On Tue, Feb 04, 2003 at 09:10:39AM -0500, Sunder wrote:
My question is what's a reasonable order of magnitude of overwriting data
now, assuming you're not trying to hide data from, say the NSA.
This raises a question I've long had.
ARE there actual systems for reading overwritten disk data
in existance out there ? Are they in daily use or merely laboratory
curiosities ?
I know, of course, that there are companies that supply disk
recovery services, but as far as I have ever heard they mostly work with
non overwritten data on disks that have bad electronics, bad motors, bad
head actuators, damaged formating, bad servo tracks, bad heads, damaged
surfaces and so forth. The most I have ever heard of being routinely
done is reading data off a platter with a special external head
positioned by special mechanics and servo systems.
And of course most of what data recovery companies do is work
with disks with corrupt filesystems but largely or entirely intact
information content on the platters. This includes partially erased
filesystems and file systems with key information blocks that cannot be
reliably read or that have been overwritten by garbage.
None of this involves reading the ghosts of previous data in
sectors that have been overwritten once or multiple times.
So what is the actual threat ? Are there any papers describing
practical production systems and proven techniques for retrieving
overwritten data ? How good are they - what BERs are obtainable for
what percentage of data ?
Clearly a cryptographer legitimately worries about being able to
infer that a particular bit a of key has a slightly greater than 50%
chance of being a 1 or 0, but for most users retrieving email or
documents with even one or two corrupt characters in them per page may
not be very interesting even if it is possible.
And good lawyer should be able to plant doubt in the
minds of a jury if the data is really garbled, even if it seems
incriminating.
So it would seem that for most normal recovery purposes
(business data recovery and evidence) any multi-layer ghost data
recovery would have to be pretty good to be worth investing in. The
NSA/CIA, however might be interested in anything at all under some
circumstances - without those limitations.
So how real is the threat - what does it cost to have it done
and how expensive is the gear ? Who actually has working setups in use ?
And how many layers down can they really read ? And with what BER ?
--
Dave Emery N1PRE, [EMAIL PROTECTED] DIE Consulting, Weston, Mass.
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
