• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Help me try and prove the courts wrong

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

Marley

Member
Joined
Jan 7, 2003
Location
Liverpool, Uk
I have a friend thats a defence lawyer and hes had a case conserning a file that was downloaded. So called experts have been in to the court and put accross a case that claims information can always be recovered off a harddrive because they claim they have advanced programs. I thought that once a harddrive was formatted and information written over the area where old information was stored that that areas of the old information would be unrecoverable. I aslo though that if a person was to low level format then isnt all information gone? or is it still recoverable?

Thanks marls
 
yeah Im not positive but I think that a low-level format will erase everything and will render the information previously on the drive unrecoverable.
 
Turd Furguson said:
Use Autoclave and run the program at least 100 times in a row.

or "HULK SMASH HARD-DISK DEVIL! SMASH!", are they requiring an intact hardrive or do they have a warrant to inspect the items.
 
I would think that unless the relevant magnetic marker could be completely erased off the surface of the disk then even after a few formats you may be able to pick up the signal.

I would think that formatting and writing 1s then 0s and then 1s then 0s a few [hundred] times would perhaps remove such markers completely but even then there are possibly systems out there that could recover data.
 
Formatting erases the data, but with special equipment you can recover very old data off a harddrive.

Empty a 12guage shotgun with slugs into it.
Repeat.
 
If they are willing to spend enough money, they can recover the data, the only real way to erase it is destruction of the drive. I suggest acid and thermite.
 
After 5 or 6 zero'ings and 4 or 5 random data writes to the Hard Drive, the data is as good as gone. They could take it apart and inspect the platters for impressions, but they would only be able to get random bits of data at that point. I think the goverment standard is less then that for most projects.
However, with an electron microscope, I think the data could be recovered, but that would take months/years and hundreds of thousands/millions of dollars in labor/microscope usage.
 
Bensa said:
You can recover data with good gear even after several formats.

This guy is right. Because the bits are not stored in the exact same place, a "residue" if you will is left on the platter. It takes many re-wrights over and over to totally remove data. Even so, bad luck can still screw you using this method, its just highly efective. Why, however, do you think the government destroys HDDs that have had classified data.
 
subtotal said:
can you say microwave?

I would think the best would be to shoot extremely high noises or vibrate the HD very fast, the platters (ceramic most likely) will shatter, but leave the ouside intact. They have no evidence and cannot prove that it has been tempered with. You could claim that it was damaged during transportation. :)
 
Run a program that randomly writes on the HDD, no DA is gonna try to get data off something that's been written over 10-20 times randomly for a case such as this (would just cost way too much).

But as everyone has been saying...the data is there and can be recovered in theory, in practice though I doubt you'd be able to get anything admissable in court because of the complexity of the process. I doubt one jurror would really understand the process.
 
I believe that Autoclave is the prog that says
"20 structured passes. Probably secure against the NSA"

Please note the use of the word 'probably'. What the forensic experts are getting off the disks that have been formatted are what they call 'ghosts' They are the remaining magnetic signature of the files that used to be there. Even with formatting the ghosts remain. The reason the 20 structured passes (low-level formatting writing a letter/number/symbol to EVERY block on the drive) usually work is that the original 'ghosts' get lost amid the jumble of all the new 'ghosts'.

Many security installations require any drive that dies to be frozen in liquid nitrogen then smashed before they are disposed of. Multiple destruction methods used on the same disk (i.e. acid then hammer then fire) is the only way to guarantee the information cannot be recovered.

DWolf:cool:
 
As mentioned thermite and other things that go boom make for the most creative and fun ways but i believe they make alot of applications these days that can do erasures to the DoD publicised standards, which if i remember correctly is like writing it with 0's and whatnot 7 times.

And somebody had to say it, Manchester U is better :p
 
Back