Security Basics mailing list archives
RE: Interesting One
From: "Trevor Cushen" <Trevor.Cushen () sysnet ie>
Date: Wed, 30 Oct 2002 10:29:08 -0000
I believe the DOD level is 7 overwrites before the data is deemed unrecoverable. Bear in mind however that the DOD practise is to burn the hard drive as part of the disposal procedure. I used @Stake autopsy and found it very quick and easy to use for recovery of deleted files. BackByte is another good tool but not free like Autopsy. The 30 overwrites and still getting data I don't believe however. I would imagine the disk was used again about 30 times but the recovered data was on a section of disk that had not been reused. I don't rule out that it can be done but not by anything on the market. If you are really unsure try posting your query to the people at Vogon. www.vogon.co.uk They are the best at this stuff bar none. Read some of their news stories for just how realistic computer forensics is. Trevor Cushen Sysnet Ltd www.sysnet.ie Tel: +353 1 2983000 Fax: +353 1 2960499 -----Original Message----- From: Michael Cunningham [mailto:crayola () optonline net] Sent: 29 October 2002 19:43 To: Dave Adams; security-basics () security-focus com Subject: RE: Interesting One
Anyway, to get to the point, the guy that came to see me said that their forensics guys could read data off a hard drive that had been written over up to thirty times. I find this very hard to believe and told him I thought he was mistaken but the guy was adamant that it could be done.
Yes, it can be done.. it would cost about 100k per drive and the ability to access an electron scanning microscope. At 30 times I highly doubt they could recover anything of any value anyway. Using most commercially available products like "Encase", you can recover files that have been deleted, but not overwritten. Once the data is overwritten you are getting into using tools which are not available to the general public as far as I am aware. Mike ************************************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this message in error please notify SYSNET Ltd., at telephone no: +353-1-2983000 or postmaster () sysnet ie **************************************************************************************
Current thread:
- RE: Interesting One, (continued)
- RE: Interesting One Greg van der Gaast (Oct 30)
- Re: Interesting One James Taylor (Oct 30)
- Re: Interesting One ATD (Oct 31)
- RE: Interesting One Dozal, Tim (Oct 29)
- RE: Interesting One Tom Matthews (Oct 30)
- RE: Interesting One Paul Carroll (Oct 30)
- Basic Question only Christopher Rea (Oct 31)
- RE: Interesting One David (Oct 31)
- Re: Interesting One Jack Crone (Oct 30)
- RE: Interesting One Martijn Dunnebier (Oct 30)
- RE: Interesting One Trevor Cushen (Oct 30)
- RE: Interesting One Nero, Nick (Oct 30)
- RE: Interesting One Tim Donahue (Oct 30)
- Re: Interesting One Carlos . (Oct 30)
- RE: Interesting One John Orr (Oct 31)
- Interesting one Trevor Cushen (Oct 31)
- RE: Interesting One Trevor Cushen (Oct 31)