On Tue, Apr 26, 2011 at 10:32:28AM -0600, Nicholas Leippe wrote: > Well, it only takes a single 0 pass to sufficiently make the data > unrecoverable w/o extremely expensive forensics (you will have to use > a microscope directly on the platter and attempt to read residual > signal levels--which will be complicated by the drive's internal > signal encoding scheme. But, on 1TB it will still take a few hours > even for that first pass.
I would like to see evidence that, given todays drive densities and
recording techniques, someone or some company have successfully recovered
data after a single pass of zeros on the disk level.
Suppose it is possible. Then the speed at which to recover 1TB of
single-pass, overwritten data would take ages, not a few hours like you
presume. Consider the following snippet from [1] using an MFM:
As a very rough approximation, if a 3 1/2” disk is to be imaged and the
MFM can scan and move to the next area in one minute (quite fast!). It
would take about 60 weeks of 24 hour/day operation to scan one surface.
If the disk surface holds 50GB of data, for example, the image files
that would be generated from the MFM would be many times this amount –
perhaps generating tens of terabytes of image information to analyze.
For example, all of these individual images would need to be stitched
together into a complete disk image and a software image processing
algorithm would need to be used to 1) servo on each track and 2)
generate the read gate to indicate the beginning and ending of each
sector. Finally a signal from the center of the track image would need
to be generated as a readback signal, detected, decoded and assembled
into useful files.
Nevermind getting the actuator of the MFM perfectly aligned with the track
locations on the platters, a daunting task, so the data is correctly read
in consecutive bit order.
1: http://goo.gl/mIwFr (PDF)
For some reason, we as geeks have this romanticized idea in our heads that
government agencies just throw the platters at a microscope, read the data,
and use some mega-quantum-super-computer to parse the data, and reconstruct
the overwritten bits before lunch. The fact of the matter is, getting data
off a disk that HASN'T been overwritten is daunting in and of itself, as
that paper I have linkd to confirms. And you want to get at overwritten
data, yet you think that if you didn't do the 35 Gutmann pass, it's not
good enough.
I guess I'm skeptical, but the NSA only required 3 passes, and that is
because there are older disks that don't have the recording density of
of today's drives.
But, your point is taken. Even for a single pass of a 1TB disk, it takes a
few hours, assuming the drive can cruise alonge at say 50 MBps. That might
just be too long, before SWAT kicks down your door, wakes your children
with guns in their faces, and everyone is in a screaming match. And all you
overwrote was 300GB. Bummer. Maybe next time, you'll use an encrypted
filesystem? :)
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
signature.asc
Description: Digital signature
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
