You are using software to try and recover information. If you can recover files after filling the platter with zeros 4 or 5 times and recover it without a direct attack on the platters (ie,using a SEM), then why is it so hard to believe that specialized HARDWARE can recover it after 30 times?
At this point, I think it has been determined that the best way (and possibly the only way in the near future) to prevent the recovery of information is the complete and total destruction of the drive. Here is a good question for you though, at what point is it worth just destroying the drive? My guess would be we are at that point now, because we have to use so many resources to be reasonably sure that the data is unrecoverable, that is is cost effective to just destroy the drive and purchase a replacement for it. Tim Donahue > -----Original Message----- > From: Chris Chandler [mailto:chandlerchrisc@;earthlink.net] > Sent: Wednesday, October 30, 2002 1:05 PM > To: [EMAIL PROTECTED]; 'Dave Adams'; > [EMAIL PROTECTED] > Subject: RE: Interesting One > > > When they say it can be retrieved if a drive has been > formatted up to 30 times, they are probably a little > ambitious. Most formats are done using "format c:" and > nothing else. Again, this just removes the pointers. When I > redo a drive, I run a zero fill 3 times over it. Then to test > whether or not data has been completely erased, I run the > drive on my Encase machine. If anything shows up I erase some more. > So your FAST person may be a little ambitious in his/her > claims, I know that just regular formatting can leave a drive > recoverable up to about 5 times anyway. > > Chris Chandler > A+, Network +, MCSE NT4/2000 > Network Security Consultant > http://www.wilykiote.com > > -----Original Message----- > From: Thomas Sjögren [mailto:thomas@;northernsecurity.net] > Sent: Tuesday, October 29, 2002 5:29 PM > To: Dave Adams; [EMAIL PROTECTED] > Subject: Re: Interesting One > > On Monday 28 October 2002 23:06, Dave Adams wrote: > > > I had an interesting conversation today with someone from FAST > > (Federation Against Software Theft) They pretend not to be a snitch > > wing of the BSA. Anyway, to get to the point, the guy that > came to see > > me said that their forensics guys could read data off a hard drive > > that had been written over > > up to thirty times. [...] > > Really? Wow. Please email me about the tools they are using, > but that's > probably classified. > > >
