Slashdot Mirror

← Back to Stories (view on slashdot.org)

Data Recovery & Solid State

Posted by CmdrTaco on from the oops-sorry-you're-screwed dept.

theoverlay writes "With all of the recent hype about solid-state drives in both consumer applications and enterprise environments I have a real concern about data recovery on these devices. I know there are services for flash memory restoration but has anyone been involved in data restoration projects on ssd drives? What are the limits and circumstances that have surfaced so far? What tools will law enforcement and government use to retrieve data for investigations and the like?"

61 of 249 comments (clear)

  1. Such tools as... by Anonymous Coward · · Score: 5, Funny

    What tools will law enforcement and government use to retrieve data for investigations and the like?"

    Waterboarding, tasers, sleep deprivation, bright lights and loud obnoxious music.

    1. Re:Such tools as... by Anonymous Coward · · Score: 5, Funny

      I like loud obnoxious music you insensitive clod!

    2. Re:Such tools as... by urcreepyneighbor · · Score: 5, Funny

      Waterboarding, tasers, sleep deprivation, bright lights and loud obnoxious music. Sounds like my last date. :(
      --
      "The fight for freedom has only just begun." - Geert Wilders
    3. Re:Such tools as... by ari_j · · Score: 4, Funny

      No wonder she never called back.

    4. Re:Such tools as... by Nodamnnicknamesavial · · Score: 4, Funny

      Wow, Kenny G will have a busy schedule for the next few years.

      --
      I have spoken'eth.
  2. Honk! Honk! by tripwirecc · · Score: 3, Funny

    I'd figure the same as with regular harddisks apply. One pass and gone the data is.

    1. Re:Honk! Honk! by Vicarius · · Score: 4, Informative

      Actually with regular/magnetic drives data is not gone forever with one pass. You can still use specialized readers that will detect change in magnetic field and be able to tell whether the analyzed bit was 0 or 1 before it was overwritten.

    2. Re:Honk! Honk! by farkus888 · · Score: 5, Insightful

      I know that is not enough to securely wipe a traditional hd. the current standard is 7 passes of random 1s and 0s. even worse than that, I have had people who formerly worked nsa tell my that really sensitive data is only considered gone when they have dismantled the drive and melted the platters in acid.

      --
      thats right, I rarely use capitals. deal with it. but don't mistake my laziness for stupidity
    3. Re:Honk! Honk! by tripwirecc · · Score: 5, Informative

      That may have worked with old drives, forensics experts tell me these MFM/RLL things, but with modern drives and the used recording tech, it's practically impossible. But hey, keep pandering to these myths.

    4. Re:Honk! Honk! by Aardpig · · Score: 2, Interesting

      I seem to recall hearing that US spy planes have a special 'eraser' built into onboard HDDs, that behave like arc welders. Turn it on, and within less than a second the platters are completely slagged.

      --
      Tubal-Cain smokes the white owl.
    5. Re:Honk! Honk! by Jagen · · Score: 5, Informative

      That is a myth based on a theoretical paper. The principle is good, but you would need to know the starting voltage of each bit and exactly how many times that bit had been written to. Overwrite your files once, and they're gone, for good.

    6. Re:Honk! Honk! by _KiTA_ · · Score: 5, Insightful

      I'd figure the same as with regular harddisks apply. One pass and gone the data is.

      Except that unlike normal HDDs, SSDs intentionally fragment the data across the drive to avoid writing to a specific section of the drive repeatedly (an attempt to avoid over-writing to the flash). Assuming you don't fill up the ENTIRE DRIVE, your data might very well still be there.

      I'd love to ask Ontrack or Drivesavers about it, to be honest.

    7. Re:Honk! Honk! by segfaultcoredump · · Score: 5, Interesting

      While it is true that the data can be recovered after multiple passes, what most folks forget to mention is the level of effort required to recover such data.

      Think hanging chads, but on a much larger scale.

      You get to pull the disks, and start walking them with an electron microsocope looking for the 'residual' images. Then you get to make a guess as to the 'bit' being a 1 or a 0. Then you get to start assembling a filesystem on top of all of that.

      Yes, it is possible, but it would take a very, very long time.

