[ale] Drive recovery

Bob Toxen bob at verysecurelinux.com
Thu Jun 9 13:28:22 EDT 2005


On Wed, Jun 08, 2005 at 05:20:42PM -0400, tfreeman at intel.digichem.net wrote:
> About 10 years or more ago, I used one of those drive recovery services. 
> Yes, expensive, but not all that expensive. Seems like we had a discusion 
> of sorts along the lines of secure deletion a year or two ago. I _still_ 
> like the idea of floating the platters in HF, although there are 
> hazzardous waste issues.
Anyone who understands the the file system structure (ext2, Unix BSD
Fast File system, etc) can recover most of the data in a few days to
a week.

After a client accidentally did "rm -rf /" as root, it tooke me a week
to recover 90% of his important files.

Btw, if one accidentally does this, the correct action is to immediately
hit the reset button or yank the power cord, whichever can done the
quickest.  The ext2/3 file system has enhancements to the inode
structure (over the basic Unix inode) that makes such recovery easier.

During forensics one frequently can recover data long "removed".

Bob Toxen
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002

> On Wed, 8 Jun 2005, Mark Wright wrote:

> > I have seen advertisments that claim to recover any drive but the  
> > cost is incredible.  Maybe the data security issue is a bit in the  
> > paranoid camp.  It is better to err on the side of caution but does  
> > this "king have no clothes"?
> > 
> > 
> > On Jun 8, 2005, at 10:28 AM, Nathan J. Underwood wrote:
> > 
> > > Mark,
> > >
> > >    I'm glad that I'm not the only one struggling with this.  I've  
> > > had a number of occasions where I've accidentally deleted something  
> > > (not 'secure' deleted it, mind you), and had little or no success  
> > > getting it back.  I've since been looking for this easy way that I  
> > > had assumed everyone but me knew to recover files that weren't  
> > > deleted securely.
> > >
> > > Mark Wright wrote:
> > >
> > >
> > >>
> > >> I have a drive that I would like to recover data from.  Reading  
> > >> the  discussion about secure deleting of data was making me  
> > >> think.  This  drive has nothing wrong except the table of contents  
> > >> can't be read  and I cannot find any program or technique to read  
> > >> any data off it.   If this is a security problem why isn't it  
> > >> easier to read a damaged  disk?
> > >>
> > >> I purchased a program called Data rescue that has saved  
> > >> unreadable  zip disks for me but it cannot decode the data on this  
> > >> disk.  Data  rescue reads blocks of data into memory and compares  
> > >> it to known  format until it recognizes something.  I have let it  
> > >> run for weeks  with no success.  I suppose too much formatting  
> > >> info is missing.  I  know the data is laying out there to be  
> > >> read.  Anyone know of any  utilities to examine bits on a disk?   
> > >> This is  a Mac OS9 formatted  disk, if it makes any difference.
> > >>
> > >> If it is this hard to pull any data off a corrupt disk I would  
> > >> say  that writing random data all across a hard drive to secure  
> > >> delete is  a waste of time.  Nobody would go through what I have  
> > >> gone through to  read this disk on a used purchase or a salvage  
> > >> disk  if they did not  know something valuable was there.
> > >>
> > >> Mark
> > >> _______________________________________________
> > >> Ale mailing list
> > >> Ale at ale.org
> > >> http://www.ale.org/mailman/listinfo/ale
> > >>
> > >
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> > >
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> > 
> 
> -- 
> =============================================
> If you think Education is expensive
> Try Ignorance
>                    Author Unknown
> ============================================
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale



More information about the Ale mailing list