Hacker News new | ask | show | jobs
by JohnFen 1110 days ago
A read/write head does not follow precisely the same path every time. It has a positioning error that makes subsequent reads/writes take place slightly offset from earlier ones.

With the proper equipment and expertise (and helped out by the error correction mechanisms), you can recover a substantial amount of data that has been "overwritten" on an existing track.

This is why "data shredding" applications erase the old data by overwriting it with random data multiple times. That increases the chances that one of those writes will also write over any older data that was shifted slightly to the side.

But that's no guarantee. This problem is why organizations that need an extreme level of security require the complete physical destruction of the platters when decommissioning.
2 comments
unaindz 1110 days ago
That's theoretical only. Nobody has ever demonstrated that since the theory started and now hdd complexity and density has increased dramatically.
link
JohnFen 1109 days ago
I had to check with some experts on this that I know, to make sure that I wasn't talking nonsense.

I wasn't, exactly, but I also wasn't correct in the modern day. Retrieving erased information from hard drives like this was certainly a thing (a thing that I myself have seen done, so I know first-hand).

However, after hard drives moved beyond MFM it stopped really being possible.

So what I was saying isn't wrong, exactly, but certainly isn't relevant to today's hardware.

link
Gordonjcp 1110 days ago
Okay, but how can you determine what the old value was, given that it's now a random value multiplied by a random value with yet another random value added on top?

Hard disks don't record zeros and ones...

link
JohnFen 1110 days ago
> but how can you determine what the old value was, given that it's now a random value multiplied by a random value with yet another random value added on top?

It's an extremely difficult problem, and in the best case you won't get a complete copy of old data. That's why this isn't an avenue of attack that you're likely to ever encounter.

This is the sort of thing that would only be considered by very wealthy attackers (governments and corporations), and even then only if they're very certain that the drive contains data of unusually high value.

But it is possible, and has been done, to extract useful data that has been overwritten a single time with zeros.

link
Gordonjcp 1108 days ago
Yeah, no, it has not.

It's not possible, because there's no way to distinguish what the previous value was.

link