Berkeley CSUA MOTD:Entry 30686
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/07/08 [General] UID:1000 Activity:popular
7/8     

2004/6/8-9 [Computer/HW/Drives] UID:30686 Activity:moderate
6/8     Anybody ever known of data getting extraced from a drive that has
        been zeroed out?
        \_ Does it count if I got 000000... back?
        \_ It can be done.  When your disk drive does a write, it writes a
           rather wide path.  By placing the platters into special machines,
           you can extract data from the fringes of the write path.  This is
           why the DoD has released specs on write patterns useable to highly
           minimize such extraction.
           \_ I think the sequence of writes is something like:
              11111111, 00000000, 11110000, 00001111, 11001100,00110011,
              10101010, 01010101, which is kind of like micro-degaussing.
           \_ We had a pretty interesting joint presentation by Kroll
              and Guidance.  I forget which one of the two it is, but one
              has fairly extensive labs for just this kind of recovery that
              they'll let you tour (at least in Germany) as a "potential
              customer".  Anyway, I thought DoD just physically shredded
              all physical storage media after use as a matter of policy?
              Most of my bank clients so far have paid someone to do that
              for them.  -John
        \_ Yup, it's possible.  As the above poster said, you need to
           overwrite your data several times with various bit-patterns.
           Otherwise someone determined enough can use an electronic
           microscope or whatnot to determine what had been written there
           several generations of writes before.
        \_ http://slashdot.org/article.pl?sid=04/06/09/0151219
2025/07/08 [General] UID:1000 Activity:popular
7/8     

You may also be interested in these entries...
2012/1/4-2/6 [Computer/HW/Drives] UID:54281 Activity:nil
1/4     I want to test how my servers behave during a disk failure and
        a RAID reconstruction so I want to simulate a hardware failure.
        How can I do this in Linux without having to physically pull
        a drive? These disks are behind a RAID card and run Linux. -ausman
        \_ According to the Linux RAID wiki, you might be able to use mdadm
           to do this with something like the following:
	...
2011/9/14-10/25 [Computer/HW/Drives] UID:54173 Activity:nil
9/13    Thanks to Jordan, our disk server is no longer virtualized. Our long
        nightmare of poor IO performance should hopefully be over. Prepare for
        another long nightmare of poor hardware reliability!
        ...
        Just kidding! (I hope)
        In any case, this means that cooler was taken out back and shot, and
	...
2011/2/14-4/20 [Computer/SW/Unix] UID:54039 Activity:nil
2/14    You sure soda isn't running windows in disguise?  It would explain the
        uptimes.
        \_ hardly, My winbox stays up longer.
        \_ Nobody cares about uptime anymore brother, that's what web2.0 has
           taught us.  Everything is "stateless".
           \_ You;d think gamers would care more about uptime.
	...
2010/7/22-8/9 [Computer/SW/OS/FreeBSD, Computer/HW/Drives] UID:53893 Activity:nil
7/22    Playing with dd if=/dev/random of=/dev/<disk> on linux and bsd:
        2 questions, on linux when <disk>==hda it always gives me this off
        by one report i.e. Records out == records in-1 and says there is an
        error. Has anyone else seen this?  Second, when trying to repeat this
        on bsd, <disk>==rwd0 now, to my surprise, using the install disk and
        selecting (S)hell, when I try to dd a 40 gig disk it says "409 records
	...
2009/10/27-11/3 [Computer/HW/Drives] UID:53474 Activity:nil
10/27   I just read an article that Facebook had moved their database
        to all SSD to speed throughput, but now I can't find it. Has
        anyone else seen this? Any experience with doing this? -ausman
        \_ I hope you're not running mission critical data:
           http://ask.slashdot.org/story/09/10/27/1559248/Reliability-of-PC-Flash-SSDs?from=rss
        \_ Do you have any idea how much storage space is used by Facebook,
	...
