How do you know the history of bits though?
---- = blank space
----[FILE 1]----------
(delete file 1)
-------[FILE 2]-------
0000111222222000000 (how much history this memory has)
So they look at see no history for a few, then they see a history of 1 for the very first part of FILE 1, then they hit some bits that have a history of 2. And they just go back in time over bits that have different amounts of history? How much history is there anyway? Say I did that diagram 32 times deleting and adding file1 and file 2 in those same spaces with images of the same exact size. So if you dont know the history since the life of the HD, you cant know which history to grab, because you have no boundaries to know where a specific file had history. Right?
Files can always be recovered no matter what you do...
It may be possible for very well funded governmental institutions or multinational corporations
Money can't buy what isn't there.
In the 90s the "Gibson" was a romantic take on what big companies and money had. But the reality was much more mundane. Sure, the Cray was stylish, the kid who brought O2 to the party was the chick magnet, but at the end of the day, it was just POSIX, same as 30 years ago and today, running ls and chmod.
As mentioned, I don't know of a single published case where an erased drive, even in perfect condition, were recovered, excluding the possibility of MFM (10MB or less drives).
Unfortunately, education should show the latest greatest, not old-wives lore of yesterday. Some 8 years ago I read a publication on scientists who managed to decode wire signal from LED on back of network card using a telescope (peek from across the street, read network traffic). Limited in application due to responses and network rates going higher, but still, a valid experiment. Recently, researchers managed to correlate smart meter readings with TV channel selection based on dark/bright image which cause power consumption fluctuations in TVs. Again of limited use, but an old and proven concept. A slightly different technique but also much more reliable was developed a decade or two ago and in some cases fell under privacy regulation, since meter could deduce individual appliance usage based on current phase changes completely accurately.
Yet there is not a single mention of erased HDD information ever successfully read, not even a single bit.
Ergo, it has never been done.
And as always, if something needs going away - industrial shredder. Cheap, reliable, fast. Will also dispose of witnesses.
The ultimate irony is discussing this in the age of Facebook, Google, Twitter, ad agencies and ISPs tracking every action you take (methods mentioned above can and are used by those to determine what you're doing).
how much history this memory has[/quote]
It would depend on method. Since you know that head follows a circular path you could extrapolate to which track the sample belongs. You would then use CRC present in same track to correct for missing bits or other errors. But this is about the same as asking what kind of batteries light saber uses. One cannot ponder the details of something that isn't.
Use the DoD standard for wiping hard drives just for that the bits that contain the file. Then no one would be able to recover the actual file.
Money can't buy what isn't there.
It is extremely unlikely that there is nothing there. In fact, given the analog nature of the storage medium, it is almost guaranteed that residual magnetization is left to a certain degree. Reconstructing the data is extremely difficult and/or uneconomical with current publicly available technology. This does not mean that it is impossible given enough resources and/or time. A wiped disk may be recoverable 20 years from now, but the information it contains can still be highly relevant.
DoD mandates physical destruction or degaussing before disposal of harddrives with sensitive information. Overwriting is specifically not considered sufficient.
As mentioned, I don't know of a single published case where an erased drive, even in perfect condition, were recovered, excluding the possibility of MFM (10MB or less drives).
Such cases would most likely be classified or involve illegal activities (such as high profile industrial espionage). Wait 50 years and some may fall under the FOIA.
One thing I want to point out is that "physical destruction," short of burying the disk in a volcano, isn't secure at all: while there are no documented cases of data being recovered after a disk is wiped, there are cases of data being recovered from a disk that's shredded: you can just scan the pieces with an electron microscope, the reconstruct them with a computer (the data tracks follow a predictable curve so it's not at all hard to figure out where even a small piece belongs).
Also, the "just because there haven't been any published cases of data being recovered doesn't mean it's not happening! The government just keeps it secret" argument isn't compelling to me. To me it doesn't sound any different than the notion that the government uses people with psychic powers to solve crimes, but they don't acknowledge it because then people will be likely to hurt the psychics: In both cases, it seems like the government would have more to gain by publishing their ability to gain knowledge (e.g. as a deterrent; you'll stop a lot more people from committing computer crimes by making it clear that you have the technology to catch them than you will by actually trying to hunt them down after the fact) than by keeping it a secret.
Also, the "just because there haven't been any published cases of data being recovered doesn't mean it's not happening! The government just keeps it secret" argument isn't compelling to me. To me it doesn't sound any different than the notion that the government uses people with psychic powers to solve crimes, but they don't acknowledge it because then people will be likely to hurt the psychics: In both cases, it seems like the government would have more to gain by publishing their ability to gain knowledge (e.g. as a deterrent; you'll stop a lot more people from committing computer crimes by making it clear that you have the technology to catch them than you will by actually trying to hunt them down after the fact) than by keeping it a secret.
Also, the "just because there haven't been any published cases of data being recovered doesn't mean it's not happening! The government just keeps it secret" argument isn't compelling to me.
I never said that. I don't know if anyone does it. I don't know if anyone is going to be able to do it in 20 years on a current day harddisk. But asserting with certainty that it is 'impossible' is dangerous and a bit naive.