      Generally speaking, overwriting the data _once_ is enough to tormet your local law enforcement agency. The level of effort required is just too much for them to deal with the issue given the other things that they need to do. (rumor has it that in the old days they could just modify the firmware to shift the drive heads over a touch, but that trick does not appear to work as much with newer drives since there is not much space between tracks anymore)

      The reason that the Military/NSA/FBI/CIA want to actually destroy the disks is because even though it is _difficult_, it is still _possible_ to recover the data.

      Please note that for this to work, you must overwrite the actual sectors on the disk (aka "wipe"), not just blow away the metadata (aka "delete")

    8. Re:Honk! Honk! by SharpFang · · Score: 3, Informative

      The recovery services can recover data up to 4 passes deep. Thing is the magnetic orientation is not really boolean but float. So the transitions of the values of the plate surface are like (new) = (0.9*trans)+(0.1*old), so:

      0->0 = 0
      1->1 = 1
      1->0 = 0.1
      0->1 = 0.9
      0.9->1 = 0.99
      0.9->0 = 0.09
      0.09->1 = 0.909

      so you can guess the sequence of transitions from the value.

      I know battery-backed RAM can't be recovered that way - it's like it was constantly writing to itself, you'll have a thousand write cycles in matter of miliseconds. I don't know how data is stored in flash though.

      Makes you wonder if you could quadruple the capacity of the harddrives that way too.

      --
      45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
    9. Re:Honk! Honk! by alen · · Score: 4, Interesting

      when i was in US Army Europe the intel guys would take the HD's out of their PC's when it was time to toss them and open them up and scrub the platters with brillo or some other wire brush to destroy the platter. The PC's would then get turned in via usuall channels.

      For monitors if you wanted to process classified info it was a whole lot of paperwork because with the old CRT's you can read what is on the screen from like 3 blocks away just by the radiation they put out. ditto with Cat5. if you had a classified laptop you would have a short cat5 to a special encryption device, then cat5 out to the datacenter downstairs which had the same encryption device and then it would run out to the servers. NSA said you could read cat5 traffic from like 3 blocks away as well

    10. Re:Honk! Honk! by Hal_Porter · · Score: 5, Funny

      How do we know you're not an NSA mole, paid to persuade us that one pass is enough? Or maybe your experts are an NSA moles and they've tricked you.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    11. Re:Honk! Honk! by afidel · · Score: 2, Interesting

      You are wrong, in fact the small feature size of modern HDD's actually makes it easier in some cases as the smaller magnetic domains are harder to flip so even small changes in alignment will mean that recoverable data will be left behind.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
    12. Re:Honk! Honk! by FesterDaFelcher · · Score: 4, Informative

      Not in less than a second, but all of the hard drives we used on the AWACS plane had toggle switches that would begin writing random 1s and 0s to the drive for as long as there was power applied. One complete rewrite took appox 15 seconds, and the T.O. specified flipping the switch at least 2 minutes before a catastrophic event (read: plane crash). We also had another tool for physical destruction of our equipment, commonly called an "axe". :)

      --
      My user number is prime. Is yours?
    13. Re:Honk! Honk! by Anonymous Coward · · Score: 4, Insightful

      You're citing a 1996 paper when discussing modern HDDs?

    14. Re:Honk! Honk! by uncqual · · Score: 4, Funny

      I believe the requested feature is best implemented in the file system layer rather than the physical media layer (SSD vs. HD).

      There is a good proof-of-concept available (but it currently works only for wives) that could probably be easily enhanced to implement the mother-in-law eraser function (actually, perhaps it's already there, I've not used Reiser4 much).

      --
      Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading /.
    15. Re:Honk! Honk! by afidel · · Score: 2, Insightful

      Why not, GMR technology was already on its way out of the lab by 1996, the only HDD tech more advanced than that is vertical recording which is still new and only used in a handful of drives.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
    16. Re:Honk! Honk! by Jah-Wren+Ryel · · Score: 5, Informative

      You are wrong, in fact the small feature size of modern HDD's actually makes it easier in some cases as the smaller magnetic domains are harder to flip so even small changes in alignment will mean that recoverable data will be left behind. You are wrong. You should have cited the author's follow-up to the original paper, like I just did.

