Memories of a Media Card

twistedmoney99 writes "Anyone who has upgraded their digital camera probably has a few older, incompatible media cards lying around — so why not post them on Ebay? Well, if you do, be sure to properly wipe them because the digital voyeurs are watching. Seth Fogie at InformIT.com purchased a bunch of used cards from Ebay and found recoverable data on most of them. Using the freely available PhotoRec application, he was able to extract pictures, movies, and more from apparently formatted cards. The picture is clear — wipe anything that can store digital data before getting rid of it."

Re:speaking of wiping data

dd from /dev/urandom onto the media multiple times ( in excess of 20 times if you are paranoid )

Re:speaking of wiping data

Eraser

http://www.heidi.ie/eraser/

Memory effect

Memory cards do not have nearly as strong of a memory effect as hard drives. With a hard drive you can write and rewrite multiple times and still have data recovered by someone willing to spend the time, effort, and money. But memory cards are much harder. You could be relatively sure of safety if you just:

1. Delete everything on the card.
2. Fill the card with something not private (maybe a text file that just repeats the same character).
3. Delete everything on the card.
4. If you're paranoid do 2 and 3 again.

If you don't have a computer handy, you can accomplish step 2 by taking photos of a blank sheet of paper or a lenscap or something of that sort.

Re:Memory effect

[ivan_13013]

Whoa there. It is NOT bullshit. In fact it is COMPLETELY POSSIBLE to recover overwritten data from a hard drive, even if it was written over several times with random or nonrandom data. Remember that magnetic media cannot really store 1 and 0. It can only store a magnetic flux using ANALOG electronic components!

The NSA today (and other people) can use Magentic Force Microscopy to extract enough detail to reconstruct what used to be on the drive. With only one or two overwrites, a sensitive oscilloscope could suffice.

Here's one paper from ten years ago that talks more about the recovery technique.
http://www.usenix.org/publications/library/proceed ings/sec96/full_papers/gutmann/

From the paper:

"In conventional terms, when a one is written to disk the media records a one, and when a zero is written the media records a zero. However the actual effect is closer to obtaining a 0.95 when a zero is overwritten with a one, and a 1.05 when a one is overwritten with a one. Normal disk circuitry is set up so that both these values are read as ones, but using specialised circuitry it is possible to work out what previous "layers" contained. The recovery of at least one or two layers of overwritten data isn't too hard to perform by reading the signal from the analog head electronics with a high-quality digital sampling oscilloscope, downloading the sampled waveform to a PC, and analysing it in software to recover the previously recorded signal. What the software does is generate an "ideal" read signal and subtract it from what was actually read, leaving as the difference the remnant of the previous signal."

dd /dev/random

[ettlz]

I've recovered photos by hand for family members who've accidentally nuked their memory cards (did it the hard way with a hex editor, dd and cut). So wouldn't dd if=/dev/random of=/dev/ memory-card bs=1K count= card-size-in-kib suffice?

Re:dd /dev/random

[ewhac]

I wouldn't use /dev/random; it depletes the entropy pool far too quickly. Use /dev/zero instead:

dd if=/dev/zero of=/dev/mem_card_node bs=256k

If you want to be extra-friendly to the card's buyer, write a new partition table to the card after wiping it and format it for FAT32.

Schwab

Re:speaking of wiping data

[croddy]

Better (and more convenient) than dd'ing from /dev/urandom is wipe(1). It will, at your option, overwrite the disk using 34 different byte patterns, 8 of which are random.

Its man page is also the only one I know of that uses the phrases "rising totalitarianism", "Department of Homeland Security", and "THIS IS AN EXTREMELY DANGEROUS THING TO DO".

unnecessary

[oohshiny]

Something like "wipe" is needed for rotational magnetic media. For flash, a simple cat /dev/zero > /dev/sd... is sufficient.

Re:speaking of wiping data

[Blkdeath]

At my last job, we used "Darik's Boot and Nuke", available at dban.sourceforge.net. You boot off the floppy, type "dod" and it wiped the drive according to Dept of Defense standards. It worked great (I hope)!

{sigh} This has been discussed before. The DoD's standards for highly classified computers amounts to a very large hole-punch and an incinerator. The "standards" you refer to amount to the wiping they do on receptionist and non-classified computers.

Re:I don't even bother to erase mine.

[MS-06FZ]

You should try using a zoom lens.
 
(Just kidding!) <sigh>
He'd need a zoom lens if he were very tall - or if otherwise his dick or parts of it were very distant from the camera.

If it were small, he'd want a macro lens.

Re:cipher.exe is overkill for flash memory

[RvLeshrac]

http://www.zdelete.com/dod.htm

The DOD already answered this question.

Whenever there's any doubt, DOD standards are the way to go.

Re:speaking of wiping data

[udderly]

I've been using Eraser for years. What more could you want? DOD & better wipe capability, secure move, right click context menu, erasing report and all for the low, low price of FREE!

Re:speaking of wiping data

[Nazlfrag]

Secure Deletion of Data from Magnetic and Solid-State Memory is a good insight into magnetic memory issues, and his followup paper covers solid state devices. It's by Peter Gutmann, Department of Computer Science, University of Auckland. His homepage has more good info.

In a nutshell, for hard drives, "If commercially-available SPM's are considered too expensive, it is possible to build a reasonably capable SPM for about US$1400, using a PC as a controller". So it is in the reach of the hobbyist to recover up to around the last 20 items recorded on any magnetic media (easier for floppies, harder as drives become denser). On solid state memory, I believe an electron microscope is needed for analysis. Still, data that has been in one location in RAM for more than five minutes is in theory recoverable.

Re:I don't even bother to erase mine.

Nitpick: you mean "telephoto", not "zoom". A zoom lens has a range of focal lengths - eg, Canon makes a wide-angle zoom lens that goes from 10mm to 22mm for their digital SLRs, or 17mm to 40mm for their full frame (film, 5D, 1Ds series) bodies. They're genuine zoom lenses, but you get more reach from a 50mm prime than you can from those zooms.

In other words: zoom => you can change the focal length within a certain range. Telephoto => narrower field of view => bringing distant objects closer. A lot of zoom lenses are telephotos, but not all; similarly, a lot of telephotos are zooms, but not all. (Drool ... 400mm f/2.8 prime ... niiiiiice.)

Re:speaking of wiping data

[fireman+sam]

Here is a tried and trusted method:
http://en.wikipedia.org/wiki/Gutmann_method

ncrypt

[shastry]

Just use http://ncrypt.sourceforge.net/ to wipe data. It offers Gutmann and Military grade wipes.