Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | 5 | (show all)   Print Thread
Standard User camieabz
(sensei) Wed 25-Apr-12 09:58:20
Print Post

Data on old hard drives


[link to this post]
 
http://www.bbc.co.uk/news/technology-17827562

Watchdog finds undeleted data on second-hand disk drives


Of the 200 hard disks collected, 11% contained personal information.

At least two of the drives had enough information to enable someone to steal the former owners' identities, the watchdog said.


I'm slightly peturbed at that statistic. Why didn't they say three drives or the actual amount? "At least two" is a strange way of putting it when dealing with whole numbers.

Equally they didn't add that many buyers of second hand drives are not looking for peoples' data, however, the article might encourage some to start looking or worse, start buying to get data.

Lastly the Beeb article doesn't give advice on how to delete sensitive data from their drives. Here are a couple of free and easy methods:

1) If just throwing the drive out, delete data, format drive, then take it apart and smash the disc(s) with a hammer. Best to do this in an area where it can catch all the shards of glass. Data definitely gone!

2) If selling on, delete the data, and copy useless data to the drive until full. Download a large file and copy it or copy the copies. delete data with a free drive wiper program, such as the one which comes with CCleaner. Then format the drive. Data gone!

Personally, I never sell on my HDDs, so I use option 1, but also do the files and CCleaner bit too. Overkill is impossible when dealing with your data.

~ Camieabz ~

All Connection Data ~ plusnet

mod'er·a'tion n.
Synonyms: temperance, restraint, modesty.

Edited by camieabz (Wed 25-Apr-12 11:37:41)

Standard User 4M2
(experienced) Wed 25-Apr-12 10:57:27
Print Post

Re: Data on old hard drives


[re: camieabz] [link to this post]
 
Yep, even overwritten files can be retrieved - best to do a full reformat or if the drive is not working smash the disc with a hammer!
Standard User john2007
(legend) Wed 25-Apr-12 13:12:22
Print Post

Re: Data on old hard drives


[re: 4M2] [link to this post]
 
In reply to a post by 4M2:
Yep, even overwritten files can be retrieved ...

By who? I thought this had the status of an urban myth.


Register (or login) on our website and you will not see this ad.

Standard User micksharpe
(eat-sleep-adslguide) Wed 25-Apr-12 13:29:49
Print Post

Re: Data on old hard drives


[re: john2007] [link to this post]
 
In reply to a post by john2007:
In reply to a post by 4M2:
Yep, even overwritten files can be retrieved ...

By who? I thought this had the status of an urban myth.
It is possible but the techniques used are time-consuming and require specialist equipment. At the most extreme, magnetic ink can be applied to recording surfaces and the patterns read using a microscope.

“If you limit your choices only to what seems possible or reasonable, you disconnect yourself from what you truly want, and all that is left is compromise” - Robert Fritz
.
It Ought to be Easy | Greasemonkey scripts
Standard User gomezz
(eat-sleep-adslguide) Wed 25-Apr-12 13:55:28
Print Post

Re: Data on old hard drives


[re: micksharpe] [link to this post]
 
With today's paranoid government agencies the very act of physically smashing a hard drive to prevent data recovery is enough to invite their closest scrutiny. frown

O2 Standard (8Mbps LLU)
Standard User camieabz
(sensei) Wed 25-Apr-12 14:37:21
Print Post

Re: Data on old hard drives


[re: gomezz] [link to this post]
 
If the police or said agencies were forcing an entry to a property and discovered someone in the act of doing that, fair enough. Otherwise, it's a sensible precaution. No different to shredding sensitive mail.

~ Camieabz ~

All Connection Data ~ plusnet

mod'er·a'tion n.
Synonyms: temperance, restraint, modesty.
Standard User john2007
(legend) Wed 25-Apr-12 14:44:00
Print Post

Re: Data on old hard drives


[re: micksharpe] [link to this post]
 
http://en.wikipedia.org/wiki/Data_recovery (section titled overwritten data).