      Here's the relevant part of new epilogue:

      Looking at this from the other point of view, with the ever-increasing data density on disk platters and a corresponding reduction in feature size and use of exotic techniques to record data on the medium, it's unlikely that anything can be recovered from any recent drive except perhaps a single level via basic error-cancelling techniques. In particular the drives in use at the time that this paper was originally written have mostly fallen out of use, so the methods that applied specifically to the older, lower-density technology don't apply any more. In fact, the same man has written paper that somewhat addresses the original question regarding forensic recovery of erased data in sold-state memory for usenix 2001.
      --
      When information is power, privacy is freedom.
    17. Re:Honk! Honk! by gardyloo · · Score: 2

      Given the _same_ coercivity of a magnetic domain, given temperature, and a given external field, I would think smaller domains should be _easier_ to flip, on average, than large domains. The nearest- and next-nearest-neighbor influences would be much larger for small domains than large ones. After all, given the scaling laws of diffusion-driven "averaging" processes, fluctuations spaced closer together always converge to an average much faster than those spaced further apart.

            I _guess_ that the linked article is talking about the possibility of recovering data from the "edges" of data tracks, based on some remnant domain orientations due to the small widths of the write/erase heads. I can see how smaller domains might help retain data in that case.

    18. Re:Honk! Honk! by Firethorn · · Score: 3, Interesting

      I figure the requirements for a 21 pass overwrite scheme is still a requirement for sanitizing government drives for a reason.

      Is it overkill? Certainly. But apparently 3 passes isn't considered enough.

      Now, a simple overwrite is considered sufficient for flash, so we do have some standards.

      --
      I don't read AC A human right
    19. Re:Honk! Honk! by nasor · · Score: 2, Interesting

      And perhaps more importantly, there are currently no established forensic procedures for recovering data that has been overwritten. Police can't just use any random forensic procedure that they feel like - only certain established procedures can be used, and at present no such procedure exits. Which means that even if it were physically possible for the police to do it, the resulting evidence would almost surely be inadmissable in court. The NSA might take an electron microscope to your hard drive if they think you have the plans for China's new invisible tank on it or something, but in general the police won't be able to do a thing.

    20. Re:Honk! Honk! by William-Ely · · Score: 3, Insightful

      I work in the data recovery field and I can say that it _might_ be possible to recover overwritten data on older drives by messing with their calibration but at that point the likelihood of success has to be incredibly small. With the data density of modern drives being as high as 250Gb/in^2 you would need some serious equipment and a lot of time, money, and patience. In fact I imagine that if the data was that important that you would go to such lengths to recover it you should shoot yourself for not having a backup of it somewhere.

      The recovery process for SSD media is actually similar to normal flash memory. In fact it's easier than normal drives since there are no heads and platters to worry about. So yes deleted files can still be recovered and drive scrubbing utilities will still work as intended.

      --
      Mod me down with all of your hatred, and your journey towards the dark side will be complete!
    21. Re:Honk! Honk! by Gordonjcp · · Score: 2, Interesting

      Then you get to make a guess as to the 'bit' being a 1 or a 0.

      That's the tricky bit. Any hard drive built in the last ten years or so won't actually write ones and zeros to the disk, but uses something like QAM to pack even more bits per symbol on. Think in terms of one nybble being represented as an analogue value from 0 to 15 - was that 6 really a 6, or is it a faint 7? Or was it a 5 that wasn't particularly strongly erased?

      Overwrite each track once, and the data is gone.

    22. Re:Honk! Honk! by Jah-Wren+Ryel · · Score: 2, Informative

      FWIW - a data zero does not produce a string of zeros on disk. The encoding mechanism is a lot more complicated than that. It's not random, but it isn't anywhere near that straightforward either.

      --
      When information is power, privacy is freedom.
    23. Re:Honk! Honk! by SP33doh · · Score: 2, Informative

      I'd consider seagate a little more than a handful.

    24. Re:Honk! Honk! by s13g3 · · Score: 3, Insightful

      How in the name of CowboyNeal did parent get modded as +5 Informative?

      I recover deleted data WITHOUT a clean room or disk disassembly process on a nigh-daily basis. There are plenty of software tools that will recover data post-format, deletion, or crash; some even after multiple passes. Just yesterday I recovered about 3.4GB of data from a hard drive (that I didn't know at the time was failing with bad read-heads that were pinging the disk surface and creating physically-bad sectors) that had been reformatted (full format, not quick) and re-installed. The particular sequence of apps and methods I used enabled me to recover almost all the important docs on the machine minus a handful of unrecoverable files in the physically failed sectors. The disk later crashed again after the recovery, which was when I discovered the drive was failing. The MFT and MBR were completely shot and most bootable diagnostic applications listed the disk as unreadable. Others would attempt to read the disk but showed no data, even some tools that are supposed to seek data outside the MBR by examining individual clusters. Once again by using the right tools in the right sequence, I am, as I write this, recovering data from the disk yet again (this time as a slave drive in another machine, backing up to a known good archive drive)... Looks like I'm once again going to get all the data but another handful of files that were stored on physically damaged sectors.

      So, no one is pandering - please to know what you're talking about first... Yes, my ability to recover data via software tools extends even to many (but not all) software applications that are supposed to securely and irrevocably destroy data. Also, if you're insistent about staying off-topic in regards to data-destruction in the face of law enforcement, not only are all the software methods you might use to destroy data far too slow, but chances are they just won't do the trick. This was a giant concern for the U.S. Air Force after the collision of a P-3 Orion with a Chinese fighter jet, where it was forced to land in China, and NONE of the data destruction techniques available to the crew were remotely sufficient to destroy enough data in the time available to them, but even if they had been, chances are a devoted enough analyst with the proper equipment and time still would have been able to recover more data than desirable (which, since it was all highly classified, means any data at all) outside of explosives, which they had, but are not generally a good idea to detonate on the inside of a flying aircraft. Since then the U.S.A.F. has developed a method of data destruction that utilizes what is essentially a modified medical defibrillator with a somewhat greater total output and replacement of the standard shock paddles with high-strength electromagnets that are placed on both sides on the drive and then discharged, functionally flipping the polarity of the entire disk and destroying all lingering magnetically resonant harmonics.

      A dedicated and determined analyst with the right tools and time can recover vast quantities of data on disk subject even to a "military format"... Modern drives and recording techniques have nothing to do with anything in this regard. The only fool-proof way is massive electromagnetic discharge, incineration or to sand or otherwise physically damage the platters themselves... To quote 'Zerth' from above, "Fe2O3+2Al is your friend." Nothing will do the job quite as readily as Thermite, however it obviously presents it's own issues... especially since setting it off to erase your hard-drives before the authorities arrive is almost certain to earn you a large number of other very serious criminal charges, and liable to burn your home or office down; it's also hard to get the stuff to ignite reliably sometimes.

      I'd STILL like to hear an answer to the actual question put forth in the article... We all know that hard disks can be disassembled and forensically recovered in the case of serious failure or attempted data destruction... But a

      --
      "Inveniemus Viam Aut Faciemus" 'We will find a way... Or we will make one!' --Hannibal of Carthage
    25. Re:Honk! Honk! by Nintendork · · Score: 4, Informative

      I remember reading about this in regards to CRT. Here's a good article. Regarding the reading of CAT5 from a distance, I call BS. There isn't enough leakage due to the positive/negative pairs. In any case, IPSec in transport mode should be used for secure transmission on any media. No standalone device required. Even fiber can have a splitter installed for eavesdropping if the traffic isn't encrypted.

    26. Re:Honk! Honk! by Jagen · · Score: 3, Informative

      "As someone who makes a living doing forensic recovery from drives that have been wiped please keep propagating the one overwrite myth..."

      You my anonymous friend, are a no good, stinking liar. There is no software method for reading the magnetic flux levels of the bits of a hard drive as obviously the drive firmware interprets that data itself and present the 1 or 0 to you, and you do not have an ETM that can be anything like precise enough for the density of modern hard drives, and even if you did how quickly could you read the data and what could you do with it? The bits are essentially stored as analogue data so apart from what the current setting is supposed to represent (1 or 0) how do you propose to get any useful information about the history of that bit?
      I can believe you recover data from drives people think they have "wiped", but if I overwrite every bit on my hard drive with garbage you are not going to get anything but garbage from it.

    27. Re:Honk! Honk! by Anonymous Coward · · Score: 2, Insightful

      What a waste of space and time. All that text was written just because the author doesn't know the difference between wiping and (full) formatting. He thinks he's leet because he has a collection of warezed data recovery tools which reconstruct files from readable sectors on a hard disk which a preceding format didn't touch. At least it's an example for the way moderation works in pseudonymous contexts: Confidence draws positive moderation, no matter how wrong the author is.

    28. Re:Honk! Honk! by Anonymous Coward · · Score: 2, Informative

      Actually I sat in on an ACM lecture where a digital forensics professor from the University of New Orleans was asked this same question. He said that SSDs pose a new problem to forensics, and that further research into this field was required.

    29. Re:Honk! Honk! by someone1234 · · Score: 2, Funny

      Hmm, so you practically double or treble your disk capacity, considering you can safely recover data using software tools after 1 or 2 overwrites?

      Why isn't this method on the market yet ?

      --
      Patents Drive Free Software as Hurricanes Drive Construction Industry
  3. Er, what's the actual question? by broken_chaos · · Score: 3, Insightful

    Is it "How can I recover data from a failing/failed solid-state drive?"? Or is it "How easily can someone else find my 'deleted' data on my solid-state drive?"?

    I'm not sure of the answer to either question, directly, but I'd suggest multiple backups for the first one, and encryption for the second one (full/near-full disk encryption is quite fast on a multi-core system).

  4. Pointless by mlyle · · Score: 4, Interesting

    It appears that solid state drives are going to have several times the MTBF of conventional media, and thus a failure rate several times lower. Sure, data recovery is much less likely to work when SSDs fail-- as it's more likely to be the actual memory failing than controller chips or ancillary electronics. However, normal disk recovery places can only recover your data from a failing/failed drive perhaps 60-75% of the time. Thus, the actual incidence of unrecoverable data on a SSD is likely to be much lower than with rotating media, and the overall failure rate lower still. This is nothing but a win, as the normal data recovery rackets are made irrelevant in the case of media failure and overall reliability is improved.

    1. Re:Pointless by TooMuchToDo · · Score: 4, Insightful

      I agree with your post, and would like to point out that the original question is moot. Between SSD media, redundant drive systems, and autonomous remote backup platforms, you should care little about the media data recovery rate. Only care that you've put an intelligent data management system into place. Don't have a single point of failure (like the media) and you'll be fine.

    2. Re:Pointless by TubeSteak · · Score: 4, Informative

      It appears that solid state drives are going to have several times the MTBF of conventional media, and thus a failure rate several times lower. Generally speaking, solid state media don't fail. You lose sectors over time and these get replaced from the resevoir. When the resevoir runs out, the size of the available space shrinks, but AFAIK, data doesn't get corrupted when a sector gets stuck.

      AFAIK, the only way you get data corruption in a SSD is from power fluctuations causing a bad write.
      --
      [Fuck Beta]
      o0t!
  5. Re:SSDs have one infallible data recovery option by jeffmeden · · Score: 5, Informative

    -1, didn't read the question. He is NOT asking about how reliable the drives are, since he acknowledges that ANY media can fail. Instead, he asks about recovery options when there are no other alternatives, such as extreme disasters or criminal cases where data was intentionally lost. This is a good question, I look forward to constructive answers and the discussion that follows. Yours, however, is a dead end.

  6. Simple by Kjella · · Score: 4, Insightful

    If you want security, encrypt before you store. If you want recoverability, get a real backup. Seriously, this has been this way ever since computers got fast enough to do AES on the fly against disk. Ubuntu supports it in the alternate installer, Debian and probably the rest too. On Windows various closed source software like DriveCrypt++, Bitlocker and whatnot is available. This isn't really all that difficult...

    --
    Live today, because you never know what tomorrow brings
  7. Re:What is the Data recovery % for non SSD drives? by sBox · · Score: 2, Informative

    Not recovering the data you want is always a risk. In my experience I have recovered everything I've needed using a pay-for service. Expensive? Yes, but you (or your client) must weigh benefit.

    Backup, backup, backup. Those that don't will pay the price. Literally.

