Re: Interesting One

[Jac <jac_des_vert () yahoo com>]

Bits being either on or off is not quite true. In a
perfect universe this may be true, but the one we are
in is far from perfect. Media writers are not capable
of perfect over writing. There is always a small level
of write error that occurs and the magnetic traces of
previous writes are left behind. The write track is
not finite and magnetic traces of the write can be
seen on media in close proximity to the actual write
path. That is the reason for multiple over writing. By
writing over many times you take advantage of the
imprecision to blur out the original data write. I bet
that recovery for a 30x over write is quite expensive.

The process is possible, thus the reason why most
secure systems require that hard drive be destroyed by
burning in a furnace for completely reliable
elimiation. Probably over kill in reality. But if
you're required to be paranoid, then that's how its
done.

This would be a good one for the Forensics mail list.


Jac

--- John Orr <JOrr () austinbank com> wrote:
>   Personally, I think he is full of... hot air.  
>
>   Bits are either "on" or "off", "1" or "0".  If you
> change that pattern (i.e. write over the same data
> area with a different sequence of bits), then the
> previous state of that field would not be
> determinable.  Granted, there may be some residual
> magnetic field left on a particular area that is now
> "0" that had been "1", but the converse would not be
> true.  There would be no residual field to read on
> an area that is now "1" that had been "0".  
>
>   Sounds like sales fluff to me.
>
>   Anyway, that is my opinion, based on years of
> experience and a good knowledge of physics.  
>
> -John
>
> --------------------------------------
> John Orr
> VP/CIO
> Austin Bank
> 903.759.3828 x2113
> 903.297.3094 fax
> jorr () austinbank com
>
> > > > "Dave Adams" <dadams () johncrowley co uk> 10/28/02
> 04:06PM >>>
> Greetings Folks,
>
> I had an interesting conversation today with someone
> from FAST
> (Federation
> Against Software Theft) They pretend not to be a
> snitch wing of the BSA.
> Anyway, to get to the point, the guy that came to
> see me said that their
> forensics guys could read data off a hard drive that
> had been written
> over
> up to thirty times. I find this very hard to believe
> and told him I
> thought
> he was mistaken but the guy was adamant that it
> could be done. My
> question
> is, does anyone have any views on this, or, can
> anyone point me to a
> source
> of information where I can get the facts on exactly
> how much data can be
> retrieved off a hard drive and under what conditions
> etc etc.
>
> Thanks
>
> Dave Adams
>  
>  
>  
> This message (and any associated files) is intended
> only for the 
> use of the individual or entity to which it is
> addressed and may 
> contain information that is confidential, subject to
> copyright or
> constitutes a trade secret. If you are not the
> intended recipient 
> you are hereby notified that any dissemination,
> copying or 
> distribution of this message, or files associated
> with this message, 
> is strictly prohibited. If you have received this
> message in error, 
> please notify us immediately by replying to the
> message and deleting 
> it from your computer. Messages sent to and from 
> John Crowley (Maidstone) Ltd may be monitored. 
>
> Internet communications cannot be guaranteed to be
> secure or error-free 
> as information could be intercepted, corrupted,
> lost, destroyed, arrive 
> late or incomplete, or contain viruses. Therefore,
> we do not accept 
> responsibility for any errors or omissions that are
> present in this 
> message, or any attachment, that have arisen as a
> result of e-mail 
> transmission. If verification is required, please
> request a hard-copy 
> version. Any views or opinions presented are solely
> those of the author 
> and do not necessarily represent those of John
> Crowley (Maidstone) Ltd.


__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/