SSDs may be more of a risk.
Standard User Deadbeat
(knowledge is power) Wed 25-Apr-12 15:09:15
Print Post

Re: Data on old hard drives


[re: camieabz] [link to this post]
 
Most of the used drives that I come across have all the data fully intact. What surprises me is that the percentage is as low as it is!
Standard User micksharpe
(eat-sleep-adslguide) Wed 25-Apr-12 15:48:27
Print Post

Re: Data on old hard drives


[re: john2007] [link to this post]
 
My info is several decades old. I used to know someone who made colloidal magnetic suspensions for researchers and forensic organisations. Of course, magnetic force microscopes weren't invented then and the amount of data recorded on disk drives was miniscule compared with today's devices.

I've only given the article a quick scan but it does not seem to mention bad blocks that have been reassigned by a device's internal firmware. These will be invisible to standard software but will be visible to specialist hardware and may contain useful information.

The best security practices are (1) use of drive encryption in case of theft and (2) use of a sledgehammer prior to disposal.

“If you limit your choices only to what seems possible or reasonable, you disconnect yourself from what you truly want, and all that is left is compromise” - Robert Fritz
.
It Ought to be Easy | Greasemonkey scripts

Edited by micksharpe (Wed 25-Apr-12 15:50:03)

Moderator billford
(moderator) Wed 25-Apr-12 16:29:55
Print Post

Re: Data on old hard drives


[re: john2007] [link to this post]
 
In reply to a post by john2007:
In reply to a post by 4M2:
Yep, even overwritten files can be retrieved ...

By who? I thought this had the status of an urban myth.
It can be done if you're really determined, but as Mick said it's expensive and time-consuming.

But if the data is worth it... when we had to dispose of classified HDDs at Aldermaston, they were stripped down and the magnetic coating sandblasted off the platters.

edit- and two witnesses had to sign off that it had been done properly!

Bill
[email protected] __________________Planes and Boats and ... __________________BQM

Edited by billford (Wed 25-Apr-12 16:35:36)

The author of the above post is a thinkbroadband moderator but it does not constitute an official statement on behalf of thinkbroadband.
Standard User john2007
(legend) Wed 25-Apr-12 16:41:38
Print Post

Re: Data on old hard drives


[re: micksharpe] [link to this post]
 
A bit of a moot point given that many people don't secure their disk drives in any fashion given Deadbeat's experience.
Standard User john2007
(legend) Wed 25-Apr-12 16:47:37
Print Post

Re: Data on old hard drives


[re: billford] [link to this post]
 
Had pretty much abandoned ferrite cores by my day!

Nowadays taking such precautions wouldn't be required because all the data would already have been lost on a usb drive or e-mailed to the wrong mailing list!
Moderator billford
(moderator) Wed 25-Apr-12 16:49:25
Print Post

Re: Data on old hard drives


[re: john2007] [link to this post]
 
More truth in that than is comfortable frown

Bill
[email protected] __________________Planes and Boats and ... __________________BQM
The author of the above post is a thinkbroadband moderator but it does not constitute an official statement on behalf of thinkbroadband.
Standard User greenglide
(member) Wed 25-Apr-12 17:11:38
Print Post

Re: Data on old hard drives


[re: john2007] [link to this post]
 
In reply to a post by john2007:
http://en.wikipedia.org/wiki/Data_recovery (section titled overwritten data).

SSDs may be more of a risk.


Not really - the secure erase command implemented on most SSDs will really erase all the data on the drive in a few seconds.

Secure erase on conventional HDDs is less reliable.

The answer, of course, is to use an encrypted drive where a digital key is required access the drive. Overwrite the key stored in the controller and the entire encrypted disc is useless.

Such discs were invented years ago but nobody bothered to use them and software encrypted drives (like the one I am using at this moment - work PC!) have only become common recently.

