Re: Hard Drive Forensics Question

[Ansgar Wiechers <bugtraq () planetcobalt net>]

On 2008-10-08 Matt wrote:
> I've been lurking here for the last 6 months or so and this thread
> caught my eye.
>
> I'd agree about most of the comments in this thread with the exception
> of a few regarding data recovery after a file has been 'zeroed' and
> whether there is any benefit to using random data during the
> overwrite.
>
> The below thread/link was responded to by a senior engineer from a
> well known disk manufacturer, and according to him - data can be
> recovered after being over-written with new data (several generations
> back).
>
> Given Mr. Barila has decades of experience and plays an active role in
> the design and development of mass storage devices along with the
> supporting firmware, I'll take his word for it...
>
> http://www.osronline.com/showThread.cfm?link=92173

That's the theory. However, as I said in another mail: I'd like to see a
credible report on even a single file actually having been recovered
after the disk it was stored on had been wiped in a single pass with
zeroes.

I'm not saying it can't be done, mind you. However, all I ever see is
statements saying that in theory it could be done, but up to now nobody
could come up with an example where this has been actually done. Thus
I'm having my doubts.

Of course if you'd want to avoid any risk, you'd feed the disk to a
furnace and get rid of the problem once and for all.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq