test disk from cgsecurity versus data security

Travis H. solinym at gmail.com
Wed Nov 30 03:35:12 PST 2005

> As "test disk" is able to restore overwritten/shredded (dev/urandom) or
> erased (dev/zero) partitions,

The documentation doesn't say it can do that.  It just says it can
find where they start (and/or end) when that information (which is
usually in the MBR) has been lost.  This is easy as most filesystems
have signatures ("magic numbers") which can be identified, and/or they
tend to be at certain places on the disk (for example, cylinder
boundaries).  Overwriting an entry in your partition table is much
different than overwriting the partition itself.

So far, as Simson Garfinkel has pointed out, nobody has shown any
evidence that you can recover data after just one overwrite with
zeroes.  Then again absence of evidence is not evidence of absence. 
Lacking any evidence one way or the other, I assume it is possible in
my risk analyses, since that way I don't get any nasty surprises.

http://www.lightconsulting.com/~travis/  -><-
"We already have enough fast, insecure systems." -- Schneier & Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B

More information about the cypherpunks-legacy mailing list