StORM48
Član broj: 22809 Poruke: 7536
|
@MaRaToNcI
Malo si promašio temu. Pročitaj ovaj thread od početka, pa ćeš videti da apsolutno NIKO, ni u jednom trenutku, nije doveo u pitanje vraćanje podataka sa izbrisanih, formatiranih i uništenih diskova. Već sa više puta prepisanih.
@Ranikola
Svaka čast za tvoje znanje i posao, ali ti ne komuniciraš sa ostalima na istoj frekvenciji. Razilazimo se oko samog problema. Ti popravljaš pokvarene diskove, a mi pričamo o vraćanju podataka sa prepisanih diskova. To su potpuno druge stvari. U prilog tome evo pisanija nekog lika koji je radio u US Department Of Defence, a koji kaže (sa interneta):
"In that case you would need to go to a disk forensics specialist like a Police Department, we are taking a minimum of probably $10,000 US. And still NO guarantee the information could be retrieved in any usable form.
This issue comes back from time to time. The Usenix needs to provide a proof of concept, I'm not sure they realized how often this theory would be revisited. This was a concern of ours during the last War, while I was in the DoD that is.
Costs: The equipment costs, no longer appears to be an issue. You would need a raw disk platter controller and mount, a clean room, a semi powerful microscope. This is just the basic equipment list, but could cost under $10,000.00 before you could start your own microscopic examination of the bit areas, which are referred to as "domains". Probability/Candidates: There are two types of candidates for this
theoretical procedure.
1. If the drive has been zeroized (old Crypto variable term) to overwrite all data (hex 00 written to each byte = all binary zeros written to each domain). It might be like trying to interpret a poster on a wall that has been white-washed. The problem is that both the ones and the zeros have had zeros written on top of them. The only hope you have is that the most recent constant zeroizing process would be slightly (microscopically) off-set, there by revealing the previously recorded binary digit pattern. This may even work even if the different patterns
are swept across the drive several times.
2. If the drive has been re-partitioned, reformatted, and a new instance of an operating system has been installed. Good luck. That would be like trying to interpret a poster with another poster plastered on top. I do not consider this a candidate, at all.
Time: Do the math! How many domains are there on a 20GB hard drive? Multiply the number of domains by how long it would take to visually determine a single domain and then toggle the domain on another drive. I didn't promise there couldn't be a math test today.
Hint: A lifetime. I'd hate to QC this person's work, what an error rate. I do concede that this process could possibly be automated.
Legal: Opposing counsel's expert witness would have a field day. "So, basically you changed the bits as you saw fit"?
Conclusion: Possible Urban Myth. I've seen what these domains look like under a microscopic examination, only after seeing the actual work in front of you, do you truly realize what we are talking about.
Matthew Brown, CISSP
Izvinjavam se na ovako dugačkom postu, možda će ove informacije nekome biti interesantne. Pročitajte, nije loše čuti iz prve ruke.
[Ovu poruku je menjao StORM48 dana 07.11.2004. u 22:24 GMT+1]
|