Strangely, when this PC is replaced I am still expected to use a secure erase packiage to wipe the disc - they obviously don't trust the encryption!

Ex <n>ildram , been to SKY MAX - 15,225 Download
BE Unlimited - 21,000 Download 1,200 Upload,
Moved house, now BE Unlimited 6,500 Down, 1Mb/s up - gutted!
FTTC Cab installation commenced 12th April - expect full 80 / 20 - bye bye BE, hello BT Infinity soon!
Standard User Pipexer
(eat-sleep-adslguide) Wed 25-Apr-12 17:20:30
Print Post

Re: Data on old hard drives


[re: billford] [link to this post]
 
In reply to a post by billford:
It can be done if you're really determined, but as Mick said it's expensive and time-consuming.

Not being funny (because I don't disagree) but can you provide a link to any evidence suggesting it has been done on a modern hard drive? To the best of my knowledge it is one of them things that has never actually been proven. Not that we would expect our friendly government departments to admit to being able to do it of course.

Zen 8000 Pro
Moderator billford
(moderator) Wed 25-Apr-12 17:27:58
Print Post

Re: Data on old hard drives


[re: Pipexer] [link to this post]
 
In reply to a post by Pipexer:
In reply to a post by billford:
It can be done if you're really determined, but as Mick said it's expensive and time-consuming.

Not being funny (because I don't disagree) but can you provide a link to any evidence suggesting it has been done on a modern hard drive?
Simple answer- no, I can't.

I did spend some time down at GCHQ on a couple of occasions- I didn't witness HDDs being read the hard way, but some of the tricks I did see them pull leaves me quite convinced that they could do it if they wanted to shocked

Bear in mind that my experience is from ten years ago, I'd guess that both HDD security and the techniques for cracking it have both changed a lot in that time.

Bill
[email protected] __________________Planes and Boats and ... __________________BQM
The author of the above post is a thinkbroadband moderator but it does not constitute an official statement on behalf of thinkbroadband.
Standard User Pipexer
(eat-sleep-adslguide) Wed 25-Apr-12 17:29:08
Print Post

Re: Data on old hard drives


[re: billford] [link to this post]
 
In reply to a post by billford:
But if the data is worth it... when we had to dispose of classified HDDs at Aldermaston, they were stripped down and the magnetic coating sandblasted off the platters.

Did they get you to run any sort of basic deletion first? On paper that process described is adding a great deal of "surface" for the disk or platters to go missing or be stolen. It's a bit like when exam papers get sent off in a van for incineration, the bags get passed around and all sorts. It's much easier to put it through the paper shredder on the desk. Nobody is arsed enough to try and put it back together. Yet if the sheets come out of the bag in their entrity it's worth a look..

Zen 8000 Pro
Standard User Pipexer
(eat-sleep-adslguide) Wed 25-Apr-12 17:37:05
Print Post

Re: Data on old hard drives


[re: camieabz] [link to this post]
 
In reply to a post by camieabz:
I'm slightly peturbed at that statistic. Why didn't they say three drives or the actual amount? "At least two" is a strange way of putting it when dealing with whole numbers.

It's because they have just made assumptions so they can release their FUD information that everybody knows anyway. They didn't even define "identity theft" either. You only need someone's name afterall to steal their identity.

Even the most idiotic of computer users are always talking about how to dispose their HDDs when they are done with them. You know how computer users revel in stupid security issues which they don't properly understand.

Zen 8000 Pro
Standard User micksharpe
(eat-sleep-adslguide) Wed 25-Apr-12 17:39:46
Print Post

Re: Data on old hard drives


[re: Pipexer] [link to this post]
 
In reply to a post by Pipexer:
In reply to a post by billford:
It can be done if you're really determined, but as Mick said it's expensive and time-consuming.

