On Tue, Feb 04, 2003 at 09:10:39AM -0500, Sunder wrote:
My question is what's a reasonable order of magnitude of overwriting data now, assuming you're not trying to hide data from, say the NSA.
This raises a question I've long had. ARE there actual systems for reading overwritten disk data in existance out there ? Are they in daily use or merely laboratory curiosities ? I know, of course, that there are companies that supply disk recovery services, but as far as I have ever heard they mostly work with non overwritten data on disks that have bad electronics, bad motors, bad head actuators, damaged formating, bad servo tracks, bad heads, damaged surfaces and so forth. The most I have ever heard of being routinely done is reading data off a platter with a special external head positioned by special mechanics and servo systems. And of course most of what data recovery companies do is work with disks with corrupt filesystems but largely or entirely intact information content on the platters. This includes partially erased filesystems and file systems with key information blocks that cannot be reliably read or that have been overwritten by garbage. None of this involves reading the ghosts of previous data in sectors that have been overwritten once or multiple times. So what is the actual threat ? Are there any papers describing practical production systems and proven techniques for retrieving overwritten data ? How good are they - what BERs are obtainable for what percentage of data ? Clearly a cryptographer legitimately worries about being able to infer that a particular bit a of key has a slightly greater than 50% chance of being a 1 or 0, but for most users retrieving email or documents with even one or two corrupt characters in them per page may not be very interesting even if it is possible. And good lawyer should be able to plant doubt in the minds of a jury if the data is really garbled, even if it seems incriminating. So it would seem that for most normal recovery purposes (business data recovery and evidence) any multi-layer ghost data recovery would have to be pretty good to be worth investing in. The NSA/CIA, however might be interested in anything at all under some circumstances - without those limitations. So how real is the threat - what does it cost to have it done and how expensive is the gear ? Who actually has working setups in use ? And how many layers down can they really read ? And with what BER ? -- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18