Fact is, the physical processes behind magnetic storage are not controllable down to an atomic level in a device like a harddisk. Can you guarantee that your HDD does not leave any trace of the original data when you overwrote it with zeros ? Not the slightest area, even if its only a few molecules wide ? Can you guarantee that it still won't even after years of mechanical wear and tear, reduced servo precision or reduced magnetic writing energy due to slowly failing heads ? Would you bet your life on it ? I certainly wouldn't. That's why there are much stricter procedures for data that is so sensitive that people would go a very long way to get a hold of it and that could have significant consequences if compromised (think nuclear weapons construction data and similar). Comparing this to psychics is a bit ridiculous, to be honest.
Of course all that doesn't apply to a normal user or company. For all common use scenarios, a simple overwrite is perfectly fine.
Would you bet your life on it ? I certainly wouldn't.
Would you bet your life on the non-existence of psychics? I certainly wouldn't. I'd bet quite a bit of money on both, though. I also think it's highly unlikely that 50 years from now the government will reveal that they've been recovering wiped data all along and keeping it secret, as you seem to imply (or even that they'll be able to do it in the next 50 years). That said, I agree in that in most cases information on a macroscopic scale is theoretically recoverable.
there are cases of data being recovered from a disk that's shredded:
[Citation needed]
And they recover valid non-erased data. That is, in some cases of physical damage, possible. But it's a completely different game from reconstructing deleted data.
you can just scan the pieces with an electron microscope, the reconstruct them with a computer (the data tracks follow a predictable curve so it's not at all hard to figure out where even a small piece belongs).[/quote]
[Citation needed]
Because... things just don't work that way.
It is extremely unlikely that there is nothing there.[/quote]
Of course it is. In the same way the leaf I stepped on is now deformed.
But can this be used to reconstruct the data? I say no. Not deleted data.
...governments...NSA...DoD...[/quote]
Again, let's be real here.
Governments and these agencies can't even find perfectly indexed data. They are bureaucrats. They contain politicians, senators, people with connections, friends of family. When work needs to be done, they outsource it to government contractors. To avoid corruption, these contractors need to file a lot of paperwork to prove that their bribes are legit. So they contain a lot of paper pushers. So they again delegate work to Joe's Computer Recovery Shop. Who does the work under lockdown.
Really. There are no secret labs in Pentagon, there is no elevator going down 5 miles in NSA headquarters. That's Hollywood.
There is another reason, a purely engineering one. Managers like to talk. But when dealing with such delicate and one-off work, you cannot risk. You cannot be agile and learn from mistakes, it needs to work for the first time.
So to perform such recovery, there is only a handful of shops in the world that employ people who have been doing nothing but for past 20 years. Not government work, but recovering disk of a CEO who sat on it. Or folded a floppy in half. Or spilled coffee over it. And since those mysterious agencies aren't running such shops in their secret labs under volcano, they are commercial ventures, which might have, before budget cuts, even have some standing orders with governments. But little more.
And the devices, work, etc. they do, has been developed at public universities, is publishes as thesis, there are patent applications, presentations were had on conferences.
Like I said, it's romantic, but things just don't work like that in real world. In real world, such discovery would get stonewalled because the junior researcher wouldn't properly attribute their mentoring professor who would then hold a grudge and discredit the guy and have them kicked off the faculty while destroying their paper out of jealousy.
Again, let's be real here.
Good idea. First step would be to get off this "OMG you said gov't, teh CONSPIRACY !!1" trip, shall we ? Governments are obvious candidates for data forensics. If that makes you feel better, replace every instance of "government" in my posts above with "bored student with access to a big lab and too much time on his hands who wants to use university resources to reconstruct his accidentally deleted porn collection".
Second, let's get back to the technical side. So on one hand we have a harddisk. A very low cost mass produced device that is subject to large environmental influences, manufacturing tolerances, considerable wear and tear, mechanical shock, possibly bad power supply, interferences, and much more. A device that is just as precise as it needs to keep data integrity in a more or less acceptable range. Do you operate your harddisk in a temperature, humidity and pressure controlled HF shielded cleanroom ? Does it come certified by the manufacturer that it will write down to molecular precision and that every write will induce exactly the same field strength ? Do you have it recalibrated every month ? No ? Well, your HD is going to spill its magnetic signal all around the intended write track. Magnetization is a stochastic operation. You will never get 100% repeatability unless you are using feedback on almost atomic level or subject the magnetic material to a very high power magnetic field (ie. degaussing). And the latter isn't even 100.00% certain either.
On the other hand we have devices that are capable of measuring this magnetization down to the molecular scale readily available on the market.
So your conclusion from this is that reading the data is categorically impossible. Proof by "because no one has yet published a paper on it". Right...
Oh well. Thankfully the organizations (evil conspiring big corporations and governments for example) with information that could actually impact our lives do not subscribe to your point of view
And they recover valid non-erased data. That is, in some cases of physical damage, possible. But it's a completely different game from reconstructing deleted data.
Yes, that's exactly my point. If you overwrite your data, even once, then physically destroying your disk "just to be more sure" is a waste of time, because it's a lot easier to recover a hard drive that's been physically damaged than to recover one that's been overwritten.
you can just scan the pieces with an electron microscope, the reconstruct them with a computer (the data tracks follow a predictable curve so it's not at all hard to figure out where even a small piece belongs).[/quote]
[Citation needed][/quote]
Here's a random link I found. If you're wondering, I originally heard the story of recovering a shredded (physically) hard drive from a Greg Kesden many years ago. He mentioned specific instances in which this has been done (for demonstration purposes); I can't recall them.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
