Memories of a Media Card

twistedmoney99 writes "Anyone who has upgraded their digital camera probably has a few older, incompatible media cards lying around — so why not post them on Ebay? Well, if you do, be sure to properly wipe them because the digital voyeurs are watching. Seth Fogie at InformIT.com purchased a bunch of used cards from Ebay and found recoverable data on most of them. Using the freely available PhotoRec application, he was able to extract pictures, movies, and more from apparently formatted cards. The picture is clear — wipe anything that can store digital data before getting rid of it."

Re:Duh

[Akaihiryuu]

Don't quote me on this (I haven't gotten my RAZR yet, still waiting on UPS)...but from the specs I read, the memory card on the RAZR is removable, and the site said it also came with an SD adaptor so you can put the card in anything that can read SD cards. Currently the only thing I have with an SD reader is my Wii, so I can't really test this out even after I get my phone until I get an SD reader. Might be worth a shot though.

Testing the best erase method?

[GrumpySimon]

There are ten or fifteen posts here with people suggesting that people should use dd, or wipe to write over these removable media to stop people recovering the data. Most people seem to be suggesting doing a dd from /dev/random TWENTY times.

What I would like to know is what the most effective method is. Someone should take a bunch of these cards (and harddrives etc) and do a little controlled test to see how much of a photo/file is recoverable after one round of dd, after 10 rounds of dd, etc. In short - what's the most effective (time v.s. security) method for cleaning these things?

NASA's methodology

[Audacious]

When I first started at NASA the methodology was to use something like Norton's Erase, put it on Government Erase (three passes of writing first all ones, then all zeros, then all ones again, then doing half tracks). When Windows 98 came along we still used Norton's Erase but it had a different algorithm which was quite good too. When Windows 2000 came along we were no longer trusted to erase everything properly and we had to send the disk drives to a centralized location where they were wiped before being sold. When Windows XP came along we were told to just take a hammer to them. This was because the government had made so many cutbacks that there wasn't any money to properly erase the disk drives.

On a side note: When I first started working at NASA we had a budget of well over a million dollars. We got rid of all of the really big mainframes, and minis, and went to micros. Our budget was reduced to somewhere around $500,000.00 a year (about a third of what we originally were given each year). What I'd like to know is - whatever happened to all of that money? We certainly never go pay raises which equaled the amount of money lost. So where did it go? The answer might be a bit more surprising than anyone really wants to know about. :-/

Re:Duh

[drinkypoo]

If you can't boot the phone you can't clear it. Motorola phones have two settings, a MASTER RESET and a MASTER CLEAR that collectively clear all data and settings from the phone. The memory card in the V3i is used only for ringtones, video and such - phone numbers are still stored to SIM or Phone.

Re:Duh

[emc]

Your signature vexes me:
Aych tea tea pea colon slash slash dot dot org slash
h t t p : / / dot . org /

Unless your signature is advertising some link farming site, I think you have a missing slash.

Debian Administration Page.

[Erris]

Much of the information in the article about data recovery is also covered by DebianAdministration.org. TestDisk and photorec, are afterall, free software.

Hip, hip hooray!

Re:Memory effect

[plover]

The only issue I have with Peter's paper (and it's a good one, I read it several years ago) is that it's examining hard drives that are now over ten years old. The "residue" he found of previous passes of data was due in large part to sloppy manufacturing processes, machine tolerances, and out-of-spec electronics.

Modern drives now have data densities two orders of magnitude higher than those on which he did his research. Many of those stray effects have been largely eliminated by higher precision electronics.

Picture in your mind how a hard drive works: the head swings left-and-right, and feedback from a servo track tells the arm when it's centered over the desired data track. In the old days, that arm just had to be close enough. Reading overwritten data worked by checking the area around a bit to see if there was evidence of other bits written when the arm was in a different position. This shows up as higher or lower signal strength.

All that slop was robbing the drive of potential places to store data. By making the mechanics more precise, manufacturers are able to squeeze more cylinders onto a platter, and bits on a track. The slop Peter was able to discover has been largely eliminated.

Re:Memory effect

[Blkdeath]

I'm sorry, but I don't have any way of publicly contesting this argument and still seem credible. And no offence, but even if I put forth the effort to satisfy your curiosity and yours alone (IE, can it be recovered, or is the data gone)...I feel my time would have been wasted. I'm sure if the tables were turned, you feel the same way.

The fact that I know people who work in criminal forensics labs and recover data for a living aside, you're obviously set in your opinion. I know however that they can recover data from drives that are more seriously mangled than a simple three pass overwrite. If you want to bet your money or your freedom on your opinion that's one thing, but is it too much to ask that you stop posing yourself as some kind of expert on the subject until you become further educated on the subject?

An aside, BTW; I'm tired of reading of the so-called "DoD specifications" for wiping a hard drive. Yes, they exist in the form of software tools etc. but they're for NON CLASSIFIED DATA ONLY. For top-level classification their specification to ensure data destruction remains to this day in the belly of an incinerator. If you don't want a casual user to recover your data with freely available tools and a few hours of spare time the utilities and methods posed will work just fine. If, however, you don't want your {insert law-voilating material here} to be found by actual law enforcement agents, you'd be best served to turn your hard drive and all memory devices into a molten pile of materials and let them have at it.

Re:speaking of wiping data

[jetmarc]

> As for erasing solid state media, I'd feel perfectly safe
> simply overwriting it with zeroes, one time over.

For most purposes, this might be perfectly enough.

Certainly an "all-zero" overwrite is far better than a "all-one" overwrite (flash erase operation). But then again it also depends on the controller, because what ends up in the floating gates is what really counts.

See link (below) for some techniques to recover erased or overwritten flash memory. The basic idea is to measure the trapped charge in each cell with higher resolution than just 1/0. In other words: as analog voltage. Since you can't just connect a voltmeter to each gate, you have to trick the read-out circuitry to forward (reveal) this information to you. The document is about how this can be done with some popular chips.

At first these techniques seem to require very invasive access to the memory. But once working, many attacks can be vastly simplified (see TV card scene).

http://www.cl.cam.ac.uk/~sps32/DataRem_CHES2005.pd f

Regards,
Marc