Prev: RIP Randy Slone
Next: If D from BC were a plumber:
From: Phil Hobbs on 15 Apr 2010 19:59
On 4/15/2010 7:50 PM, Joel Koltner wrote:
> "John Larkin" <jjlarkin(a)highNOTlandTHIStechnologyPART.com> wrote in
> message news:5a8fs5tou6rga4q8iaela0htcdqio2grm6(a)4ax.com...
>> That's nonsense.
>
> To a large extent, yes, but I think it depends greatly on how much
> effort one goes to in destroying the media -- a disk that's just been
> broken into, e.g., a half-dozen pieces is probably well worth putting
> back together.
>
> Sending the platters through a chipper should be pretty effective, I
> expect.
>
> I've been told that during the cold war years intelligence agencies
> would meticulously splice back together paper documents that had gone
> through a shredder.

IBM and the German government announced a program to do that on a huge
scale with the shredded Stasi archives--which occupy thousands of
garbage bags of confetti. They're doing it by scanning and recombining
the scanned images. Could be pretty cool if it works. Fortunately the
perps have had another 20 years to finish dying off....

Cheers

Phil Hobbs

--
Dr Philip C D Hobbs
Principal
ElectroOptical Innovations
55 Orchard Rd
Briarcliff Manor NY 10510
845-480-2058
hobbs at electrooptical dot net
http://electrooptical.net
From: whit3rd on 15 Apr 2010 20:31
On Apr 15, 2:15 pm, GreenXenon <glucege...(a)gmail.com> wrote:

> If I heat the platters of my HDD beyond curie point to eliminate the
> platters' magnetic properties, will disk-splicing still make it
> possible to recover data from those platters?

No. Alas, you haven't any clear idea what the 'curie point' is
for any given disk, since you don't know the magnetic formula.
Disk-splicing will lose data at each stress region, since stress
leading to fracture or bending is also capable of demagnetizing.

> Can similar data recovery be performed on volatile RAM chips even
> after the power is offed.

Similar, no. Recovery, yes. The volatility has a time decay constant
of a second or so, and it takes a long, temperature-dependent, delay
after power-off to thermalize the information to nonexistence.

From: GreenXenon on 15 Apr 2010 20:48
On Apr 15, 5:31 pm, whit3rd <whit...(a)gmail.com> wrote:


> On Apr 15, 2:15 pm, GreenXenon <glucege...(a)gmail.com> wrote:


> > Can similar data recovery be performed on volatile RAM chips even
> > after the power is offed.
>


> Similar, no.  Recovery, yes.  The volatility has a time decay constant
> of a second or so, and it takes a long, temperature-dependent, delay
> after power-off to thermalize the information to nonexistence.


If the time-decay-constant is a second, then will it take a second for
the data to be completely lost when the power is offed?
From: Martin Brown on 16 Apr 2010 03:39
Joel Koltner wrote:
> "John Larkin" <jjlarkin(a)highNOTlandTHIStechnologyPART.com> wrote in
> message news:5a8fs5tou6rga4q8iaela0htcdqio2grm6(a)4ax.com...
>> That's nonsense.
>
> To a large extent, yes, but I think it depends greatly on how much
> effort one goes to in destroying the media -- a disk that's just been
> broken into, e.g., a half-dozen pieces is probably well worth putting
> back together.
>
> Sending the platters through a chipper should be pretty effective, I
> expect.

Thermite ignition will be pretty ruinous to its stored data.
>
> I've been told that during the cold war years intelligence agencies
> would meticulously splice back together paper documents that had gone
> through a shredder.

The most famous recent one was the Iranian student reassembling shredded
US intelligence documents after they invaded the US embassy in Iran.
>
> But of course all governments have an interest in suggesting their
> intelligence capabilities are far greater than they really are too.
>
> One newer topic in security is "deniable encryption," wherein you
> purposely setup your encrypted hard drive (or whatever) in a manner that
> goes no obvious sign whether it's a bunch of encrypyed data or if it's a
> just a disk full of radom gobbledeegook that you put there when you
> erased the drive for completely legitimate (e.g., privacy) reasons.
> Cool idea... I've never encrypted an entire hard drive, but I definitely
> have used programs like "disk eraser" that fill the drive with random
> data when I've sold off an old drive, precisely to ensure there wasn't
> anything of use left.

Most users seem unaware that format does little more than alter the
drives directory table. That action is easily undone. Secondhand
computers from big organisations that *should* know better crop up with
monotonous regularity. A full long format writing all zeroes is better
but would not really challenge a data recovery specialist.

After you have rewritten the drive with random data a few times a la
disk eraser a government intelligence agency might be able to get at
least some of the old data back but they would only bother trying if
they had very good reason to do so. Single bit errors in encrypted
and/or compressed data are fatal to decoding.

You can hide pretty much anything in JPEG files without affecting the
decoded image if you know what you are doing. See steganography

http://en.wikipedia.org/wiki/Steganography

BTW GreenXenon is a paranoid netkook.

Regards,
Martin Brown
From: whit3rd on 16 Apr 2010 15:20
On Apr 16, 12:39 am, Martin Brown <|||newspam...(a)nezumi.demon.co.uk>
wrote:

> Most users seem unaware that format does little more than alter the
> drives directory table. That action is easily undone.

True.

> A full long format writing all zeroes is better
> but would not really challenge a data recovery specialist.

False; the usual 'long format' involves a search for bad blocks,
and DOES erase and rewrite all data; nothing useful remains of
the data on the disk, because MODERN disk drives don't waste
any of the platter area. Thirty-five years ago, there might have
been
some data residue.

> After you have rewritten the drive with random data a few times a la
> disk eraser a government intelligence agency might be able to get at
> least some of the old data back but they would only bother trying if
> they had very good reason to do so. Single bit errors in encrypted
> and/or compressed data are fatal to decoding.

True, and there's an implication here: all hard drive data is
modulated
in a scheme like Manchester coding, RLL, GCR, eight-fourteen
modulation... there's lots of schemes and lots of names. These are
all
history-dependent in some way, i.e. a ruined bit kills ALL the
subsequent
data to the end of the block. There's also error-correction data,
which
assures the reader that his as-recovered data is wrong. There's
no way that the hypothetical 'intelligence agency' can reconstruct the
block well enough to match the error-correct code, and that means
clobbering 'most of' the bits is good enough to delete the data.


Even a few bits bad means the error-correcting code will make the
result into evidence-unusable-in-court.
First  |  Prev  |  Next  |  Last
Pages: 1 2 3
Prev: RIP Randy Slone
Next: If D from BC were a plumber: