and what's more .. Flash memory not being infinitely over-writable, file systems used on those devices (JFFS2 for example) actually encourage leaving data behind by ensuring recently unlinked logical blocks aren't re-used anytime soon (wear-leveling).
I know the original method proposed is non-destructive, but using a test clip it's possible to dump the contents of just about any flash device. Furthermore, given a significantly motivated adversary (and barring all but physical destruction of the chip die itself -- not just the package) one could also read the contents with a microscope -- even after several erasures(*). (*) link : http://www.cl.cam.ac.uk/~sps32/DataRem_CHES2005.pdf But if all you're trying to do is retrieve SMS messages, it'd be a lot easier to just subpoena the carrier .. they keep the contents forever (even if they say they don't .. I know for a fact they do because I personally saw one of the major US carriers .. [ahem.. Verizon] .. deliver boxes of sent/received text messages -- for hundreds of phones -- going back at least a year). Cheers, Michael Holstein CISSP GCIA Cleveland State University > It's also possible to recover deleted photos from almost any flash card > in almost any device (camera, mobile, etc) - it's a way general purpose > file systems work. Requirement to delete information securely is > enforced in devices certified to e.g. process US military secretes. In > this case, device must follow DoD 5220-22-M recommendations and you can > expect secure erase. In general purpose operation systems and devices, > to delete information securely (wipe it) some additional > actions/utilities are usually required. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
