HDD hacking

In the entry level computer technician course the Comptia A+ it states the only sure way to remove data from a hard drive is to physically remove the cover and remove the plates inside (or ad least disfigure it). one hard drive head can only read the plates from its own drive so one plate cant be put into another hard drive and be read.
Now im not one to believe everything im told but im pretty confident with total destruction.

theres a way to read the old 1's and 0's even if the drive has been overwritten multiple times. i forgot how exactly they do it but say a 1 is overwriting a 0. theres a certain magnetic change that occurs. by reading and recording these changes its possible to predict if it was a 1 or 0 under the top layer number. they can go 3, 4, maybe even 5 layers down from what ive read. now this is very expensive to do and requires a certain machinery to do it but it can be done. The only real way to completely destroy the information is destruction of the disk or degaussing (which removes all the magnetic patterns). I find it cheaper and more fun just to take a hammer to the disk

Just re-read AKStrub01's post and he has a little more technical of an explaination of how it works....

we have been doing some experiments on ricoh machines. we have not found anything readable on the drives. i have a couple of ones that i tried to read, couldn't get anything from them, so reformatted them and used them again. that doesn't mean some super hacker couldn't get any image data after a lot of work, but, the odd sare quite high. when we refurb a machine, we make sure to delete the doc server documents(if any)< and reformat the hdd.

if a customer requests it, we have a station in the shop set up where we remove the hard drive and do the data wip/over write thing.

I have been using DBAN (FREE) to scrub drives. It is a live disk. Using an old computer (I'm using and old PIII 500) boot the live disk, select drives to wipe and the type of wipe (ie DoD 3x), and wait. Takes several hours to do a drive. Leave it over night... Depending how many IDE's you have open, most have 4, so 1 for the CD drive and 3 open for drives to scrub.

Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing

Faster controllers with 80pin IDE cables are faster.

ive been using dban to wipe our drives also...do you get the option to do multiple hard drives at once? ive only used an old laptop (due to the fact it takes so long and no one uses that particular laptop)but maybe ill switch to a tower if multiples are possible.

Yes, I have been doing 3 at a time. Usually leave it overnight... Make sure to set the Master/slave settings. 1 master and one slave per cable. I have one of the four as the cd drive.

Good info. Very useful.

From what I understand, and information given to me, to securely wipe a hdd, you need to do a complete erase 32 times. forensics can still get info if you do less than this.

also the us government will only allow its citizens to legally use 128 bit encryption. If you do use a higher bit encryption, you must supply the encryption key when asked or face an immediate jail term ( unlimited i think, or until you give the key over)

a good encryption program is PGP (Pretty Good Privacy)

Funny that privacy laws in the US are much stricter than here in Canada. I would be of the opinion that freedoms of that sort would be the opposite, yet not so. That said....

The case here is the encryption of data on a hard drive for a copier/printer. Most MFP devices do not have this. The company I work for, Konica Minolta, we sell encryption kits as an option to the end user. Not many of our customers have ever bought one, let alone understand the need. These are all based on the 128 bit level you mentioned. Using Kerberos if I recall.

Paulg posted information that speaks about the 32 writes. I have not heard about that for many years. In Paul's post, a single write process is needed to effectively wipe a hard drive. The process of writing a bunch of zeros and then a bunch of ones is effectively two wipes.

My brother in-law works for the Canadian Forces as a civilian data security consultant. Some conversations with him, he tells me a 5 time overwrite process (both 1 and 0) will effectively destroy any latent data to be found on any current hard drive. With the exception of labs like his, the rest of us will be completely unable to retrieve any data off a hard drive. His lab can and has been able to retrieve limited pieces of information. The general gist was that the longer the information stayed on the drive in the position where it was first written, the more likely the signature of that data would remain, regardless of the rewrite process. He could not elaborate on this any further, since this delves into official secrets. Suffice it to say, there is very little likelyhood that anyone outside of military/intelligence circles are going to be able to retrieve data off our hard drives after a 5 pass wipe, much less a single wipe.

I can retrieve data off a hard drive that has been formatted or partitioned, I have several programs to do this. But I cannot do it if that data has been overwritten, especially in cases of data wiping.

I wish I had seen this conversation earlier but I will give my 2 cents worth now.

Sorry but I have to laff here... Official secrets? Well then most of those secrets are all floating around the silicon valley area of California home to 4 of the largest drisk drive mfg's in the world. I hate to say it but they are not really secrets and any engineer worth damn in the disk drive industry knows those secrets. I am sure if your hang around the engineers over at Seagate, start reading the published white papers, and attend a few conferences can figure it out. I am simplifying it somewhat here but its definately doable. Then there is the geek factor that not only reads all the above but spends countless hours figuring it all out in the sheltered space of their room with nothing more than a few computers, a couple of flavors of unix/linux and a bunch of old drives.

My experience with RICOH unencrypted drives is that data can be recovered. It just takes the right tools to do it and they are easy to find on the internet. In the statements above regarding the storage of data are generally true though there is a lot more involved on how the data is recovered. There is only 1 real way to prevent any kind of data recovery and that is to consume the drive or otherwise melt it down. For most people and companies as mentioned before a 3 pass overwrite will usually be suffice.

I am talking about Official Secrets in relation to the Canadian Armed Forces and what they have at their disposal regarding forensics tools, which are generally not available to anyone in the public sector, outside of law enforcement circles.

Re: HDD hacking

I stumbled upon this discussion and found it to be fascinating; to satisfy my curiousity I took an old Bizhub C250 HD, created an image, and am attempting to extract data from it to see how complicated this might be. So far, I can see a directory structure of sorts, looks like FAT16, but it doesn't look like there are any files in there. Does anyone know for sure what filesystem this type of machine uses? Someone suggested option 2 = hooking the drive back up to the C250 and reprinting or dumping the files out, but I'm not seeing a way to do that. Anyone have success with option 2?