  8. Secure erase by trainman · · Score: 5, Interesting

    Actually my concern would be more the exact opposite, what are the implications for secure erasure of these drives? Before we could just open the drives and smash the platters if you wanted to be really paranoid. Now, do we have to make sure we find all the flash chips and ensure each one of them is destroyed? Are there other implications because of this flash memory for secure erase utilities?

    If your hard drive dies and you don't have a backup, I have very little sympathy for you. You should know better. Especially anyone reading slashdot. Let's get back to our NSA fearing roots and talk about how to protect ourselves with the latest in encryption technology. ;-)

    1. Re:Secure erase by darthflo · · Score: 3, Funny

      If it doesn't, move to Europe. 230V will kill more.

  9. Use the gForce by carpe_noctem · · Score: 5, Funny

    Ask Slashdot: For when you've got time to write up a whole paragraph, but not a 5-word google search...

    Google results, which seem rather informative

    --
    "Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
    1. Re:Use the gForce by carpe_noctem · · Score: 4, Informative

      Looks like I misspoke a bit... looks like the point of this post isn't to ask something that could have been easily googled, it was for this chump to plug his blog. So, let me rephrase:

      Ask Slashdot: When a slashvertisement just won't do, since you've only got yourself to sell.

      --
      "Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
  10. Re:SSDs have one infallible data recovery option by JesseL · · Score: 5, Informative

    One confounding aspect of trying to permanently erase things from solid state drives is the fact that most flash drives incorporate wear-leveling. You may not be able to over write specific physical sectors without just overwriting the whole drive several times.

    --
    "Prefiero morir de pie que vivir siempre arrodillado!"
  11. SSDs have one infallible data erasure option by Amiga+Lover · · Score: 4, Insightful

    Which is the same infallible data erasure option for any media. Incineration.

    Trusting data loss to just one delete command is being broken in the head.

  12. Datarecovery of SSD drives. by rew · · Score: 5, Interesting

    I work for www.harddisk-recovery.com .

    We will gladly reverse engineer the data-distribution algorithms that the SSD device uses on a case-by-case basis. We have done so in the past for several different USB sticks. We will desolder and read the individual data-holding chips and then reverse engineer their scrambling algorithms. We will then recover your data from whatever chips still work sufficiently to provide us with some data.

    The first time this will take us a few days extra. Expect about a week turnaround time the first time anyone sends us a failed SSD disk.....

  13. Destroying sensitive data by Venik · · Score: 3, Insightful

    If you have any data that you may need to destroy quickly and permanently, I would suggest using DVDs. Sure, it's slow and a hassle but, when you need to get rid of a large volume of information in a hurry, you just take your DVDs and put them in a microwave for a few seconds.

    The damage microwave radiation causes to the data on the DVD extends beyond visible damage to the metal layer. That is to say that, even though it may seem like there are undamaged areas left on the DVD's surface, they are still unreadable. And it only takes 2-3 seconds to completely destroy a whole stack of DVDs, if they are arranged in a microwave with some space between them. Rewriting a hard drive with multiple passes may take hours and still leaves a possibility that some data may be recovered.

    It seems to me that with SSD data recovery should work better than with conventional hard drives. You may need to overwrite the entire disk multiple times, as opposed to overwriting just the selected data, as you would with a conventional hard drive.

    1. Re:Destroying sensitive data by DarkSarin · · Score: 2, Funny

      Yes, but what does a microwave do to a HDD? Of course, the HDD does have the reverse damage feedback spell enabled, so it will probably kill the microwave too, but if you were in a hurry to kill sensitive data, that's a risk I'd take...

      Telling the gov't why your HDD was in the microwave might be a little trickier...

      --
      "We don't know what we are doing, but we are doing it very carefully,..." Wherry, R.J. Personnel Psychology (1995)
  14. Re:SSDs have one infallible data recovery option by sm62704 · · Score: 4, Funny

    ...criminal cases where data was intentionally lost

    You can completely and unretrievable wipe data from both paper and disk drives. With paper, shredding is no good but a single match or Bic will do the trick. Cheaper than a shredder, too. With a disk drive, just disassemble it and sand off all the oxide. Or alternatively, if you have a smelter or other really really hot mass of molten metal, you can just drop the thing in there. The smelter option works for CDs and tape as well.

