Slayer_Cheffe Posted March 1, 2013 Share Posted March 1, 2013 Hi, i connect the false disk to my unraid Server and clear it. I recognice the mistake after the Clear was done. Before the Clear: on the Disk was 1,8 TB Data-Files at a ReiserFS System (the disk was one of the disk of my old Unraidserver). Is there any program, where i can see, which datafiles was on the disk? The programm must not recover the data. I only need the name of the files. Thanks Link to comment
Joe L. Posted March 1, 2013 Share Posted March 1, 2013 Hi, i connect the false disk to my unraid Server and clear it. I recognice the mistake after the Clear was done. Before the Clear: on the Disk was 1,8 TB Data-Files at a ReiserFS System (the disk was one of the disk of my old Unraidserver). Is there any program, where i can see, which datafiles was on the disk? The programm must not recover the data. I only need the name of the files. Thanks It is my understanding that even if you were the NSA or the CIA, the data, directory listings, and original contents are completely gone with absolutely no way to get it back from that disk.. You've written zeros in their place. There is no undo, even for just the directory listing. Sorry... Joe L. Link to comment
Sccrluk9 Posted March 1, 2013 Share Posted March 1, 2013 Not sure what kind of data you had but if it was Movies/TV/Music and you run xbmc or itunes the files would still be in the those databases unless you told those programs to clean the database. It would be a very long process for 1.8TB of data but you could look through those databases and see what files were pointed at that disk. Link to comment
Automatic Posted March 1, 2013 Share Posted March 1, 2013 Hi, i connect the false disk to my unraid Server and clear it. I recognice the mistake after the Clear was done. Before the Clear: on the Disk was 1,8 TB Data-Files at a ReiserFS System (the disk was one of the disk of my old Unraidserver). Is there any program, where i can see, which datafiles was on the disk? The programm must not recover the data. I only need the name of the files. Thanks It is my understanding that even if you were the NSA or the CIA, the data, directory listings, and original contents are completely gone with absolutely no way to get it back from that disk.. You've written zeros in their place. There is no undo, even for just the directory listing. Sorry... Joe L. Pretty sure the DoD does a seven pass wipe for their drives, they may be over killing it, but, there must be a reason for that. I believe I read somewhere (a long ass time ago) that if you modify the controller on the HDD you can get the analog magnetic value and from that you're able to make a educated guess at what the bit was before the wipe, however, it's really not all that effective (Changes your 50/50 guess into a 60/40 guess or something along those lines). Link to comment
Joe L. Posted March 1, 2013 Share Posted March 1, 2013 See here: http://www.h-online.com/newsticker/news/item/Secure-deletion-a-single-overwrite-will-do-it-739699.html The "standards" you described, used by the DOD, were written when you could sprinkle iron filings on the surface of a tape/disk and visually see the bit pattern. (Well, they used ferric oxide fluid but you get the idea) Tracks on disks were much wider and easier to read the "edges" If it was easy for a disk to read erased data, we would all be in trouble, as it would be impossible to parity to be consistently calculated as disk contents change. The preclear utility uses "dd' exactly as the paper describes... and for all intents and purposes, once cleared, the data and directory listing of the files is long gone. Joe L. Link to comment
Automatic Posted March 1, 2013 Share Posted March 1, 2013 If it was easy for a disk to read erased data, we would all be in trouble Well, if it were true you could do something along the lines of parity with deleted data, so, you store data then delete it then write new data over it, but, create ~ a 30% redundant parity and boom, you doubled your HDD's disk space. Link to comment
dgaschk Posted March 2, 2013 Share Posted March 2, 2013 The Center for Magnetic Recording Research at UCSD could read the last 12 values written to a sector in 1997. I'm sure they can read many more by now. The DoD uses drills to retire drives. Although the higher bit density of modern drives may make reading overwritten values more difficult the referenced paper seems odd. Just because they cannot read the overwritten values does not mean that reading overwritten values is not possible. The equipment and expertise required to read overwritten data is not common and I know of no papers published that describe how its done. Unless you become a national security threat I don't think that anyone will invest the resources required to read the overwritten data on your disks. I'm fairly certain that any disks recovered from the raid that killed Osama bin Laden were processed to recover several layers of overwritten data. Link to comment
Automatic Posted March 2, 2013 Share Posted March 2, 2013 The Center for Magnetic Recording Research at UCSD could read the last 12 values written to a sector in 1997. I'm sure they can read many more by now. The DoD uses drills to retire drives. Although the higher bit density of modern drives may make reading overwritten values more difficult the referenced paper seems odd. Just because they cannot read the overwritten values does not mean that reading overwritten values is not possible. The equipment and expertise required to read overwritten data is not common and I know of no papers published that describe how its done. Unless you become a national security threat I don't think that anyone will invest the resources required to read the overwritten data on your disks. I'm fairly certain that any disks recovered from the raid that killed Osama bin Laden were processed to recover several layers of overwritten data. I highly doubt the DoD would care if you knew how to do it because:- A. They physically destroy the drives after wiping B. How would you get a hold of a drive C. Why can't they just bump up the amount of passes they do D. I'm sure the data on the drive is encrypted in of itself, and, no data was ever written to that drive that wasn't encrypted E. I'm sure the data is in a raid 0 like motion, so, having one drive would be useless, you'd need all the drives & all the bits. F. It'd probably be easier to get a job there, become their top IT guy and steal the data like that. Even though this would take years (20+ probably) to do, it's still easier than all of the above. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.