View Full Version : About Data Recovery

11-22-2000, 12:49 PM
Recently at my new job we have been discussing the topic of data recovery.
I am sure everyone is familiar with the DOD procedure of zero filling a hard drive 7 times before disgarding it. Well I for one cannot see ANY logic to this. My understanding is that a magnetic flux is applied to the magnetized media on the platter. These N-S/S-N flux patterns are read as either a '0's or a '1' by the logic unit. My friend believes that even after *37* zero fills to the hard drive, the data may be recovered. This seems absurd to me. He does not understand how the hard drive works, and to him this seems logical because he thinks that since data is 'written over' then you could somehow access the old data! He believes this because one data recover company gurantees they can recover at LEAST 40% of the data off a drive that has filled 37 times! I do not see how this is possible given that the actual 'data' is a megnetic flux pattern. If anyone can settle this topic for me i would truely appreciate it. Thanks...

[This message has been edited by xor_chad (edited 11-22-2000).]

11-22-2000, 02:07 PM
I have never heard that data could be reecovered after 37 times of overwriting but a program bcwipe will clear your harddrive with Dept of
Defense standards if requested. Overwrite 8 times alphanumeric random characters. I do understand that there is equipment at the Dept of Defense and FBI that can still find data on that harddrive. BTW bewipe was available on the web for a free download.

BCWipe for Windows 95/98/NT/2000
BCWipe software for Windows 95/98/NT/2000 What's new and what have been fixed over the previous version The BCWipe utility is a shell extender for Windows 95/98/NT/2000, intended to secure delete your files. It supports correspondent U.S. Depa http://www.jetico.sci.fi/bcwipe.htm

11-22-2000, 02:41 PM
According to PGP(Pretty Good Privacy) user guide, "Commercial data recovery companies have been known to recover data that has been written over up to 9 times". They say that you should wipe the data from a file before you delete it. This 'reduces' the chances of it being recovered. They also state that they 'wiping' algorythm is superior to others. So maybe it is a limitation of the programs to really write over data that is the problem.

11-22-2000, 03:18 PM
Hey. OK software is avaliable that CLAIMS that this is possible. I cannot deny this. This is that heart of the arguement. But it does not explain how this is possible to do and i cannot accept it w/o some logic.

The term 'wipe' is the same as 'zero fill' and other such terms. Instead of a high-level format that would ONLY remove the entry from the file allocation table(FAT16/32)- hence leaving the data there until some other data is written to that cluster - the step is done immediately. As for a zero-fill, i believe that is in reference to the bit pattern that represents the '%' sign that is in ASCII, which is actually the pattern for 'unused' ot 'blank' as the file system would interpret it.

So now after 'wiping' there is a pattern that represents(for example) binary 00001111111000 where before it may have been 011001011110011. Thanks to PCGuide we know that that is a series of N-S and S-N flux patterns on the drive platter. So how in the world could anything figure out what the past fluxes were?

My only theory is that a stronger read head is applied to the platter that may can read resonant fluxes. But, how in the world could it differentiate the last TWO writes yet alone 37! If there were 37 resonating fluxes in one cluster and 14 in the next, how would you know what clusters were grouped together? I could see this being possible in a raid where stripping was used, but beyond that i would need a PCGuide type of explination of how it is possible.

I figure the DOD is notorious for overkill and just because they wipe it 7 times doesnt mean it was any MORE deleted than if it were done only ONE time. Gimme some input folks. Thanks....

[This message has been edited by xor_chad (edited 11-22-2000).]

Charles Kozierok
11-23-2000, 08:55 AM
You would be amazed the incredible destruction, both physical and magnetic, that has been heaped on disk drive platters that have been successfully recovered. It's widely documented, if you look around.
When people tell me "I have very sensitive information on my disk and need to send it in for warranty replacement", I tell them the safest solution is this: don't send the drive out at all, just cough up $200 for a new drive. It's a matter of priorities.
I believe that utter physical destruction is considered the only really safe way of ensuring a disk cannot be read at all. And I don't mean smashing it with a hammer--I mean using a metal compactor, incineration at high temperature, that sort of thing.

Charles M. Kozierok
Webslave, The PC Guide (http://www.PCGuide.com)
Comprehensive PC Reference, Troubleshooting, Optimization and Buyer's Guides...
Note: Please reply to my forum postings here on the forums. Thanks.