| |
GM7HUD > PC 26.02.06 13:14l 69 Lines 3418 Bytes #999 (0) @ WW
BID : 473427GM7HUD
Read: GUEST DC9BM
Subj: Re: Secrecy.
Path: DB0FHN<DB0FOR<DB0SIF<DB0EA<DB0RES<ON0AR<ZL2BAU<VK4TRS<GB7YFS<GB7LGS<
GB7ESX
Sent: 060226/1141z @:GB7ESX.#31.GBR.EU #:83748 $:473427GM7HUD [Witham, Esx]NNA
VK2ZRG wrote:-
>
> I remember using "Wash" in Xtree Gold. This function replaced all bytes
> in
> a file with ASCII 32 (a space). You then deleted the file. If someone then
> "undeleted" the file, all that was in it was still #32.
>
The way that data can be recovered from disks after you have erased the
file is related to how the magnetic domains actually exist on the disk.
Diagrams normally show neat fixed width concentric tracks for the magnetic
domains but this isn't the case. The magnetised area under the heads
spreads out either side of the head gap. The signal strength drops
dramatically as you move off-axis. So the normal bit that holds your data
is under the head, inbetween the tracks exists a no-mans land that is a mix
of the two tracks of data.
Disks have been using voice-coil positioning for many years, and these
disks need servo data to help the head find the track. Old disks used
stepper motors to position the heads, these just needed a seek to track
zero followed by the correct number of pulses to get to track. The voice
coil systems uses servo data written at manufacture time. This data is now
mixed in with your data instead having its own surface.
The head isn't held perfectly avove the track data. The servo info is read
all the time and the positioner is constantly micropositioning the head to
maximise servo read response. So instead of the track that the head sees
being perfectly circular it has wobble and the wobble can vary slightly for
every revolution. This makes the mishmash zone between the tracks bigger.
Erasing one track leaves residual data behind. This is not the file system
erase of marking the directory entry unused and leaving the data on the
disk, but the data left behind that is at the edge of the head's write
area.
If you repeatedly write the same data (00 or FF) you will have an effect on
the mishmash. If you write enough times you can minimise the content of
track n in the mishmash of track n and n+1.
The possibilty remains that the mishmash will contain recoverable snippets
of infomation. This risk is often too much for truly sensitive data. Thus
the only way to permenantly erase the data is to physically destroy the
disk media.
Reading this data requires special equipment. You need to be able to
position the heads not over the centre of the track but the intertrack gap.
You could do this with special firmware in the disks but normally the
individual platters would be removed and mounted on a new drive that has
"special" features.
Recoving the data is not cheap. Data recovery experts charge a lot to
remove platters from damaged disks and remount them to recover data you
haven't tried to erase. They charge a lot more if you've done your best to
erase the residuals.
If you use on-the-fly encryption you can minimise the residual data. Any
residual data will contain your encrypted data and so will be harder to
recover. On-the-fly encryption is where the data is written encrypted to
the disk, it is read by the OS as an encrypted block and is decrpyted just
before being passed to the programme reading the files.
But bewware... if you use an OS with virtual memory, there's every chance
your programme and its data (now unencrypted) will get swapped out to the
swap area. Looking in there later may show that all your hardwork was
wasted as fragments of unecrypted data will be clearly visible!
73 de Andy GM7HUD
Read previous mail | Read next mail
| |