    Or you can bury it in the bridge abutment your construction company is building with tax dollars, right next to Jimmy Hoffa.

    Oh oh, am I on my way to Gitmo now?

    -mcgrew

    (still no journal although the last one was updated Friday. Mod me down for this?)

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
  15. Re:not impossible by smooth+wombat · · Score: 3, Interesting
    where the data was overwritten, and then melted with thermite.


    WHAT?!!!! I'm hoping I'm parsing your sentence incorrectly because any hard drive subjected to thermite becomes nothing but a puddle of molten then solidified metal.

    What I'm hoping you meant to say was that even though the hard drives in our surveillance plane had been subjected to thermite, parts of the drives remained intact enough so the data on the unmelted parts could be retrieved despite the data also having been overwritten.

    Allow/Deny?

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  16. fire insufficient in and of itself... by Firethorn · · Score: 2, Interesting

    Having operated a makeshift incinerator a few times, I have to point out that fire can be insufficient in and of itself.

    I've actually held bits of ash with legible writing still on it. I was burning old checks for my parents.

    I wouldn't count it destroyed until the ashes are stirred well.

    --
    I don't read AC A human right
  17. the effect of wear-levelling on recoverability? by Tumbleweed · · Score: 2, Interesting

    Okay, so the new wear-levelling ability of SSDs, (where if it cannot write to a block/bit/whatever, it marks that as bad and writes somewhere else), brings a question to mind:

    Let's say you have had your SSD for awhile, and some data is in areas that subsequently get marked as 'bad'. You 'format' your SSD clean, but does the format change those marked-bad bits? If not, just because they cannot be written to, doesn't necessarily mean they couldn't be READ from by some utility that ignores the marked-bad flags, in theory. So, is it possible for an SSD to have data recoverable from 'marked bad' areas, that might even pass a format/multi-write randomizing utility? Something to think about. Hopefully someone knows the answer...

  18. Quick and Most Secure Drive Erasing by Nintendork · · Score: 4, Informative

    DoD5220.22-M is what most use and is becomming old-school. That means three passes. Ones, Zeros, then Random. However, the national standard in America is NIST 800-88. Newer drives have a function built into the firmware that do a secure erase in one pass, even covering spare sectors. It's called Secure Erase or SE. The NSA likes it, rating it higher than using an external program. It meets security requirements of HIPAA, PIPEDA, GLBA, and Sarbanes-Oxley. If you want it, check into this man's utility and its educational document.

  19. Re:The real danger is a loss of recovery companies by lcoughey · · Score: 3, Informative

    Being one who is an owner of a data recovery company, I have been contemplating the idea of writing an article about the implications of SSHD and data recovery. I guess this discussion has beaten me to it.

    I have a few thoughts on this matter and will post them in point form:

    1. The elimination of the clean room?
    - For obvious reasons, the necessity of a clean room for solid state devices will be drastically reduced. However, due to the price and size constraints, I don't foresee the elimination of the traditional hard drive for some time to come. Of course, that could be 5 years or 15 years, depending on industry trends.

    2. The stability of solid state hard drives?
    - I'd say that SSHD are more stable from the perspective of being bumped around. However, a simple power surge could render the data lost forever. This is where the traditional drive has a hope. The electronics can be toast, but the data is still on the platters.
    - To the most part, traditional hard drives show signs of dying before they completely crash where a SSHD is going to work or not work, with the exception of failing bits.

    3. Will SSHDs be the data recovery lab killer?
    - I doubt it. It is true that hardware failure is the number one reason for data loss. But, a close second is human failure and I believe that will never change. So, the SSHD may become a more stable drive, but it won't be the end of data loss. If anything at all, the SSHD technology will create more false security, making for more critical data loss.

    4. Will SSHDs affect the cost of data recovery?
    - I suspect that we will see three different quotes for these devices: 1. around $500, 2. around $2000 and 3. unrecoverable.

    All in all, I am excited about the technology and look forward to putting my first 250GB SSHD into my MacBook Pro. But, until we see the prices drop and the capacities increase, we won't be seeing these drives in anything other than a few overpaid executive's laptops.

