simple but elegant art sites are some of the best
on
Your Favorite Net.Art?
·
· Score: 1
I tend to like artistic sites that not only showcase art, but also are artistic themselves. Such sites don't have to be massive multimedia flashing glitziod presentations. Sometimes a simple and elegant theme is the best.
Another plus in my book is an art site where the artist talks about their art. A few comments from the artist can give you perspective on their creation. As an example, check out this art site I came across recently by
Monica
Noll.
Some of the most artistic parts of that site are her explinations of her drawings.
Data from a hard disk that as been
wiped multiple times can be recovered.
Data left in SRAM and DRAM for a long
period of time can be recovered even
though the system has been powered off
for a while and the SRAM has been cleared.
While it is hard to recover wiped and
old data, it is not impossible.
First, a little background:
I belong to a group that polls/tracks certain
elections around the world.
In one recent election, there were a number
of claims of voting irregularities.
Our group became part of a post-election
analysis team to look into these irregularities.
We were able to determine that one desktop
system in particular contained some critical
raw voting data (raw precinct counts of
per ballot slot data).
The election officials were more than
reluctant to give us a copy of that raw data.
By the time we were granted a order requiring
the election officials to let us access the
data, someone had attempted to
throughly wipe
the desktop system of all traces of data.
We thought we had lost that critical data.
But thanks to a chain of contacts we
were referred to a
consultant that specializes in
extremely difficult data recovery.
After checking some references (and
obtaining more money from OUR client:
the consultant was VERY expensive),
we hired this consultant.
Much to the surprise of the election officials
we obtained an order that allowed us to
physically take possession of the system.
The system was turned over to the
consultant who recovered
enough critical election
data for our needs.
The recovery included data from the wiped
system hard drive as well as from
SRAM and DRAM.
Regarding disk recovery:
The disk drive had been wiped by a utility
that, we presume, had been run from a CDROM.
The wipe tool wrote over the entire disk
35 times, 8 of them were random and
27 of them were fixed patterns of 3 bytes
each.
Not all disk data was recovered.
Part of the reason was that the data recovery
method was not 100% perfect.
Part of the reason that some data was
not recovered was a simple matter of time.
(The consultant was in between two already
committed
projects and only had a limited amount of
time to work for us.)
The
consultant did recover some deleted files
that were
critical to our work.
Not everything was recovered, however.
Parts of the
swap/VM-paging area that might have contained
some useful data were not recovered.
Also some disk data critical to file and
directory layout was not recovered making
recovery of parts of the file system
layout difficult
to map.
Still,
some important files (a spreadsheet,
simple database file,
browser cache, some EMail, etc.) were recovered
even though the drive had been wiped
35 times!
Regarding SRAM recovery:
n3rd
posted a comment asking about recovering
data from RAM.
There are methods that can recover RAM data.
Both SRAM and DRAM can be recovered.
According to the consultant,
the storage of the same data in SRAM over a
long period of time has the effect of altering
the preferred power-up state.
They said that SRAM can ''remember''
data for days after it held it for a
long period of time.
This memory can be determined by a
''partial powerup'' (I presume
they mean a lower than normal voltage?)
and then going ''full on'' and
reading the initial values of memory.
In the case described above, the SRAM had been
deliberately
cleared prior to our group taking possession
of the system.
The consultant was able to recover the
original data even though the SRAM had
been cleared and the system has been
powered off for more than a day.
A simple clearing of memory was not
enough to wipe out the long held
memory effect.
Regarding DRAM recovery:
DRAM data was also recovered.
Data left in DRAM for a long period of time
can leave an ''impression'' thru a
process somewhat different from SRAM.
As explained by the consultant:
With DRAM, recovery comes not from detecting
any left over charge, but rather detecting
the stress (or lack of stress) from the thin
oxide of the cells storage capacitor dielectric.
The effect of this stress can be measured by
using the DRAM self-test feature.
In self-test mode, a small voltage is applied
to a cell in order to measure its margin
for error.
The self-test margin is increased or
decreased by the amount of oxide stress.
Not all of the DRAM memory was recovered.
However certain critical portions of the
DRAM held values for long enough period of
time that data was recovered, even though
the system has been powered off for more than
a day.
Data recovered included memory associated
with a browser and a spreadsheet.
