shredding files on a flash drive

Christopher Browne cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Jan 25 19:33:31 UTC 2008


On Jan 25, 2008 7:00 PM, James Knott <james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org> wrote:
> Kristian Erik Hermansen wrote:
> > On Jan 25, 2008 7:34 AM, Lennart Sorensen <lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org> wrote:
> >> On Thu, Jan 24, 2008 at 02:54:53PM -0800, Kristian Erik Hermansen wrote:
> >>> That claim is apparently false, by numerous rebuttals to the Guttmann
> >>> paper.  I will assume that the rebuttals are correct until someone can
> >>> prove that.  Btw, I also have a question for you :-)
> >>>
> >>> Q: You open a hard disk drive case enclosure, remove the actuator and
> >>> screws for the platters, and place two platters on your desk.  The
> >>> data was intact and not overwritten when you pulled them from the
> >>> caseing.  Can you recover the data on the platters?
> >>> A: No.
> >> My guess would be yes.  What reason do you have for saying it is no?
> >
> > I challenge anyone to prove me wrong.  Go forth and study on your own
> > disk if you like :-)  The reason is that once the platters are
> > removed, they can never be aligned in the same way that they were
> > manufactured.  Thus, an multi-platter hard disk data is unrecoverable,
> > by any means...
>
> Can you be so certain?  Many years ago, I used to maintain mini-computer
> systems, including disk drives.  There were many times I would repair a
> drive after a head crash and then do an alignment of the heads etc.
> When you do that, one thing that's obvious is that the data is recorded
> in clearly identifiable tracks, which you can locate by watching the
> recovered signal with an oscilloscope.  What's to stop someone from
> reassembling those platters in a similar drive and, with perhaps some
> effort, recovering that data?  It may be difficult, but I not
> impossible.  I know it's possible to align a drive to the data on a
> disk, because I've done it.  You might also want to talk to someone in
> the data recovery business.  IIRC, there was a presentation by one such
> person at a TLUG meeting a few years back.

It seems as though the frantic efforts to pack more and more data onto
drives has been leading to this aspect becoming more and more fragile
over time.

There are two views that are both simultaneously worth taking:

1.  The complexities and fragilities of data encoding have increased
to the degree that it's common that companies like ActionFront that
are engaged in this sort of thing are unlikely to be able to
economically provide any results at all unless the disk drive is
almost entirely intact.

With this perspective, anything that you do that might penetrate
inside the case of the storage device would be likely to prevent
recovery.

2.  On the other hand, if some agency (government or commercial) were
to devote resources to the matter, they could probably come up with a
way of pulling signals and hence information off disks even with
"damage" such as having removed plates from the drive.

It MIGHT be that some agency has spent the billions required to do
this; we don't know.

In practice, there is little evidence that there is anything better
than "approach #1" out there.  That neither proves nor disproves the
possible existence of "approach #2."  Agencies like the NSA, CIA, and
FBI would probably be pretty happy to hide instances of equipment that
can do "approach #2."

The fact that they'd be likely to deny the existence of such doesn't
prove anything one way or another.

A paranoid view dictates trying to protect even against "approach #2,"
as, even if it doesn't exist, it could emerge later, and it might be
used retroactively for forensics.


-- 
http://linuxfinances.info/info/linuxdistributions.html
"The definition of insanity is doing the same thing over and over and
expecting different results."  -- assortedly attributed to Albert
Einstein, Benjamin Franklin, Rita Mae Brown, and Rudyard Kipling
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list