> On Apr 4, 2022, at 10:20 AM, Jules Richardson via cctalk
> <[email protected]> wrote:
>
> On 4/3/22 10:51, Eric J. Korpela via cctalk wrote:
>> drive removed and destroyed for privacy reason.
>
> For those in the know, how much success - assuming a "money is no object"
> approach - do data recovery companies have in retrieving data from drives
> that have a) been overwritten with zeros using dd or similar, and b) been
> overwritten with random data via a more comprehensive tool?
There's a research group in, I think, UCSD which studies that question. From
what I recall, in modern hard disk drives with microscopic tracks and not a
whole lot of margin anywhere, one overwrite is plenty good. The legendary
multiple erase schemes are mostly rumors -- I looked long and hard for the
supposed government standards that specify these and found they don't seem to
exist -- and no longer useful.
SSDs are a different story entirely because there you don't write over the
actual data; instead a write updates internal metadata saying where the most
recent version of block number xyz lives. So, given that you tend to have a
fair amount (10 or 20 percent if not more) of "spare space" in the SSD,
previous data are likely to be hanging around. I suspect if you write long
enough you could traverse all that, but how to do that depends on the internals
of the firmware. That's likely to be confidential and may not even be reliably
known.
There are SSD SEDs. If designed correctly those would give you
cryptographically strong security and "instant erase". Not all disk designers
know how to do these designs correctly. If I needed an SED (of any kind) I'd
insist on a detailed disclosure of its keying and key management. Prying that
out of manyfacturers is hard. I've done it, but it may be that my employer's
name and unit volume was a factor.
paul
