[Leaplist] The DD drive challenge

Hank Lambert hank at hanklambert.com
Thu Apr 10 18:12:32 EDT 2008 

I am having a hard time believing this as well. First, I have read (but 
never verified) that forensic teams have the ability to shift the HD 
head just ever so slightly and read data off of the edges. Again, I 
don't know if that is true, but it makes sense. Maybe this is what John 
was talking about by removing the platters?

Second, we have actually retrieved data off of a drive that we were told 
had a single wipe done on the My Documents folder. We used "Get Data 
Back" software, NTFS edition and got very little data off the drive, 
only a few word documents. We got a list of jpg's it had retrieved, but 
the images were corrupt and couldn't be displayed. I cannot verify if 
the folder was in fact wiped, but looking at the condition of the data, 
and what little data it did retrieve, it's enough to make me think it 
could have happened. But then again, maybe it was interrupted, we just 
don't know.

I do not know anything about dd, so maybe it does something different, 
but a single wipe seems a little to weak for me. I use eraser at work 
and on my home windoze machines for file cleaning, but have it set for 7 
wipes. I believe that is the DOD standard. To wipe a complete drive, I 
use dban, also set for 7 wipes.

--Hank


Steve Litt wrote:
> On Monday 07 April 2008 09:34, patrick wrote:
>   
>> Here is a challenge, where a Western Digital 80 GB drive with a folder
>> and two files on it is hit with the DD command, and you win if you can
>> recover the name of one of the files or the folder.
>>
>> Purpose is to dispel rumors that a drive need be multiply written with
>> zeros to erase all data.  Government agencies and professional drive
>> recovery specialists refuse to take this challenge.
>>
>> Representatives of some who were contacted quoted their engineers that
>> they have already proved that recovery after a Unix DD command is
>> impossible.
>>
>> http://16systems.com/zero/index.html
>>     
>
> I don't believe it. In the mid 1960's I recorded songs off the radio on a reel 
> to reel tape recorder (hope the RIAA doesn't break down my door for that). 
> Sometimes I'd record over songs already recorded. When I did, if you listened 
> carefully, you could hear the old song. If you listened carefully, you could 
> recognize the old song.
>
> Tapes and disk platters have something in common -- they're analog. No matter 
> the fact that the content of the disk platter is turned into digital 
> content -- on the platter it's magnetically alligned oxide particles (or 
> something like that), and those particles don't instantly change their 
> alignment as 1 transcends to 0.
>
> Using analog processes, I'm sure it's possible to neutralize the dominant 
> encoding in order to "hear" the encoding behind it. Is it easy? No. Can it be 
> done digitally? No. Can it be done without taking the drive apart or changing 
> the drive? I don't know. But I'm sure given the time and resources (more time 
> than 3 days and more money than a drive and $40.00), a lot of data can be 
> recovered from a dd'ed drive.
>  
> SteveT
>
> Steve Litt
> Author: Universal Troubleshooting Process books and courseware
> http://www.troubleshooters.com/
> _______________________________________________
> Leaplist mailing list
> Leaplist at leap-cf.org
> http://lists.leap-cf.org/mailman/listinfo/leaplist
>
>

More information about the Leaplist mailing list