Hi Michael,
About a week after I sent my previous response to both you and the
forensics mailing list, I got notification that it wasn't approved for
the forensics list; I have no idea why not. Hopefully you received it,
but it is included below in any case.
Anyway, I came across the following today, from a footnote in a document
I wrote last January, and figured I would share it with you, as know one
else has mentioned the Jiiva site or the Christopher Meyler article.
Note: the HDDRecovery link is to the same Simson Garfinkle and Abhi
Shelat IEEE article cited in my original response to you.
Here's what I wrote back in January:
Data is rarely truly lost unless it is intentionally overwritten
numerous times by special programs designed to remove all traces of data
from a hard drive. Source: HDDRecovery
(http://www.hddrecovery.com.au/HDD_Press_2.htm). A number of stories
about sensitive data found on discarded hard drives can be found at
Jiiva. Source: Jiiva (http://www.jiiva.com/security/news/). Also, to
learn about the effectiveness of two different disk-scrubbing tools, see
Andy Jones and Christopher Meyler, "What Evidence Is Left After
Disk Cleaners?" Digital Investigation, Volume 1, Issue 3, July 21, 2004
(http://www.compseconline.com/digitalinvestigation/meyler.pdf).
Cheers,
Michael
-----Original Message-----
From: Gavin, Michael
Sent: Monday, October 30, 2006 2:03 PM
To: 'michael@impactonline.com'
Cc: forensics@securityfocus.com
Subject: RE: Recovery data after 57+ formats - fact or fiction??
I don't recall ever seeing the 57+ format number, but the closest
articles that I recall to what you are looking for are "Remembrance of
Data Passed: A Study of Disk Sanitization Practices" by Simson Garfinkel
and Abhi Shelat, available at
http://www.rootsecure.net/content/downloads/pdf/disk_sanitization_practi
ces.pdf, and the reference numbered 13 in that document: Peter Guttman's
"Secure Deletion of Data from Magnetic and Solid-State Memory" in which
he mentions using 35 consecutive writes to securely overwrite
information, see
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html. Note that
the Gutmann paper is from 1996, and some contend that newer hard-drive
technologies are less susceptible to the problems outlined in that
paper.
Michael
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of michael@impactonline.com
Sent: Tuesday, October 24, 2006 5:13 PM
To: forensics@securityfocus.com
Subject: Recovery data after 57+ formats - fact or fiction??
I am looking for an article I read sometime between 2002 and 2005. The
content discussed how a research lab (maybe MIT or another large tech
university) was able to recover data from a hard drive after over 50
formats (or it may have been data overwrites or even a combination of
both) (I seem to remember the key number as 57 "deletion" operations). I
think the article mentioned the use of a scanning electron microscope,
magnetic force scanning, or something similar or more high-tech. This
might have been published to a tech Web news site or a tech e-mail
newsletter. I've searched for hours and I can't seem to locate it again.
In my search I've come across numerous papers and articles about how
this recovery concept is not possible. So, it may have been a figment of
my imagination, a hoax, or misleading news reporting.
In any case, I really only need to hear from those of you who know the
location of this specific article rather than rebutals to the
possibility of the topic.
I appreciate any assistance provided.
- James Michael Stewart
