On Wed 19 Aug 2015 00:00:39 NZST +1200, Adrian Mageanu wrote: > From memory, the method described was a combination of utilities of > which I can only remember photorec, and one of the forensic techniques > described (among others) was a way to read the disk by offsetting the > head left and right by only tiny amounts for each pass.
Let's forget about photorec, that's just the example for piecing bits together again when your recovered data ins incomplete. The details of the forensic discussion would tell whether the author knows what they're talking about. Heaps of reference has been made to Gutmann's paper and people wrote heaps of software, while forgetting that it all no longer applies to their drives... If you read "data can be recovered after dd" establish what kind of drive it applies to, if it doesn't say or it's a 90s drive put it on the joke pile. Micro stepping the head in a modern drive is about the only way for Joe Smallfry to get anything at all. Let's assume the firmware is capable of that, and that it has functions for that, because it's how the drive itself finds the middle of the track. Once upon a time drives had elaborate mechanisms to deal with thermal expansion etc, these days you don't care, you just micro-step until you can read something and then you stay with that calibration until your read error rate goes North. These commands are not user visible, but assume they're user accessible as long as you discover the secret command byte for them. Assume this is possible easily (record commands from the manufacturer's disk test utility etc). Btw all IDE/ATA drives are controlled by SCSI commands and always have been, just the connector is different from SCSI, the rest's the same. Back in Gutmann's days write heads were 3 times (or whatever) as wide as read heads, these days in a cut-throat market noone wastes 2/3 their capacity. How much wider do you reckon the write head is now when you can micro-step to the middle? Don't expect spare space between the tracks or any other some such capacity waste. When the drive operates normally, the read error rate is distinctly non-zero. It just hides it from the user with error correction. When you dd zeroes over the track, well-positioned because you can't afford to damage the adjacent tracks, destroying say 90+% of the magnetic recording, your error correction will quickly become non-functional. I believe I've read a paper/etc about that sometime, but I won't find it. Chances of success were minimal and very deep pockets were needed. So when I hear "can recover data after dd" I want to know how exactly, and with discussion of all the points above, otherwise it goes on the "jokers" pile (and don't waste any more time on photorec etc please, we're only interested in getting data back, not what to do with it afterwards). The totally safe way to destroy data is to de-magnetise the platter. It's probably easiest for lay people to heat it above the temperature to which the material stays magnetised. Otherwise, totally encrypt the disk over its entire lifetime. Or, my conclusion, you can't practically improve on dd without disk destruction. I'm happy to hear corrections... Volker -- Volker Kuhlmann http://volker.top.geek.nz/ Please do not CC list postings to me. _______________________________________________ Linux-users mailing list Linux-users@lists.canterbury.ac.nz http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