2009/8/4-13 [Computer/SW/OS/Windows] UID:53239 Activity:kinda low
8/3     VMWare + Windows XP + Validation question. I need to test stuff with
        Service Pack 3 installed. I have a valid key that I own (yeah yeah I
        actually *bought* a copy, please don't flame me for supporting evil
        M$). Is it possible to register the key once, and then duplicate it
        for testing purposes?  Will Windows or Microsoft detect copies and
        disable the rest the copies?
	...
2009/7/28-8/6 [Computer/HW/Drives] UID:53216 Activity:nil
7/28    Does it make sense to defragment disks on VMWare? My 80GB disk
        on VMWare isn't really using 80GB, it just uses what it needs.
        Will defragment do anything to it?
        \_ If you want to speed up disk operation in your VM, it's best to
           defragment the disks in your VM, then defragment the disk on your
           host machine where the VM files are.
	...
2009/7/24-27 [Computer/SW/WWW/Browsers, Computer/SW/OS/OsX] UID:53191 Activity:kinda low
7/24    Firefox 3.5.1 on MacOS is a piece of crap. It crashes ALL THE TIME.
        It has crashed 3 or 4 times on me in the last hour, and not on
        the same pages either. The new Yahoo! home page also sucks ass.
        \_ os x keeps trashing my raid disk: '11 hours to rebuild. have fun
           with the kernel IO subsystem running like shit until then".
           Worthless piece of shit.
	...
2009/7/17-24 [Computer/SW/OS/OsX] UID:53156 Activity:kinda low
7/17    -rw-r--r--@
        What does the "at sign" mean? This is on Mac OS. VMWare disk file.
        \_ The file has metadata attributes
           \_ How do I add/delete attributes to files? What about
              -rw-r--r--+ <-- what is the "+" sign? Also how do you make
              tar preserve these attributes?
	...
Cache (8192 bytes)
slashdot.org/article.pl?sid=04/06/09/0151219
able to recover highly sensitive data including customer databases, financial information, payroll records, personnel details, login codes, and admin passwords for their secure Intranet site. This is a bit scary considering all of these drives were supposedly formatted and sold for surplus by major companies (although few of us actually use the multiple formatting standards of the DoD). Looks like it's hardly necessary for crooks to get at your private information, although I sure industrial espionage spooks have probably done this for awhile." My friend and I had a large moving box full of floppies we recoverd, stacks of drives, old backup tapes, credit card numbers, SSNs, vendor statements and account numbers, complete and functional PCs, etc. For others who plan on trying this out: Don't worry, dumpsters for your average company is clean with no gross shit in it. If you go looking like geekboy from a middle income family, you'll get a trespassing charge against you. We only had a couple of run-ins with the cops and tenants. They all went pretty well, as we said we were looking for things to sell at the pawn shop. The key, I have found, when performing a social hack is to always pretend like you recognize authority. Cops will quit caring about pointing out your trespass, real fast, when they manage to get a self-esteem boost by picking on a poor person. The little guilty voice in the back of their head will say "Leave the poor slob alone.. Warning: This will not work if you park your new Volvo next to the dumpster. Park around other cars, if there are any, and be prepared to abandon your vehicle a few hours if you are told to leave by the cops. Oh, and get some strong fabric laundry bags to carry your loot. Thursday June 03, @01:50AM) Last think I want is HIV or some nasty cuts from broken glass or metal shit. Phone handsets or doorknobs are generally *far* worse from a sanitary perspective than just about anything else. All the communicable respiratory diseases have been nicely cultured on the doorknobs by people sneezing on their hands and then operating the knob. Heck, your ancestors survived tromping around in the mud, barefoot, getting stabbed, clawed, bitten, stung, and so forth. You have an immune system and regenerative abilities that are awfully tough to muck with. Not many people die each year from scorpion bites, but tens of thousands of people die each year from auto accidents in the United States. And you probably have a road out right in front of your house! As Neal Stephenson put it -- you're a stupendeous badass. After the German reunification the Bundesnachrichtendienst, (German Intelligence sercvice, BND for short) combed East Germany for hard drives because the STASI used to pass used ones on to state businesses and institutions. Apparently they were able to recover a fair amount of documentation this way. But the real score was that they found a set of tapes (the famous SIRA tapes) with backups of among other things an index linking agents to the STASI's library of coded agent activity reports which somebody had forgotten to flag for deletion. The problem was of course that