of the game' the same way they
>>> were then.
>>>
>>> It's doable. Period!
>>
>> It cannot be done! Period! It is a theory only and it has never been
>> proven! Not too long ago the US Department of Defense issued a tender
>> call for someone to provide methods to recover data from wiped drives
>> and no one stepped up to the plate to fill the tender request.
>
> <snip>

 

[Franc Zabkar]

On 24 Mar 2008 03:14:51 GMT, thanatoid <waiting@the.exit.invalid> put
finger to keyboard and composed:

>"Bill in Co." <not_really_here@earthlink.net> wrote in
>news:ux0Q6QSjIHA.5412@TK2MSFTNGP02.phx.gbl:
>
>> I certainly would expect that writing pseudorandom, or even
>> identical, bytes to each and every sector on the disk would
>> make it nigh impossible to recover anything, - IF that
>> laboriously slow procedure was invoked. How it could
>> possibly be otherwise makes little sense to me - unless we
>> operate under the assumption that the electromagnetic
>> writes are somewhat incomplete (that is, the magnetic
>> domains on the disk are not fully reversed (or realigned)
>> completely, but still have some very small residual
>> leftover effects (i.e. retentivity) from a previous write
>> operation). (I'm an EE, but I'm just making some basic
>> assumptions here!).
>
>This idea - as *fact* - was presented in a thread with the same
>subject (I wonder just HOW many of those there have been by now)
>by someone a few years ago. He claimed a "residue" of whatever
>is written to a HD /REMAINS/ even if you write over it a bunch
>of times - something like: new drive, zero-formatted - 100%
>magnetic signal retention, second write in the same sector -
>95%, third 90%, etc. I pointed out that simple logic would
>dictate that if anything like this was true, all drives would
>fail within a few weeks of being installed. There was no reply.

Yeah, that makes sense. At the risk of taking this subject off topic,
it may be interesting to note that "hifi" VCRs record audio and video
on the same track, albeit with separate audio and video heads. The
audio information is buried deep under the video information, and is
recorded with a 30 degree azimuth angle to minimise crosstalk.
Although it's a completely different technology, and it has no
relevance to HDDs, it does demonstrate that it is possible to recover
two independent streams of information from the same magnetic track.

- Franc Zabkar
--
Please remove one 'i' from my address when replying by email.

 

[Mike Y]

From: "thanatoid" <waiting@the.exit.invalid>

>This idea - as *fact* - was presented in a thread with the same
>subject (I wonder just HOW many of those there have been by now)
>by someone a few years ago. He claimed a "residue" of whatever
>is written to a HD /REMAINS/ even if you write over it a bunch
>of times - something like: new drive, zero-formatted - 100%
>magnetic signal retention, second write in the same sector -
>95%, third 90%, etc. I pointed out that simple logic would
>dictate that if anything like this was true, all drives would
>fail within a few weeks of being installed. There was no reply.

I think you're missing the distinction between analog and digital. HD's
record digital data as flux transitions, but the flux transitions can be
considered analog. When you read data back, the drive electronics
look for the transitions, and the timing of the transitions determine
what the data is. Distortions in the signal, as long as the drive
data-separator can still pull out the signal, will not affect what the
drive reads and reports as data. Underlying data can cause
timing distortions, but as long as the data-separator circuits detect
the transition within the window, the drive electronics will pull
out clean data. How dirty or distorted the signal is makes no
difference. In fact, it can be VERY dirty before the circuits will
loose lock and actually generate an error.

The main point of the drive electronics is to hide all the other stuff
from the user, and present to the user the data they are looking for.
It, by design, pulls out the latest and strongest signal and ignores
all else.

 

[John John]

Lil' Dave wrote:
> "John John" <audetweld@nbnet.nb.ca> wrote in message
> news:uqQpngCjIHA.748@TK2MSFTNGP04.phx.gbl...
>
>>Lil' Dave wrote:
>>
>>
>>>As stated in another reply, zero-write utilities, for the most part, are
>>>suitable for most purposes of preventing the locating of prior written
>>>personal data. Forensic tools can still find such data though. These
>>>rely on the latency of the magnetic field of each bit that may have
>>>existed due to prior writes created by prior use.
>>
>>FUD! There are no forensic tools available that can recover data on
>>securely wiped drives. If you think such tools exist please substantiate
>>your claim and post links to such tools or other verifiable information.
>>
>>John
>
>
> May take months to retrieve such data after its wiped like you indicate, but
> it exists.

No, Dave, it does not exist. No one has ever been able to do this, not
even Dr. Gutmann himself. It is nothing but a myth that started when
Perter Gutmann released his "famous" paper.

John

 

[John John]

There is only one controlled and verifiable experiment that I know of
where data was "apparently" recovered on a wiped drive, this is the so
called "HelpHelp" test conducted by researchers at the Center for
Magnetic Recording Research at the University of California. The test
was conducted to determine the efficacy of Secure Data Erasure.

Before anyone makes assumption that this proves that data recovery is
possible on securely wiped drives they should read the papers that
detail how the test was conducted. In particular they should note the
following "skewed" factors which gave the researchers every possible
advantage in their search for the overwritten data, their mission was to
defeat secure data erasure and to help them all the odds were purposely
stacked in their favour:

1- The researchers had to know what to look for and where to look for
it, in the case of this test they were specifically told to look for the
written bits "helphelp" on a certain track on the disk. Without knowing
what to look for and where to look for it the researcher didn't have a
clue as to what they were looking at or seeing with their fancy tools!

