| 1 |
On Thu, Dec 17, 2009 at 8:13 AM, Alan McKinnon <alan.mckinnon@×××××.com> wrote: |
| 2 |
> On Thursday 17 December 2009 02:37:54 Robert Bridge wrote: |
| 3 |
>> dd is pretty thorough... afterall, it writes to every single block on the |
| 4 |
>> disk. |
| 5 |
>> |
| 6 |
> |
| 7 |
> And the resulting effect from doing that once is: |
| 8 |
> |
| 9 |
> Trivially easy to recover the data that was there just before you did the dd |
| 10 |
|
| 11 |
1) It's not trivial. Yes, a forensic lab can probably get enough to |
| 12 |
convict, but that is NOT trivial... (And I have been talking to data |
| 13 |
retrieval experts about similar stuff in the last week!) |
| 14 |
|
| 15 |
2) The OP has admitted it's not that sensitive. |
| 16 |
|
| 17 |
3) dd DOES write to every sector of the disk. It does what it does |
| 18 |
pretty thoroughly. |
| 19 |
|
| 20 |
The major weakness of dd (and any other OS based tool) is the |
| 21 |
potential for drives doing sector remapping. The only absolutely |
| 22 |
guaranteed way to eliminate this is a furnace. |
Archives