the CIA had stolen the directory containing the codename key ie. So now the CIA knew who all the agents were but no more and the Germans knew how to find out what they were upto. Of course the CIA insisted that the BND hand over the database but refused to trade it for the codename key. Last I knew that request was flatly denied they have now settled on some sort of tit for tat exchange. So the lesson is, after you whipe your disk, DON'T FORGET THE BACKUP MEDIA! Monday June 07, @03:13AM) Well that depends on what you mean by 'low level format'. Re-formatting ata hard drives at a truly low level can mess the disk organisation in ways that seriously degrade performance. If your referring to a 'full' format with does more than the 'quick' format that mearly marks the drive as empty, well it's easy, and of very little use in this case. Simply writing zeros to every location on the hard drive that stores data doesn't completely erase the data. That is the magnetic field of the bits are not set at exactly '0'. Slight variations in the magnetic material, write head field strength, and positioning all contribute to increase the odds of data being recoverable. Some programs even go so far as to not simply write 11111111 then 00000000 over and over to the same byte, but to use other patterns so that the fields of niegboring bits add to the deguas effect in destroying the data. At one time (and probably to this day) the US DOD specs used to require a certain number of passes of 0 and 1 bits followed by the writing of a specific bit pattern before a hard drive was considered to have been properly erased. And yes each pass does put a little wear and tear on the drive, not enough to worry about unless your 'shredding' the drive quite a few times, but still worth noting. The number of passes used and what if any special patterns are used determine the amount of effort it would take to recover the data, kind of like key length in cryptography. That requires knowledge of the ECC being used on the disk. Many disk scrubbers actually write so many known vlues because they are attempting to catch all of the common ECCs. DoD "erasure" for a drive that has held "Secret" data involved opening the case and applying a power sander to each surface until ALL the magnetic media has been sanded off, or in a combat situation where the destroying authority was prepared to sign that time was absolutely critical, thermite or white phosporous grenades. I don't remember offhand what the spec was for Top-Secret, as I never had to know that one. com/) Information recovery tools work by subtracting the current pattern of bits from the magnetic reading that the drive outputs. The previous bit pattern generally masks any small variation in the signal, but when that is subtracted from the signal you get a clear pattern of what the old data was. Then you can repeat the trick for a total up to 6 times. Beyond that, the basic noise in the system and the uncertainty of the signal strength makes it impossible to determine the bit pattern. For this reason, I believe the DOD reccomends writing random data to the disk 7 times, to guarentee that it is destroyed. Remember, however, that any overwriting makes it impossible to recover data except by special means far beyond that of a normal file recovery program. Tools that recover data after it has been overwritten are not easy to make, and I'm not even sure that they would run on computer hardware. It's possible that such recovery would require special ATA firmware, or even replacing the hard disk firmware. I'm not an expert, but that is what I've been able to grok from casual reading on the subjectt. sage/) Next time you might get more for it by advertising it as a hard drive with hidden flash. BTW, try doing a data recovery on some of the little flash drives that get given out as promos. After the 4th out of 5 harddrive I was scanning had horse porn I just figured it'd be better to not look anymore. I remember my first laptop, a 386sx with vga b&w screen. It was so spiffy I wanted some pictures to show it off, any pictures would do. This was the late 1980s and the only gifs you could find on local BBSs were porn. In dennies I was asked if my computer could display pictures. I said "Sure here's an image of a woman having sex with a horse". The waitress was so impressed, the quality, the detail, yet was somewhat disusted. So not to apear sexist, I showed here another one "here's a picture of a man having sex with a horse". She asked me if I had some pictures without horses, I had to say "No, the only pictures you can get for computers are of people and horses having sex". Whether you can truly erase a drive depends on so many low level (read: inside the drive 'black box') factors, that it's impossible to be 100% certain the disk is clean. Physical destruction of the disk is the best and only certain way of ensuring that critical data isn't still readable. Monday June 07, @01:03AM) Read the entire paragraph quoted from the article: Data overwri...