data shredder

Amedee Van Gasse (ub) amedee-ubuntu at amedee.be
Mon Dec 21 22:11:36 UTC 2009


On Mon, December 21, 2009 16:59, Steve Flynn wrote:
> On Mon, Dec 21, 2009 at 3:52 PM, Rashkae <ubuntu at tigershaunt.com> wrote:
>> Steve Flynn wrote:
>>> On Mon, Dec 21, 2009 at 1:36 PM, Amedee Van Gasse (ub)
>>> <amedee-ubuntu at amedee.be> wrote:
>>>
>>>> Can you name a few of those forensics softwares? + documentation about
>>>> how
>>>> they actually work and what the conditions are to get usable results?
>>>> Preferably something recent, not some outdated standards published by
>>>> the
>>>> USA government (I don't trust foreign governments on that subject, I
>>>> don't
>>>> even trust my own government).
>>>
>>> In the news recently - COFEE (Computer Online Forensic Evidence
>>> Extractor)
>>>
>>> http://www.google.co.uk/search?q=coffee+forensic+tool should get you
>>> started... you can easily find it on the Torrent sites.
>>>
>> Coffee is not even close to being able to recover data that's been
>> overwritten, even by a single pass of zeros.   Even in theory,
>> recovering that kind of data would require removing the platter from the
>> hard drive and carefully scanning the surface with some star trek
>> sounding gizmo microscope, then using software to make a 'best guess'
>> about the contents, (not that tricky if the data was written once to a
>> pristine drive then overwritten once with zeros, but that's a best case
>> scenario for recovery.)
>
> I know Rashkae.
>
> Amadee asked for some examples of forensic software - no more, no less.

You took my question out of context. I will repeat the entire context:

-----------
On Mon, December 21, 2009 10:04, Gilles Gravier wrote:

> The problem with these commands, is that you're not really helping...
> Forensics tools will read below one or more levels of re-write. You need
> to do this several times in a row... and, more importantly, you need to
> use special data patterns that will actually make reading shadows of
> former data harder if not impossible. There are standards for that. And
> they do not involve writing random data or zeros, but actual specific
> patterns.

Hi!

Can you name a few of those forensics softwares? + documentation about how
they actually work and what the conditions are to get usable results?
Preferably something recent, not some outdated standards published by the
USA government (I don't trust foreign governments on that subject, I don't
even trust my own government).

Or are you talking about disassembling a hard disk in a dustfree room and
reading the actual magnetic patterns with a scanning probe microscope to
get a palimpsest image of the disk?
----------

It's obvious that I asked for forensic software that is able to read below
one or more levels of rewrite. Obviously I wasn't asking for any random
forensic toolset, I can easily hack those together with a few standard
GNU/Linux tools like dd, strings, grep and such.

> I've had the dubious pleasure of attempting to recover data from a
> partially degaussed 3490E cartridge using internal IBM software. Not
> for the faint of heart.

I assume that you were able to restore data from the part of the cartridge
that wasn't degaussed. I'm sorry but that is just a lot of hard work, it's
not technically impossible.
I was asking about software that can restore data from the part that *is*
degaussed.

-- 
Amedee Van Gasse





More information about the ubuntu-users mailing list