  20. [Citation Needed] by pragma_x · · Score: 2, Informative

    I call shennanigans. Recovery after thermite? Not a chance.

    Any ferrous material brought above the Curie Point is no longer magnetic, and looses any magnetism it had prior to heating. You can test this yourself with a magnet, a butter knife and a blowtorch. No matter what combination of iron and impurities your drive surface has, its Curie Point is easily below the temperature of molten iron - the product of your thermite reaction.

    So even if the discs were heated by thermite, rather than just plain destroyed, it's unlikely that the heating would allow any data to survive unless the iron was already pretty cold.

    That said, this was a surveillance plane flying over a foreign country in a (presumably) covert fashion. If it had such a self-destruct, it would be a mil-spec component. In case of a crash, I doubt there would be much of a plane left, let alone drive platter pieces to be recovered.

  21. Re:well that makes it easy by dotancohen · · Score: 4, Funny

    Just put your drug deals, k1dd13 pr0n, and terrorist plans in a file called attorneyconfidential.doc. What's wrong with attorneyconfidential.odf? Not everyone has MS Office, you insensitive clod!
    --
    It is dangerous to be right when the government is wrong.
  22. We liked Sandblasting our RM05s by billstewart · · Score: 2, Informative
    Back during the Reagan Administration, when I was working as a tool of the military-industrial complex (:-), we had a VAX lab that we used for classified projects. The Army's rules for wiping disks before declassifying them said that you could either use NSA-approved software (didn't want to do the paperwork to find out if any of that was supported on our Unix versions), an NSA-approved Big Degaussing Magnet (not near *my* lab, thank you!), or physical destruction (yee-hah!)


    Our disk drives were RM-05s, which had stacks of a dozen or so 14" platters. Most computer administrators had one on their wall showing the effects of a head crash, with various tracks scraped into the oxide finish. I was no longer running the lab when we decommissioned the VAX, but my successor got to take the disks down to the machine shop in the basement to have them sandblasted. The platter on her wall didn't have any oxide left - it was smooth and shiny metal.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  23. Tools Depend on Who's Attacking You by billstewart · · Score: 2, Insightful
    The tools that get used to investigate your disk drives are going to depend a lot on who's trying to investigate you and your computers - how much are they willing to spend.


    Law enforcement organizations aren't going to waterboard you, which would be against the law, though they might have fun tasing you. And courts have simpler methods - they issue you a subpoena that says to turn over any information you've got, and can make you sit in jail or pay heavy fines for not handing it over, or if it's a civil lawsuit they can decide that you're acting in bad faith and decide in favor of your opponent and make you pay their attorney's costs.


    Law enforcement organizations are also highly unlikely to get out the electron microscopes and look for fuzzy bits around the edges of your disk tracks; that's more of an NSA/CIA spy-vs-spy kind of threat model. On the other hand, they are often willing to have some sleep-deprived technician who likes bright lights and loud obnoxious music do the kind of disk recovery that looks at your file systems for the data sitting around in unerased blocks or marked deleted in directory listings.


    Fundamentally, if you're storing data on a computer that you don't want anybody else to recover, you need to store it in encrypted form so the only thing that can be recovered is the cyphertext.


    For most people, though, the real threat model is that Murphy and BillG gang up on you. For that you need backups, and you need to periodically make sure you can recover your backups, and every couple of years you need to copy the data from old media to new media because otherwise your only copy will be on a 9-track tape or MFM disk. And BillG's still going to make sure that you can't read that proprietary file format that was used by some word processor in 1994. And your corporate IT staff are going to write a backup script that only copies files in Microsoft Office formats, which don't include the .txt and .html you saved them in to prevent that problem. (And yes, that's happened to me during a laptop upgrade, and of course they returned the old drive for credit before they gave the new laptop back to me.)


    Fortunately, storage costs have been dropping much faster than Moore's Law predicts, so in theory it's getting easier or at least cheaper to do backups. In practice, Murphy's taken out one of my new 500GB drives, and Maxtor's turned the other one from 500GB into 128/137 GB because the old Maxtor USB-drive case didn't know if the new Maxtor drive supported 48-bit addressing....

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks