data shredder
Amedee Van Gasse (ub)
amedee-ubuntu at amedee.be
Mon Dec 21 22:00:54 UTC 2009
On Mon, December 21, 2009 16:52, Rashkae wrote:
> Steve Flynn wrote:
>> On Mon, Dec 21, 2009 at 1:36 PM, Amedee Van Gasse (ub)
>> <amedee-ubuntu at amedee.be> wrote:
>>
>>> Can you name a few of those forensics softwares? + documentation about
>>> how
>>> they actually work and what the conditions are to get usable results?
>>> Preferably something recent, not some outdated standards published by
>>> the
>>> USA government (I don't trust foreign governments on that subject, I
>>> don't
>>> even trust my own government).
>>
>> In the news recently - COFEE (Computer Online Forensic Evidence
>> Extractor)
>>
>> http://www.google.co.uk/search?q=coffee+forensic+tool should get you
>> started... you can easily find it on the Torrent sites.
>>
>
> Coffee is not even close to being able to recover data that's been
> overwritten, even by a single pass of zeros. Even in theory,
> recovering that kind of data would require removing the platter from the
> hard drive and carefully scanning the surface with some star trek
> sounding gizmo microscope, then using software to make a 'best guess'
> about the contents, (not that tricky if the data was written once to a
> pristine drive then overwritten once with zeros, but that's a best case
> scenario for recovery.)
My point exactly.
There exists no software that can recover overwritten data without going
lower than the hardware level and without bypassing the hard disk
controller.
I am open for suggestions to the contrary, but as long as you have to rely
on the hard disk controller, I am not convinced that recovery can be
succesful.
That's why my opinion remains that a simple data wipe is sufficient if
your theoretical opponent doesn't have access to Star Trek grade
equipment. It's enough to protect you against Joe Hacker.
--
Amedee Van Gasse
More information about the ubuntu-users
mailing list