Security Basics mailing list archives
Re: Interesting One
From: Jack Crone <jcrone () jdca com>
Date: Tue, 29 Oct 2002 19:10:57 -0800
...the guy that came to see me said that their forensics guys could read data off a hard drive that had been written
over
up to thirty times. I find this very hard to believe and told him I
thought
he was mistaken but the guy was adamant that it could be done. My
question
is, does anyone have any views on this, or, can anyone point me to a
source
of information where I can get the facts on exactly how much data can be retrieved off a hard drive and under what conditions etc etc.
Theoretically it is simple to retrieve overwritten data, particularly if it has been overwritten just one time. In practice, however, the data comes back one agonizing bit at a time and with a high error rate. Send the guy a disk that has been overwritten just once and ask him to retrieve the original data. Even if he has the ability to do this, he probably won't be inclined to give you a free sample. The process is just too labor intensive. Jack JD Crone Associates Computer Forensics
Current thread:
- RE: Interesting One, (continued)
- RE: Interesting One David (Oct 31)
- Re: Interesting One Carol Stone (Oct 29)
- RE: Interesting One Greg van der Gaast (Oct 30)
- Re: Interesting One James Taylor (Oct 30)
- Re: Interesting One ATD (Oct 31)
- RE: Interesting One Dozal, Tim (Oct 29)
- RE: Interesting One Tom Matthews (Oct 30)
- RE: Interesting One Paul Carroll (Oct 30)
- Basic Question only Christopher Rea (Oct 31)
- RE: Interesting One David (Oct 31)
- Re: Interesting One Jack Crone (Oct 30)
- RE: Interesting One Martijn Dunnebier (Oct 30)
- RE: Interesting One Trevor Cushen (Oct 30)
- RE: Interesting One Nero, Nick (Oct 30)
- RE: Interesting One Tim Donahue (Oct 30)
- Re: Interesting One Carlos . (Oct 30)
- RE: Interesting One John Orr (Oct 31)
- Interesting one Trevor Cushen (Oct 31)
- RE: Interesting One Trevor Cushen (Oct 31)