Not being funny (because I don't disagree) but can you provide a link to any evidence suggesting it has been done on a modern hard drive? To the best of my knowledge it is one of them things that has never actually been proven. Not that we would expect our friendly government departments to admit to being able to do it of course.
Well, there are plenty of data recovery firms out there. They have to earn their money somehow. I don't imagine that all they do is fix MBRs and run undelete.

“If you limit your choices only to what seems possible or reasonable, you disconnect yourself from what you truly want, and all that is left is compromise” - Robert Fritz
.
It Ought to be Easy | Greasemonkey scripts
Standard User Pipexer
(eat-sleep-adslguide) Wed 25-Apr-12 17:42:03
Print Post

Re: Data on old hard drives


[re: micksharpe] [link to this post]
 
I am not aware of any data recovery firms who can recover data from a drive that has been zeroed, but willing to be proven wrong.

Zen 8000 Pro
Standard User john2007
(legend) Wed 25-Apr-12 17:43:33
Print Post

Re: Data on old hard drives


[re: greenglide] [link to this post]
 
Full disk encryption does seem to be the obvious solution. I don't bother personally as the risk of monetary loss due to someone nicking one of my hard drives seems low.
Standard User 4M2
(experienced) Wed 25-Apr-12 17:55:27
Print Post

Re: Data on old hard drives


[re: john2007] [link to this post]
 
iolo System Mechanic:

Employs multi-pass military-grade wiping to ensure complete removal of all deleted data.
Defeats forensics recovery techniques...

Just marketing hype?
Standard User micksharpe
(eat-sleep-adslguide) Wed 25-Apr-12 17:56:11
Print Post

Re: Data on old hard drives


[re: Pipexer] [link to this post]
 
In reply to a post by Pipexer:
I am not aware of any data recovery firms who can recover data from a drive that has been zeroed, but willing to be proven wrong.
I'm not sure what you mean by "zeroed". I used to work for a mainframe manufacturer and we sometimes got requests from customers who had corrupted disks and no [recent] backups.

On one occasion, I was sent a disk pack and was asked to check it out. It was mechanically sound but unreadable by the OS. I had access to engineering software that would pull data directly off the read heads. A lot of the data was OK but a good number of blocks had data shifted a few bits by a faulty drive controller. A lot of the corrupted blocks were directory entries which didn't help. I could have recovered 90% of the customer's data but when I quoted them for the work, they soon decided to re-key their data.

So, yes it can be done but customers often decide to take the cheaper route in the end. Sore fingers do not hurt as much as sore wallets. crazy

“If you limit your choices only to what seems possible or reasonable, you disconnect yourself from what you truly want, and all that is left is compromise” - Robert Fritz
.
It Ought to be Easy | Greasemonkey scripts
Standard User john2007
(legend) Wed 25-Apr-12 18:03:37
Print Post

Re: Data on old hard drives


[re: 4M2] [link to this post]
 
In reply to a post by 4M2:
iolo System Mechanic:

Employs multi-pass military-grade wiping to ensure complete removal of all deleted data.
Defeats forensics recovery techniques...

Just marketing hype?

I believe so.
Standard User micksharpe
(eat-sleep-adslguide) Wed 25-Apr-12 18:26:04
Print Post

Re: Data on old hard drives


[re: billford] [link to this post]
 
In reply to a post by billford:
when we had to dispose of classified HDDs at Aldermaston, they were stripped down and the magnetic coating sandblasted off the platters.
You were more thorough than the good people at Burghfield. They put their disk packs in a machine that looked for all the world like a large cement mixer full of cannon balls. Obviously, they couldn't afford to buy a sand-blaster. Still, it did the same job in the end. crazy

“If you limit your choices only to what seems possible or reasonable, you disconnect yourself from what you truly want, and all that is left is compromise” - Robert Fritz
.
It Ought to be Easy | Greasemonkey scripts
Standard User john2007
(legend) Wed 25-Apr-12 18:36:35
Print Post

Re: Data on old hard drives


[re: micksharpe] [link to this post]
 
In those days the disk packs themselves looked like free standing washers.

