Forensics
RE: Recovery data after 57+ formats - fact or fiction?? Nov 10 2006 09:48PM
Gavin, Michael (mgavin forrester com)
Hi Michael,

About a week after I sent my previous response to both you and the
forensics mailing list, I got notification that it wasn't approved for
the forensics list; I have no idea why not. Hopefully you received it,
but it is included below in any case.

Anyway, I came across the following today, from a footnote in a document
I wrote last January, and figured I would share it with you, as know one
else has mentioned the Jiiva site or the Christopher Meyler article.
Note: the HDDRecovery link is to the same Simson Garfinkle and Abhi
Shelat IEEE article cited in my original response to you.

Here's what I wrote back in January:

Data is rarely truly lost unless it is intentionally overwritten
numerous times by special programs designed to remove all traces of data
from a hard drive. Source: HDDRecovery
(http://www.hddrecovery.com.au/HDD_Press_2.htm). A number of stories
about sensitive data found on discarded hard drives can be found at
Jiiva. Source: Jiiva (http://www.jiiva.com/security/news/). Also, to
learn about the effectiveness of two different disk-scrubbing tools, see
Andy Jones and Christopher Meyler, "What Evidence Is Left After
Disk Cleaners?" Digital Investigation, Volume 1, Issue 3, July 21, 2004
(http://www.compseconline.com/digitalinvestigation/meyler.pdf).

Cheers,
Michael

-----Original Message-----
From: Gavin, Michael
Sent: Monday, October 30, 2006 2:03 PM
To: 'michael (at) impactonline (dot) com [email concealed]'
Cc: forensics (at) securityfocus (dot) com [email concealed]
Subject: RE: Recovery data after 57+ formats - fact or fiction??

I don't recall ever seeing the 57+ format number, but the closest
articles that I recall to what you are looking for are "Remembrance of
Data Passed: A Study of Disk Sanitization Practices" by Simson Garfinkel
and Abhi Shelat, available at
http://www.rootsecure.net/content/downloads/pdf/disk_sanitization_practi

ces.pdf, and the reference numbered 13 in that document: Peter Guttman's
"Secure Deletion of Data from Magnetic and Solid-State Memory" in which
he mentions using 35 consecutive writes to securely overwrite
information, see
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html. Note that
the Gutmann paper is from 1996, and some contend that newer hard-drive
technologies are less susceptible to the problems outlined in that
paper.

Michael

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of michael (at) impactonline (dot) com [email concealed]
Sent: Tuesday, October 24, 2006 5:13 PM
To: forensics (at) securityfocus (dot) com [email concealed]
Subject: Recovery data after 57+ formats - fact or fiction??

I am looking for an article I read sometime between 2002 and 2005. The
content discussed how a research lab (maybe MIT or another large tech
university) was able to recover data from a hard drive after over 50
formats (or it may have been data overwrites or even a combination of
both) (I seem to remember the key number as 57 "deletion" operations). I
think the article mentioned the use of a scanning electron microscope,
magnetic force scanning, or something similar or more high-tech. This
might have been published to a tech Web news site or a tech e-mail
newsletter. I've searched for hours and I can't seem to locate it again.

In my search I've come across numerous papers and articles about how
this recovery concept is not possible. So, it may have been a figment of
my imagination, a hoax, or misleading news reporting.

In any case, I really only need to hear from those of you who know the
location of this specific article rather than rebutals to the
possibility of the topic.

I appreciate any assistance provided.
- James Michael Stewart

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus