Scrub free disk blocks
jd1008 at gmail.com
Sun Aug 29 19:36:16 UTC 2010
On 08/29/2010 12:21 PM, Marko Vojinovic wrote:
> On Sunday, August 29, 2010 09:53:48 Michael D. Setzer II wrote:
>>> Marko Vojinovic<vvmarko at gmail.com> wrote:
>>>> Starting from the premise that every hard disk has in principle limited
>>>> capacity to store data, one can always fill it up completely, then
>>>> rewrite it completely again. I see no way of the old data being
>>>> recoverable, because this is in contradiction with the fact that the
>>>> disk was filled up completely two times. The old data has to be
>>>> destroyed in order to make room for new data. At least as far as I can
>>>> understand it.
>>> At least at one time it was possible because the data is stored in a
>>> region and when overwriting the region you don't hit the same spot every
>>> time. With the right equipment you could see these areas and tell what
>>> data had been written in that spot in the past.
>> Recalling a presentation at Defcon 2006, the space between tracks would
>> contain information that could determin what was there before a format
>> operation. A DES level wipe required writing 7 different patterns to every
>> sector to make this practically impossible.
> Ok, so if I read this correctly, after cca 7 rewrites of the whole disk with
> random contents, there is quite high probability that the original data is
> gone beyond any recognition ability, no matter how high is the budget of your
> favorite spy organization.
> So if you want to be on a safe side, fill up the whole disk from /dev/random
> over and over 20 times, and the original data will be completely gone. Even
> for NSA& friends. :-)
> Best, :-)
Has anyone thought of the effect of disk operating temperature
on the regions where each bit resides? I mean that because of this
difference in operating temperatures, platters and rw heads will shrink
or expand. This would require the electronic logic to take account of
this and account for some wiggle room for each bit's region.
This would seem to imply that each bit region might have more than
one value, depending on what temperature that value was written.
Is this not what forensics labs use to extract data that was thought
to have been overwritten?
More information about the users