-
Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!
Help me try and prove the courts wrong
- Thread starter Marley
- Start date
- Joined
- Aug 23, 2004
There are a number of disk zeroing programs that do Department of Defense level disk erasures. It's something like writing every bit to 0, then 1, then random, 25 times. (I don’t remember the exact process)
If you did this, the process of recovering the data would probably be prohibitively expensive in a civil case (several thousand dollars). If the government is involved, well, I'm sure they have machines that can pull data off of a drive no matter what you do to it, but somehow I doubt your friend is important enough for them to use such techniques (again, it's a cost thing).
If you did this, the process of recovering the data would probably be prohibitively expensive in a civil case (several thousand dollars). If the government is involved, well, I'm sure they have machines that can pull data off of a drive no matter what you do to it, but somehow I doubt your friend is important enough for them to use such techniques (again, it's a cost thing).
- Joined
- May 1, 2002
- Location
- Salt Lick City, UT
This is an interesting thread...excellent.
As far as I'm concerned, if you don't mind somebody reading the data on your drive someday, then format. Low level format. Empty your recycle bin if it feels good.
I've personally seen and recovered data with off-the-shelf software that had been deleted, overwritten, formatted, and Symantec Ghost overwritten twice. Some files don't survive as well as others, but files remain.
If you don't want anybody to ever get certain files you have, find a good file scrubber. I used to have one that did DoD spec stuff (something like 7 passes of writing zeros...maybe some other stuff?), and had some other higher end algorithms you could try. If I remember right, there was a method that consisted of 30+ passes of rewriting data.
But still, if the DoD scrubs their drives seven times, then crushes or shreds them (physical shredding), AND keeps the trash in a secure area...maybe data is rarely impossible to recover from an erased drive.
Find a good program that is specifically designed to erase any trace of something, then destroy the drive with a swift blast from a high power firearm. FYI, a .30-06 will penetrate a 3.5" hard drive without the slightest hint of projectile distortion. Shoot two or three times =).
-ben
As far as I'm concerned, if you don't mind somebody reading the data on your drive someday, then format. Low level format. Empty your recycle bin if it feels good.
I've personally seen and recovered data with off-the-shelf software that had been deleted, overwritten, formatted, and Symantec Ghost overwritten twice. Some files don't survive as well as others, but files remain.
If you don't want anybody to ever get certain files you have, find a good file scrubber. I used to have one that did DoD spec stuff (something like 7 passes of writing zeros...maybe some other stuff?), and had some other higher end algorithms you could try. If I remember right, there was a method that consisted of 30+ passes of rewriting data.
But still, if the DoD scrubs their drives seven times, then crushes or shreds them (physical shredding), AND keeps the trash in a secure area...maybe data is rarely impossible to recover from an erased drive.
Find a good program that is specifically designed to erase any trace of something, then destroy the drive with a swift blast from a high power firearm. FYI, a .30-06 will penetrate a 3.5" hard drive without the slightest hint of projectile distortion. Shoot two or three times =).
-ben
- Joined
- Oct 18, 2003
- Location
- Leawood, KS
and probably the best way to shoot a hd imo, would be from the side. that way it would catch the patters and probably do more damage.
- Joined
- Oct 9, 2003
- Location
- Phoenix. YOUR HAIR IS GOOD TO EAT
I would just open the hard drive up, take out the platters, and put the hard drive back together. 
Then I'd take the platters and put them on rail road tracks.
Then I'd take the platters and put them on rail road tracks.
- Joined
- Jul 27, 2004
A format dosent remove any thing from the harddrive it just resets the numaric addressed. Even after delete it just removes the address. The only way is to rewrite the data and even them you can still find bits.
OP
- Joined
- Jan 7, 2003
- Location
- Liverpool, Uk
- Thread Starter
- #27
Er this post has gone completely off. I asked if formatting and writing over the information would erase it for good.
- Joined
- Jun 5, 2003
- Location
- TEH INTERNETS
- Joined
- Feb 25, 2001
- Location
- Iowa
Marley said:
...and about 20 people responded to your question, and said "No."
Someone with the right tools and knowledge could recover data, no matter how many times it is written over with 1's and 0's, *some* data will still remain. Physical destruction of the hard drive is the ONLY sure-fire way to get rid of the data.
