[ale] Drive recovery

[Greg Freemyer]

On 6/8/05, Michael B. Trausch wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
> 
> tfreeman at intel.digichem.net wrote:
> >
> > About 10 years or more ago, I used one of those drive recovery services.
> > Yes, expensive, but not all that expensive. Seems like we had a discusion
> > of sorts along the lines of secure deletion a year or two ago. I _still_
> > like the idea of floating the platters in HF, although there are
> > hazzardous waste issues.
> >
> 
> Many of the drive recovery services are capable of much more then you or
> I can do with any disk or disk controller available to us within any
> sort of reasonable cost range.  For example, some services can read data
> that was written and overwritten, and overwritten yet again, by looking
> for "ghosts" of data and reassembling it.  Crazy, but (remotely) possible.

The "ghosts" are called "fringe effects".  Ones and Zeros on a disk
have physical dimension and I assume the strength of the magnetism
fails off in a gausian curve (Think back to advanced physics class). 
Head alignment is not perfect, so over-writes do not exactly
over-write, but instead the center of the curve is slightly offset. 
As you say a highly calibrated and sensitive head assembly can in
theory read the field strength of the magnetism with a far greater
accuracy than just 1/0.

Then very complex software can "in theory" reassemble the underlying data.

I am not aware of any commercial provider offering that they can read
"fringe effects".

I'd be very interested to know of a commercial service provider that
can actually do that.

I've heard the rumors that CIA / NSA / etc. can do this and I have
little reason to doubt it, but I imagine they can only get little
fragments of data, not full recovery.

FYI: The biggest support for this capability existing is the DOD
wiping requirement that requires multiple passes.  If technology does
not exist to read data after a single over-write, then the DOD
requirement is overly strict.

Greg