Super Fast Posted June 27, 2011 Share Posted June 27, 2011 It's been a while since I studied it. I forgot about File Allocation Table vs Master File Table. My bad. Link to comment Share on other sites More sharing options...
Super Fast Posted June 27, 2011 Share Posted June 27, 2011 Quoth from Augeas -> This is disingenuous. If you consider that one pass overwrite is sufficient, then 35 passes will of course 'work'. The point is partly that 35 passes is 34 too many, and even more damning why are we advocating a method which has no relevance to the disks we're using? --------------------------------------- -> 1 pass is sufficient for common peoples, but for higher intellect, it may be possible to circumvent. Please read this: http://forums.whirlpool.net.au/archive/556828 In particular, pay attention to this post by jumanji: try "GDBNT - Get Data Back for NTFS". I used this just last week at work to recover a deleted file and this utility found files from 2-4 formats and overwrites. ie, install windows, format, reinstall windows, format reinstall windows....and it still found files from the original install. If you wiped the disk using one of those Dept Of Defence recognised utilities then the only way to recover would be to take the disk to a recovery specialist and pay lots of money and even then its not a guarantee. The claim is that this utility recovered from a drive after 2-4 overwrites and formats. Not to be taken lightly. _________________________________________ I am sure that multiple overwrites can be detrimental to a drives life cycle, but again, the object of wiping a drive isn't really to conserve lifecycles, but rather, to permanently destroy data that resides therein. * I would liken the wipe cycle to something akin to a personal shredder. If you do not shred your personal documents, I can easily find out anything about you. -> Strip Shredder -> Give me a few minutes, I can piece it back together if I am lucky. -> Cross Cut Shredder -> I can probably do the job in a few hours. Thanks for the effort! -> Multiple Cross Cut Shreddation -> More effort than it is worth, & I probably wouldn't even try that one. I have been told that certain people have access to machines capable of causing a drive to read to the left or right of a drive tract to glean data, as well as magnetic underscanning for "ghost" images residing on a drive. In addition to various other, I believe the above example illustrates fairly obviously why 1 pass may not always be enough. Sure, for certain situations it is good, but if 1 pass is truly sufficient, then why is there even an NSA or DOD standard? Surely, they know better than any of us, having access to more specialized machinery, what is capable than what is not? _________________________________________ As to the Gutmann comment concerning outdated at 1996, I look at it this way... You can choose a 1940 car or a 2011 car, & they are very different, but also very identical because at the end of the day, they all do the same job in the same way. They have a gas engine usually, with 4 wheels that rotate to take you places. Drives are the same way (excluding SSD type). They are rotational & write & read data in very similar manners. Sure, the drives change density/speed/layers but at the end of the day, multi-pass destruction (for the moment) seems to be the best data destruction (aside from acid bath/torch etc). Link to comment Share on other sites More sharing options...
Alan_B Posted June 27, 2011 Share Posted June 27, 2011 1. Some newcomers seem to think that wiping files or free space give the benefit of more free space. Who knows, some could even believe it gives 35 times as much ! ! 2. Please note that jumanji DID NOT SAY he recovered a file after the disk been wiped, he said the disk had been formatted, which elsewhere in that topic was generally understood to remove the partition table and nothing else, (and who am I to disagree), and Windows was then reinstalled, and the format and reinstall was repeated. He specifically stated that he was attempting to recover a deleted file with "GDBNT - Get Data Back for NTFS", and he specifically REFRAINED from saying that the file was recovered. The post that followed was a declaration by someone else that "GDBNT - Get Data Back for NTFS" was absolutely useless for him, and he had used "R-Studio, which recovered 3 GB of digital camera photos and work files" Personally I would have :- had the competence to ensure that all I needed was backed up by Macrium and I would have never needed to recover a deleted file, never gone for a wild goose chase looking for a file that had been present more than two Windows Installations ago, and may well have refrained from voluntarily admitting such stupidity on an open forum. All jumanji claimed to recover was a few files that were present two Windows installations ago, and I really doubt he would have felt a need to recover a file that far back, in fact I cannot remember much about the file names I had on the Laptop I was using until February ! ! ! The point jumanji was making that what was recovered were some files which presumably had time stamps that told him were from the first Windows installation. I concluded those files had never been wiped and never been over-written. I am a bit frustrated that my explanation has already been reached and explained before I had a chance, I just saw it when clicking back to confirm what I have already written, but a copy and paste will save me typing it User #76972 1198 posts Blurter Whirlpool Enthusiast ... Well, a reformat and reinstall does not guarantee your original data was overwritten. You managed to recover your data from a portion of the disk that was not overwritten by the reinstall and subsequent use. On large drives this is not uncommon. If you wiped the disk using one of those Dept Of Defence recognised utilities then the only way to recover would be to take the disk to a recovery specialist and pay lots of money and even then its not a guarantee. If the entire drive was overwritten by even a single pass, you are not getting back that overwritten data. Never mind those placebo "DoD" wipe levels. Please note that this is the absolute final word on that topic. jumanji posted on 2006-Aug-15, 4pm AEST Blurter posted one hour later at 2006-Aug-15, 5pm AEST jumanji is credited with 1004 posts so I can only assume that Blurter was absolutely correct, Otherwise jumanji would have countered the explanation - obviously he had not previously realised this was what he observed. Link to comment Share on other sites More sharing options...