2- The disk track where the helphelp bits were written was completely
wiped and tested before hand, this ensured a clean track and that the
only written bits on the track before the second test wipe were
"HelpHelp". As if condition 1 above wasn't skewed enough in favour of
the test, there were no other possible bits to weed through other than
the helphelp bits!

3- The researchers had to know the overwriting pattern of the wiping
software, when the overwriting was random and unknown the researchers
couldn't find the "helphelp" bits.

4- When two wipes were done on the drive the researchers couldn't find
the "helphelp" bits, the one pass wipe done for the test was hardly a
secure wipe!

What it boils down to is that in the end the test proved conclusively
that data recovery was impossible on securely wiped drives, the
effectiveness Secure Erasure was confirmed beyond the shadow of a doubt.

Here is one paper which mentions the so-called "HelpHelp" test:

Secure Erase of Disk Drive Data (PDF, 294kb)
Gordon Hughes and Tom Coughlin
http://www.tomcoughlin.com/Techpapers/Secure Erase Article for IDEMA, 042502.pdf

John


Bill in Co. wrote:

> I certainly would expect that writing pseudorandom, or even identical, bytes
> to each and every sector on the disk would make it nigh impossible to
> recover anything, - IF that laboriously slow procedure was invoked. How it
> could possibly be otherwise makes little sense to me - unless we operate
> under the assumption that the electromagnetic writes are somewhat incomplete
> (that is, the magnetic domains on the disk are not fully reversed (or
> realigned) completely, but still have some very small residual leftover
> effects (i.e. retentivity) from a previous write operation). (I'm an EE,
> but I'm just making some basic assumptions here!).
>
>
>>John John wrote:
>>
>>>Mike Y wrote:
>>>
>>>
>>>>>you will not be able to recover any data whatsoever on a wiped hard
>>>>>drive, it can't be done, period!
>>>>>
>>>>>John
>>>>>
>>>>>And by the way, I do not work for any company that is in anyway
>>>>>involved
>>>>>in the sale or development of anything to do with computer technology
>>>>>or
>>>>>software.
>>>>
>>>>
>>>>Well, I do, and did. I've been involved with the 380 chip set way back,
>>>>and
>>>>I do know a bit about how it and hard drives in general work. And while
>>>>I've
>>>>not personally done it, I AM aware of the technologies involved, the
>>>>theory
>>>>behind the technologies, and the practice implementing those
>>>>technologies.
>>>>Granted, I've not heard much about the techniques since drives moved
>>>>into
>>>>the ZBR (a LOT changed when drives went that route) world with the high
>>>>speed transfers (compared to early MFM), but there's nothing in the
>>>>techniques or theory that would make it impossible other than that the
>>>>tools and techniques have to stay 'ahead of the game' the same way they
>>>>were then.
>>>>
>>>>It's doable. Period!
>>>
>>>It cannot be done! Period! It is a theory only and it has never been
>>>proven! Not too long ago the US Department of Defense issued a tender
>>>call for someone to provide methods to recover data from wiped drives
>>>and no one stepped up to the plate to fill the tender request.
>>
>><snip>
>
>
>

 

[Gary S. Terhune]

You now have a case of battling scientific papers, and you're going to have
to do a lot more than just insist that you're guy's right. Or rather, you
should give it up until Gutmann himself fess's up. From where I sit, the
more you yell, the lower your credibility goes. Provide your references to
the best of your ability and then let them speak for themselves.

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"John John" <audetweld@nbnet.nb.ca> wrote in message
news:eCgWqSajIHA.4868@TK2MSFTNGP03.phx.gbl...
> Lil' Dave wrote:
>> "John John" <audetweld@nbnet.nb.ca> wrote in message
>> news:uqQpngCjIHA.748@TK2MSFTNGP04.phx.gbl...
>>
>>>Lil' Dave wrote:
>>>
>>>
>>>>As stated in another reply, zero-write utilities, for the most part, are
>>>>suitable for most purposes of preventing the locating of prior written
>>>>personal data. Forensic tools can still find such data though. These
>>>>rely on the latency of the magnetic field of each bit that may have
>>>>existed due to prior writes created by prior use.
>>>
>>>FUD! There are no forensic tools available that can recover data on
>>>securely wiped drives. If you think such tools exist please substantiate
>>>your claim and post links to such tools or other verifiable information.
>>>
>>>John
>>
>>
>> May take months to retrieve such data after its wiped like you indicate,
>> but it exists.
>
> No, Dave, it does not exist. No one has ever been able to do this, not
> even Dr. Gutmann himself. It is nothing but a myth that started when
> Perter Gutmann released his "famous" paper.
>
> John
>

 

[John John]

I have had private email conversations with Peter Gutmann on this
subject and he has told me that he was never able to recover data on a
wiped drive, all he could ever do was show presence of previous data, he
could not tell what the previous data was. His method was offered as a
theoretical method of data recovery, he used it to reinforce the need
for secure deletion methods. Read the Epilogue in his paper. In my
conversation with him I asked him if he knew if anyone had ever used his
method to recover data on a wiped drive, to which he replied that he
knew of none who had. He knew of one person working for a hard drive
manufacturer who had done research on the matter but to his knowledge
the research led nowhere. Dr. Gutmann would not give me the name or
address of this researcher because he (the researcher) was doing this
research without his employer's knowledge or explicit consent, Peter did
not want to put this person in an "uncomfortable" position.

John

Gary S. Terhune wrote:
> You now have a case of battling scientific papers, and you're going to
> have to do a lot more than just insist that you're guy's right. Or
> rather, you should give it up until Gutmann himself fess's up. From
> where I sit, the more you yell, the lower your credibility goes. Provide
> your references to the best of your ability and then let them speak for
> themselves.
>