- Joined
- Sep 17, 2004
- Location
- Auckland, NZ
i've heard they can put the platters in a special machine with a 'steerable' head which allows them to read data that 'leaked' out the sides even when the drive has been subject to a full format
- Joined
- Jun 7, 2004
ok, I'm sure there are programs out there that fill the disc with random data, then overwrite even more random data like 20 times. I'm not talking, 1s then 0s, I mean actual random data. So assuming you have a 160GB hard drive that has been completely overwritten 20 or so times, wouldnt this create so much 'junk' on the HDD that it would be too hard to recover.
Even if each write was perminately ghosted onto the disc, this would create so many random chunks of data, I don't see how anything can recover the data.
but then again, I don't know much about this stuff.
Even if each write was perminately ghosted onto the disc, this would create so many random chunks of data, I don't see how anything can recover the data.
but then again, I don't know much about this stuff.
- Joined
- Feb 25, 2001
- Location
- Iowa
Ninety-9 SE-L said:
And I don't claim to either, but I've heard stories of data recovery company guys getting info off a disk that was formatted with those "government" standard programs, various ones back to back, and still they got data off the drive...
So the government has to have ways even more high-tech and effective than that, I would guess.
- Joined
- Aug 30, 2004
- Location
- Dayton, OH
Bensa said:
Thanks for pointing that out, i've always wanted to rig something like that up.
- Joined
- Aug 15, 2004
I'm disappointed, lol I thought I had an original idea till i saw it in the other thread but I still think it'd be the best way to go, wrap your harddrive in several layers of primacord and have a battery hooked up so it ignites when you hit the button, the temp that that stuff hits would completely vaporize the entire drive metal and all.
- Joined
- Sep 17, 2004
- Location
- Auckland, NZ
how about a plastic/glass syringe filled with strong acid (like pH 1 or something) onto the platters, you could use a couple of old arctic silver containers and seal them to the drive with silicon sealant
- Joined
- Oct 28, 2004
[I know this is completely on-topic according to the original question - but there's some things here I think no one has mentioned that are important, excluding #1...]
You'd be surprised at how old some government technology is. I go to work and see equipment from the 60-70's...
Important Notes:
1. It's not just the file itself that you need to ensure is gone, but the ENTIRE freaking drive, as portions of the file could be hidden within the swap file residue, etc.
2. IF you don't believe they have your hard-drive serial number, you might just be able to do a switcheroo... but be aware that constitutes obstruction of justice along with whatever else. However, if they can't prove it's not the drive... This is taking a chance though, as I remember there's at least 1-2 programs I've seen that use your hard-drive serial number as a unique key to describe you to it's system. However, I don't believe any file-sharing programs do this... as most people would be pissed off to have even less privacy on there. This would be more difficult if you have a pre-made system, with a hard-drive put in by manufacturer, as they'd have serial #'s and whatnot stored somewhere, most likely. (Or could at least say that during X month Y brand hard-drives were put into Z model.)
3. Realize that for most cases, unless you specifically request, there will not be a jury... at least for something as simple as a "one guy downloaded something he shouldn't" case. All it takes is for that judge to find you guilty. Having the defendant completely destroy what they think is all evidence of guilt, along with some partial-evidence provided by the DA (log files, etc.), may constitute in their mind enough to find you guilty. I'd speak with a non-involved lawyer about this and see what they think would be likely to happen if you destroyed the drive... and realize it needs to be an 'accident,' anything else is knowingly obstructing justice.
4. I'd be careful of where and how you accessed even this online. They obviously have monitored the net activity to some extent. Having an 'accident' occur to the evidence, preceeded by posts here (that you visited), saying to destroy it... makes ya look even more guilty.
5. Personally, I'd look into anything and everything that could show someone *else* as having done the "crime." Is it possible someone messed with your phone line on the outside of the house, simply plugging in when they knew you weren't online and using your net? Do you have wireless net?!? That would definitely help! Most people have no idea how to properly secure wireless LAN's, and this could help you. It'd be VERY easy for someone to hijack your net service this way, and there's no way they can prove that someone didn't do it, as far as I know.
If I think of anything else I'll reply...
You'd be surprised at how old some government technology is. I go to work and see equipment from the 60-70's...
Important Notes:
1. It's not just the file itself that you need to ensure is gone, but the ENTIRE freaking drive, as portions of the file could be hidden within the swap file residue, etc.