Super Fast Posted July 2, 2011 Share Posted July 2, 2011 1) Nowhere was it indicated that anyone supposed that wiping a drive 35 times yielded 35 times more free space. Wiping a drive isn't intended to yield free space over, & over, & over, & over. Once data has been overwritten, no more free space is possible. This does not mean 100% that it cannot be electron microscopy recovered after a wipe, due to the way magnetic drives handle the writes. Much like the way you drive a car in the center of your lane (but have the option to interleave to the right or to the left somewhat of your side of the road before falling off into the ditch or hitting oncoming traffic, then consider: The data being written to be like unto the car you are driving. Although the data is presumed to be to the middle of the track being written, it can happence that the data is written to the left or right of the track somewhat (margin of error). Additionally, seeing the known properties of magnetic media, we can concur that residual data may be present on the underside of platters to recover as well. Unless you have experience in these areas of expertise, I would think wisely before answering so brief. Surely, "wiping" a drive may work for novices 1 time, but have you ever considered why the DOD & NSA even use multi-pass wipes for security? They would not do so without a reason, I presume. It is well-known that the computers we use are only just entering the 4/6/8 core for the desktop pc, while scientists have had computers since 1996 with almost 100 cores... What we have, & what "they" have are totally different. In the sense that they are far more advanced. When you are concerned with data destruction, you are not so much concerned about the average joe so much as you are from corporate snitches & big brother. Were we to do as you told, a single pass would suffice for spies looking minuscule data to glean/harvest/sell on all drives. While this is a nice fantasy, & while I am sure a single pass does at least a decent job, I see no proof whatsoever that it is the end-all of data destruction. 2) I believe that it is wrong to jump to the conclusion that the guy only quick formatted the drive, as opposed to a more thorough methodology. Whilst this may be true, it is also truth that jumping to conclusions leads to false persuasions. Link to comment Share on other sites More sharing options...
Alan_B Posted July 2, 2011 Share Posted July 2, 2011 1) Nowhere was it indicated that anyone supposed that wiping a drive 35 times yielded 35 times more free space. Wiping a drive isn't intended to yield free space over, & over, & over, & over. You are wrong. I did not state that this was part of your belief system, nor indicated that I read it in what you linked to. There was one newcomer to this forum a little while ago who was wiping free space because he hoped he would get more. I will admit that multiplying free space by 35 times was not his stated ambition - that is just a thought that amused me. 2) I believe that it is wrong to jump to the conclusion that the guy only quick formatted the drive, as opposed to a more thorough methodology. Whilst this may be true, it is also truth that jumping to conclusions leads to false persuasions. You totally failed to understand that post and the two which immediately followed and totally contradicted him. One said that he experienced the recommended tool and it was useless, and the second guy jumped to the same conclusion that I jumped to. Do you not understand that the person you quoted had totally misunderstood what he had seen, and what I jumped to was fully explained only one hour later by Blurter. For almost 5 years jumanji has not responded with a rebuttal. Both these people were very frequent posters on that forum, they is no way that jumanji would have refrained from a response if Blurter was wrong. Blurter was right and therefore I was right. You based your argument upon the claims made by jumanji for data recovery by "GDBNT - Get Data Back for NTFS", which is an application that can be used without hardware modification upon any confiscated or stolen computer. You are making quite a jump now with the use of electron microscopes and 100 core computers. I think if anyone is concerned about being investigated to that extent they would keep the lot encrypted. I doubt that many CCleaner users are in that category. I accept as truth that electron microscopes for this purpose are a myth so far as magnetic media are concerned. See http://www.heliosdf.com/blog/?p=47 from which I quote as a more likely technology "magnetic force microscopy (MFM), and a variation of this technology called magnetic force scanning tunneling microscopy (STM)" Also see http://free-backup.info/physical-data-recovery.html This says of the tool "This painstaking process takes several months" (i.e. you should be out on bail before they finish), and suggests a cost of "100,000s of Dollars" for a 20 GB drive (i.e. they really really want that data, they may have more extreme means of getting results) The data being written to be like unto the car you are driving. Although the data is presumed to be to the middle of the track being written, it can happence that the data is written to the left or right of the track somewhat (margin of error). So far as high powered analysis is concerned I accept that the magnetic waveforms of data written to a track leaves residues after a wipe, and if the wipe is a regular pattern then it may be able to detect small variations from that regular pattern due to the residues. If it happens that the data is to the right of centre, and the wipe is to the left, there may be an optimum position to the right where the data is less obscured, and by cancelling a percentage of the regular wipe an improved estimate of data could be made, perhaps. In reality I suspect everything is made as small and tight as possible, and the distance between tracks is reduced until typical vibrations make the cars weave side to side as on a bridge in high winds in disaster films, so the data and wipe paths will not track consistently but will randomly intersect. Conclusion, if you deduct a fixed percentage of a consistent Wipe pattern from an accurately observed magnetic pattern, the result is not only related to the previous data pattern but also the random effects of vibration and residues from earlier data patterns. I think anyone using high power tools will find most of the data irretrievable, but may find useful snippets. I really doubt they would be after the average person's financial information. Link to comment Share on other sites More sharing options...
Winapp2.ini Posted July 3, 2011 Share Posted July 3, 2011 These posts are becoming insurmountable mountains of text Is the removal of Gutmann really that controversial? winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
Moderators hazelnut Posted July 3, 2011 Moderators Share Posted July 3, 2011 Yes this topic seems to have become just a 'conversation' between Alan_B and Super Fast. Would be best if they continued it via pm. Topic closed. Support contact https://support.ccleaner.com/s/contact-form?language=en_US&form=general or support@ccleaner.com Link to comment Share on other sites More sharing options...
Recommended Posts