Even though both the browser and the
spreadsheet were closed prior to the
system being wiped, they were left
running long enough to leave behind
their DRAM oxide stress.
Based in part
on the recovered data, we concluded that
candidate A was declared the winner
due to a ''mistake''
in mapping ballot slot numbers to candidates.
In some cases the slots for candidate A
and B were reversed.
An incorrect vote count
was reported by the election officials.
It is our guess that when we came around
asking for the raw data, someone began to collect it.
At some point some official(s) discovered
the blunder.
The system was left on
while they stalled for time.
When it was clear that we were going to force
them to turn over the data someone wiped
the system and shut it down.
BTW: The majority of the election officials
involved were supporters of candidate B.
Even though their blunder caused them to
declare candidate A the winner, they still
tried to coverup their mistake.
Our conclusion was that the attempt to
coverup the mistake was motivated by
not wanting to admit the major blunder
instead of because of candidate A's influence.
This conclusion was reached in part because
of messages that we recovered on another
system that was not wiped.
However we would have never been able to
find that other system, nor would we have
been able to match the raw slot numbers
with the reported vote counts by candidate
name without the help of the data
recovery consultant and the critical data
that they recovered.
I'll offer a few observations:
Volatile data such as SRAM and DRAM
is not as volatile as you might think.
With enough will, skill and effort,
old data can be recovered from a disk
that has been overwritten multiple times.
Packages such as PGP file wipe,
GNU shred or
Boot
and Nuke
are likely to only
make it harder, but not impossible to
recover the data.
To quote from a paper by
Peter Gutmann:
''
Data which is overwritten an arbitrarily large number of times can still be recovered provided that the new data isn't written to the same location as the original data (for magnetic media), or that the recovery attempt is carried out fairly soon after the new data was written (for RAM). For this reason it is effectively impossible to sanitise storage locations by simple (sic) overwriting them, no matter how many overwrite passes are made or what data patterns are written.''
And even though in that paper next says:
''
However by using the relatively simple methods presented in this paper the task of an attacker can be made significantly more difficult, if not prohibitively expensive.''
For our consultant, the
recovery process was hard but not
extremely difficult.
It was expensive for us, however.:-(
But we were happy to pay to have it done.:-)
Whoever wrote the 35-pass disk wipe tool
must have read that paper, or one similar
to it because the overwrite patterns
looked similar to the recommended list.
P.S. I know that
some
people doubt
that one can obtain old data from SRAM and DRAM
after poweroff.
I did too until it was done for our group.
To those who still doubt this: I will refer
you to
Peter Gutmann's paper on
Secure
Deletion of Data from Magnetic and Solid-State Memory
for another source on data recovery methods.
Slashdot Mirror
Another plus in my book is an art site where the artist talks about their art. A few comments from the artist can give you perspective on their creation. As an example, check out this art site I came across recently by Monica Noll. Some of the most artistic parts of that site are her explinations of her drawings.
First, a little background:
Regarding disk recovery:
Regarding SRAM recovery:
Regarding DRAM recovery:
Based in part on the recovered data, we concluded that candidate A was declared the winner due to a ''mistake'' in mapping ballot slot numbers to candidates. In some cases the slots for candidate A and B were reversed.
An incorrect vote count was reported by the election officials. It is our guess that when we came around asking for the raw data, someone began to collect it. At some point some official(s) discovered the blunder. The system was left on while they stalled for time. When it was clear that we were going to force them to turn over the data someone wiped the system and shut it down.
BTW: The majority of the election officials involved were supporters of candidate B. Even though their blunder caused them to declare candidate A the winner, they still tried to coverup their mistake.
Our conclusion was that the attempt to coverup the mistake was motivated by not wanting to admit the major blunder instead of because of candidate A's influence. This conclusion was reached in part because of messages that we recovered on another system that was not wiped. However we would have never been able to find that other system, nor would we have been able to match the raw slot numbers with the reported vote counts by candidate name without the help of the data recovery consultant and the critical data that they recovered.
I'll offer a few observations:
P.S. I know that some people doubt that one can obtain old data from SRAM and DRAM after poweroff. I did too until it was done for our group. To those who still doubt this: I will refer you to Peter Gutmann's paper on Secure Deletion of Data from Magnetic and Solid-State Memory for another source on data recovery methods.