2. IF you don't believe they have your hard-drive serial number, you might just be able to do a switcheroo... but be aware that constitutes obstruction of justice along with whatever else. However, if they can't prove it's not the drive... This is taking a chance though, as I remember there's at least 1-2 programs I've seen that use your hard-drive serial number as a unique key to describe you to it's system. However, I don't believe any file-sharing programs do this... as most people would be pissed off to have even less privacy on there. This would be more difficult if you have a pre-made system, with a hard-drive put in by manufacturer, as they'd have serial #'s and whatnot stored somewhere, most likely. (Or could at least say that during X month Y brand hard-drives were put into Z model.)
3. Realize that for most cases, unless you specifically request, there will not be a jury... at least for something as simple as a "one guy downloaded something he shouldn't" case. All it takes is for that judge to find you guilty. Having the defendant completely destroy what they think is all evidence of guilt, along with some partial-evidence provided by the DA (log files, etc.), may constitute in their mind enough to find you guilty. I'd speak with a non-involved lawyer about this and see what they think would be likely to happen if you destroyed the drive... and realize it needs to be an 'accident,' anything else is knowingly obstructing justice.
4. I'd be careful of where and how you accessed even this online. They obviously have monitored the net activity to some extent. Having an 'accident' occur to the evidence, preceeded by posts here (that you visited), saying to destroy it... makes ya look even more guilty.
5. Personally, I'd look into anything and everything that could show someone *else* as having done the "crime." Is it possible someone messed with your phone line on the outside of the house, simply plugging in when they knew you weren't online and using your net? Do you have wireless net?!? That would definitely help! Most people have no idea how to properly secure wireless LAN's, and this could help you. It'd be VERY easy for someone to hijack your net service this way, and there's no way they can prove that someone didn't do it, as far as I know.
If I think of anything else I'll reply...
- Joined
- Jun 7, 2004
who exactly filed the claim against the defendent? If they obtained your friend's information by monitering his activity, it most likely voilates the Internet privacy act. Not even the RIAA can file a simple claim against one person to obtain their personal info w/o them committing a crime as well.
http://filesharingtalk.com/vb3/showthread.php?t=83584
http://filesharingtalk.com/vb3/showthread.php?t=83584
OP
- Joined
- Jan 7, 2003
- Location
- Liverpool, Uk
- Thread Starter
- #38
apparently it was the isp 'blueyonder' who reported the defendant
- Joined
- Sep 16, 2001
Here is a link that will go into some of the technical aspects of data recovery or destruction. Easy to read http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/
and you will note that even writing all zeros can be affected by temp in that if the original record was at a temp that allowed a deeper record "burn in" then the zero erase attempts, all data will not be deleted. There are several ways to recover, including substrate methods at molecular levels, but that being said:
Your lawyer friend should look at three points,
one if the question is if his client did erase the file, then it may not have been an attempt to delete incriminating evidence. It could be a scheduled cleaning, it could be something found that was offensive or not understood or not viewed.
two chain of evidence , was it a used drive, used computer, who had access to that computer, repair, lan party etc.
who extracted the file for prosecution, what methods etc.
three did client have that computer secure to “internet” access, could someone else be having access to those drives, be it P2P, hack, malware etc.
and you will note that even writing all zeros can be affected by temp in that if the original record was at a temp that allowed a deeper record "burn in" then the zero erase attempts, all data will not be deleted. There are several ways to recover, including substrate methods at molecular levels, but that being said:
Your lawyer friend should look at three points,
one if the question is if his client did erase the file, then it may not have been an attempt to delete incriminating evidence. It could be a scheduled cleaning, it could be something found that was offensive or not understood or not viewed.
two chain of evidence , was it a used drive, used computer, who had access to that computer, repair, lan party etc.
who extracted the file for prosecution, what methods etc.
three did client have that computer secure to “internet” access, could someone else be having access to those drives, be it P2P, hack, malware etc.
- Joined
- Sep 4, 2003
- Location
- Salmon Arm BC CANADA
I dont see why so many people are talking about these ways that will take so long.
I think the poin here is if the cops bust down your door you want to hit the butten and thats the end of it.
not all this o lets go run this app and then this app then how about we open the HD and then take it to the train trax, Im shure the cops are going to let you do all this LOL JK.
So the butten would be the best way but what would the butten do?
i like the vibration thing but i will have to thing about thsi some more and read the butten post
I think the poin here is if the cops bust down your door you want to hit the butten and thats the end of it.
not all this o lets go run this app and then this app then how about we open the HD and then take it to the train trax, Im shure the cops are going to let you do all this LOL JK.
So the butten would be the best way but what would the butten do?
i like the vibration thing but i will have to thing about thsi some more and read the butten post
Similar threads