I used to work with one of these. http://www.cucumber.demon.co.uk/geccl/4000series/408...

State of the art - once.
Standard User micksharpe
(eat-sleep-adslguide) Wed 25-Apr-12 18:41:58
Print Post

Re: Data on old hard drives


[re: john2007] [link to this post]
 
We had an old General Electric machine. The disk drives had hydraulic head actuators (I kid you not.) The engineers hated it when an actuator sprang a leak - there would be hydraulic fluid all over the place and they had to clean it all up. They danced on the rooftops when voice-coil actuators were introduced. laugh

“If you limit your choices only to what seems possible or reasonable, you disconnect yourself from what you truly want, and all that is left is compromise” - Robert Fritz
.
It Ought to be Easy | Greasemonkey scripts
Standard User john2007
(legend) Wed 25-Apr-12 18:52:23
Print Post

Re: Data on old hard drives


[re: micksharpe] [link to this post]
 
I have no answer to that. smile
Standard User micksharpe
(eat-sleep-adslguide) Wed 25-Apr-12 18:56:52
Print Post

Re: Data on old hard drives


[re: john2007] [link to this post]
 
The engineers had a few choice phrases - all of them unprintable. laugh

“If you limit your choices only to what seems possible or reasonable, you disconnect yourself from what you truly want, and all that is left is compromise” - Robert Fritz
.
It Ought to be Easy | Greasemonkey scripts
Moderator billford
(moderator) Wed 25-Apr-12 19:01:06
Print Post

Re: Data on old hard drives


[re: Pipexer] [link to this post]
 
In reply to a post by Pipexer:
Did they get you to run any sort of basic deletion first?
I doubt it- you know the Civil Service, an HDD was only junked when it stopped working tongue
On paper that process described is adding a great deal of "surface" for the disk or platters to go missing or be stolen.
You can't get data off a platter that has no magnetic material on it... I don't think they cared about the waste grit, on the principle that if someone wanted to extract all the magnetic dust and reconstruct the data (cf your shredder comparison) they were welcome to try smile

Talking of shredders... shredded classified documents were collected and incinerated on site, again with witnesses signing it off. Ditto for floppies, which were still in use at the time. And you stood more chance of winning the lottery three weeks on the trot than getting a writeable CD drive on your computer.

And we haven't even mentioned Tempest protection!

Paranoid they may been, thorough they certainly were.

Bill
[email protected] __________________Planes and Boats and ... __________________BQM
The author of the above post is a thinkbroadband moderator but it does not constitute an official statement on behalf of thinkbroadband.
Moderator billford
(moderator) Wed 25-Apr-12 19:07:12
Print Post

Re: Data on old hard drives


[re: micksharpe] [link to this post]
 
In reply to a post by micksharpe:
...the good people at Burghfield.
I spent three months there on one project... my impression was that ROF(B) had a disarming tendency to go its own sweet way smile

Bill
[email protected] __________________Planes and Boats and ... __________________BQM
The author of the above post is a thinkbroadband moderator but it does not constitute an official statement on behalf of thinkbroadband.
Standard User micksharpe
(eat-sleep-adslguide) Wed 25-Apr-12 19:10:58
Print Post

Re: Data on old hard drives


[re: billford] [link to this post]
 
In reply to a post by billford:
In reply to a post by micksharpe:
...the good people at Burghfield.
I spent three months there on one project... my impression was that ROF(B) had a disarming tendency to go its own sweet way smile
The guys in the Group certainly did when they got on their bicycles to go to the canteen. wink

“If you limit your choices only to what seems possible or reasonable, you disconnect yourself from what you truly want, and all that is left is compromise” - Robert Fritz
.
It Ought to be Easy | Greasemonkey scripts
Moderator billford
(moderator) Wed 25-Apr-12 19:14:50
Print Post

Re: Data on old hard drives


[re: micksharpe] [link to this post]
 
In reply to a post by micksharpe:
The guys in the Group certainly did when they got on their bicycles to go to the canteen. wink
Yeah. I remember that- not a soul to be seen until the hooter went, then they popped out from all sorts of unlikely places laugh

Bill
[email protected] __________________Planes and Boats and ... __________________BQM
The author of the above post is a thinkbroadband moderator but it does not constitute an official statement on behalf of thinkbroadband.
Standard User micksharpe
(eat-sleep-adslguide) Wed 25-Apr-12 19:18:33
Print Post

Re: Data on old hard drives


[re: billford] [link to this post]
 
I had the use of a bicycle specially reserved for Honeywell Engineers, use of. It was an absolute death-trap. I'm amazed that I came away from that project with my goolies intact.

“If you limit your choices only to what seems possible or reasonable, you disconnect yourself from what you truly want, and all that is left is compromise” - Robert Fritz
.
It Ought to be Easy | Greasemonkey scripts
Standard User Pipexer
(eat-sleep-adslguide) Wed 25-Apr-12 23:10:51
Print Post

Re: Data on old hard drives


[re: micksharpe] [link to this post]
 
In reply to a post by micksharpe:
I'm not sure what you mean by "zeroed".

I think we are misunderstanding eachother here....
I mean zeroed as in zerored.... you have used a bootable utility on the PC to write zeroes to the entire disk.
In reply to a post by Pipexer:
I used to work for a mainframe manufacturer and we sometimes got requests from customers who had corrupted disks and no [recent] backups.

I appreciate that, but their data hasn't actually been fully overwritten in that respect.
In reply to a post by micksharpe:
On one occasion, I was sent a disk pack and was asked to check it out. It was mechanically sound but unreadable by the OS. I had access to engineering software that would pull data directly off the read heads. A lot of the data was OK but a good number of blocks had data shifted a few bits by a faulty drive controller. A lot of the corrupted blocks were directory entries which didn't help. I could have recovered 90% of the customer's data but when I quoted them for the work, they soon decided to re-key their data.

Again, in that example, the 1s and 0s were still on the surface. The data has not been secure erased or overwritten.

Zen 8000 Pro
Standard User Pipexer
(eat-sleep-adslguide) Wed 25-Apr-12 23:13:27
Print Post

Re: Data on old hard drives


[re: billford] [link to this post]
 
To clarify, I meant surface not in the technical term, as in, before they get sandblasted someone just nicks the drive.

Presumably the facility where they sandblasted the stuff was not just the office next door, even a different building? I'd at least expect every site to have a magnetic degauser or something similiar so that data can be pretty much securely erased without it going off site in some shape or form.

Zen 8000 Pro
Standard User micksharpe
(eat-sleep-adslguide) Wed 25-Apr-12 23:56:37
Print Post

Re: Data on old hard drives


[re: Pipexer] [link to this post]
 
In reply to a post by Pipexer:
I mean zeroed as in zerored.... you have used a bootable utility on the PC to write zeroes to the entire disk.
I see what you mean. Successful data recovery is mostly a matter of good luck and data recovery companies are always cagey about what they can achieve. It may be possible to recover data that has been over-written once, or perhaps twice, but I doubt if data that has been overwritten multiple times can be recovered.

In any event, recovery of overwritten data is inherently error-prone and therefore of little use to commercial customers who inevitably want clean data for their money. However, even 10% readable data will be of interest to forensics and security specialists. You need to distinguish between commercial and forensic data recovery and recovery of deliberately overwritten data is definitely in the forensic category.

“If you limit your choices only to what seems possible or reasonable, you disconnect yourself from what you truly want, and all that is left is compromise” - Robert Fritz
.
It Ought to be Easy | Greasemonkey scripts

Edited by micksharpe (Thu 26-Apr-12 00:07:53)

Moderator billford
(moderator) Wed 25-Apr-12 23:56:47
Print Post

Re: Data on old hard drives


[re: Pipexer] [link to this post]
 
In reply to a post by Pipexer:
To clarify, I meant surface not in the technical term, as in, before they get sandblasted someone just nicks the drive.
No disparagement intended, but you clearly haven't worked in a high-security establishment. I'm not saying it's impossible to nick one, but:

Every classified document (and in this context, digital storage media is a "document") is registered to a named (and security cleared) individual, is tracked whenever it's moved or transferred to someone else and subject to random checks at any time. It's also required to be locked away (in an appropriately approved secure cabinet) when you leave your office unattended, especially out of working hours but even while you go for a pee.

Get caught leaving a classified document out and unattended at any time and you've got yourself a severe problem.

This all applies right up to the moment when it's destroyed.

It's very much in the "owner's" interests not to lose it because, shortly after the next check, he'll quite likely be in jail, and for the same reason to keep it secure so that nobody else can nick it, because its loss will still be regarded as his responsibility. The Official Secrets Act is not one to be messed with.1

Believe me, being a registered holder of classified documents is a right royal pita, which is why I avoided it as much as I could!

edit- forgot to mention: all employees (and their cars) were liable to searches on entry to and exit from the site, and if you were caught with a classified document on you...



1Just for interest's sake, it's the only act (afaik) under which you can be punished twice for the same offence- once in the criminal court and again in the civil court.

Bill
[email protected] __________________Planes and Boats and ... __________________BQM

Edited by billford (Thu 26-Apr-12 00:04:34)

The author of the above post is a thinkbroadband moderator but it does not constitute an official statement on behalf of thinkbroadband.
Standard User camieabz
(sensei) Thu 26-Apr-12 00:04:07
Print Post

Re: Data on old hard drives


[re: billford] [link to this post]
 
There's definitely scope for making all documents handled by all ministers and civil servants classified then. That ought to stop those who leave things on trains, park benches etc.

/rolls eyes smile

~ Camieabz ~

All Connection Data ~ plusnet

mod'er·a'tion n.
Synonyms: temperance, restraint, modesty.
Standard User 4M2
(experienced) Thu 26-Apr-12 00:09:49
Print Post

Re: Data on old hard drives


[re: micksharpe] [link to this post]
 
Sure I once heard that a file has to be overwritten numerous times before it's "shadow" is finally completely unreadable...
Standard User TMCR
(member) Thu 26-Apr-12 00:18:53
Print Post

Re: Data on old hard drives


[re: john2007] [link to this post]
 
I worked on a DEC PDP 11/34, probably in a previous life if I think about it.

Every other Sunday we, the two programmers, had to go in for seven and a half hours overtime. That consisted of backup to a TU11 tape drive of the 2 RK07 disc drives, full format of the 28Mb drives, then restore it all from tape. There was no 'DEFRAG' back then !

( DEC RK07 - http://computer-refuge.org/dec-pics/rk07.html )
( Tech info, if you must - http://gunkies.org/wiki/RK07 )


You either did that, or watch the entire system grind to a halt if you left it longer than 2 weeks.

So, it needed two people for safety reasons. There was a big Halon gas cannister in the computer room, nobody was allowed to enter without someone outside who could raise the alarm if the cannister went off.

It took seven and a half hours to write the tapes, format the drives and restore the data, then take the tapes off-site as that session's full backup. You didn't take lunch break, the boss considered it was one long break apart from the occasional 2 minutes to swap a tape.

Most of the time we were sat reading in the programmers room. Not much else you could do. This was pre PC, pre Internet days. As long as you were ready to change the tape every 27 minutes, or whatever it took, you could do no more.

The drives had a special lid that you had to engage to get them out of the cabinet. A 'sealed' drive could be taken off site for safe storage, if we were on 'full' backup. The idea being that we could backup drive to drive and swap the physical discs over.

BUT, if you dropped the disc, there was a little blue indicator to show it was 'damaged beyond repair'. If, as sometimes happened, we were replacing the entire disc unit, the DEC engineer would be called to deal with the old disc unit. He would simply drop it, see that the indicator was blue, and toss it in a skip...!

Dafter still - the indicator was in the lid - not on the drive itself. You could, in theory, have dropped a disc, then swapped the lids over when you installed the now 'dead' platter, call an engineer out, have him replace it FOC and just tell the boss it had failed.

So much for security back then.

(In later years I managed to reverse a 1200/75 modem, supplied for diagnostics, and use a dumb terminal to access the new fangled bulletin boards - but that's another story...)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Virgin Cable (L)
Standard User john2007
(legend) Thu 26-Apr-12 09:52:14
Print Post

Re: Data on old hard drives


[re: TMCR] [link to this post]
 
I've had a few employers who think that travel time shouldn't be counted as work.

I tend to think that everything about the way we live nowadays is fully recorded and will be available to future historians.

Your post illustrates just how wrong that thought is. Historians will think we make our living on reality TV!

To you, me, and many others our daily work experience is trivia. Historians will make a living out of it.
Standard User mr_bean
(member) Thu 26-Apr-12 10:39:48
Print Post

Re: Data on old hard drives


[re: micksharpe] [link to this post]
 
My info is several decades old. I used to know someone who made colloidal magnetic suspensions for researchers and forensic organisations. Of course, magnetic force microscopes weren't invented then and the amount of data recorded on disk drives was miniscule compared with today's devices.

I've only given the article a quick scan but it does not seem to mention bad blocks that have been reassigned by a device's internal firmware. These will be invisible to standard software but will be visible to specialist hardware and may contain useful information.


I'm slightly sceptical that overwritten data can be recovered from modern drives if only because we've reached the point where it takes a lot of analogue processing vodoo just to get the data which is supposed to be there.

Some of the discussion and techniques relate back as far as the (now very) old FM and MFM disks - head positioning on those was so inaccurate by today's standards that tracks were intentionally written wider than necessary and there was a lot of "overspill" of data. I can easily believe that data could be recovered from those.

Even where we're looking at research papers from 2000-2001 then they were probably based on disks with capacities less than 200G - today's drives are reaching 10-20x that (4TB drives are now available) so it's likely to be 10-20x as hard to pull overwritten data from them.

I'm not sure I'd like to state categorically that it can't be done, especially if you've got government research budgets and the ingenuity of the folks at GCHQ. I'd have loved to see them tinkering with a disk to get data off it - or even just to see them destroy their own but, sadly, although I've visited quite a few times it's not the sort of place that encourages wandering around in the hope of spotting something interesting! Even with adequate clearance (and I had that)* it's very much a "need to know" place and I didn't - all my contact was purely software issues and projects.

What I think it is safe to claim is that increases in data density will make it a harder problem simply because there will be fewer and fewer magnetic domains to keep memories of "old" data.

It is true that sector remapping is a problem for the truly security concious, not least because that data can't be overwritten by the operating system. It doesn't usually survive physical destruction though.

But all this is moot - encrypt the disk!

* And clearance would have been easy to loose if I'd been caught snooping around looking for "interesting" stuff - as billford says there are just some things you don't do in that environment.
Standard User Deadbeat
(knowledge is power) Thu 26-Apr-12 11:23:10
Print Post

Re: Data on old hard drives


[re: Pipexer] [link to this post]
 
In reply to a post by Pipexer:
.... Even the most idiotic of computer users are always talking about how to dispose their HDDs when they are done with them...

In my experience that is simply not true. As I posted earlier, with the vast majority of used drives that I see (And I see quite a lot now in my voluntary work), there has been no attempt whatsoever to even delete personal data.
Pages in this thread: 1 | 2 | 3 | 4 | 5 | (show all)   Print Thread

Jump to