On Sunday 18 July 2004 9:05 pm, Tim Connors wrote: > Now, there's a thought. > > You better destroy that drive afterall. If the drive had any bad > blocks, and these were transparently remapped (as they do), then you > can't tell that there have been remapping events (maybe SMART will > tell you...). When you run wipe across /dev/hda, the drive will wipe > all the current data, ignoring the blocks that were remapped onto > another part of the drive. > > So Mallory comes along, buys the computer, and uses a low level tool > to look at all the sectors that were remapped. Then he finds in one of > those sectors that were remapped, the evidence of corruption that Bush > was trying to hide :) Definitely possible, but you'd need special firmware for the drive before you can attempt to scan remapped sectors. Some data recovery services have such firmware, so this method of recovering data is possible, but expensive. Like I said earlier, whether using DBAN or otherwise wiping the hard drive is enough depends on your answer to the question: How much time and money are your enemies likely to spend trying to recover data from your hard disk? In the vast majority of cases, the answer is "Not very much", so using DBAN is Good Enough (TM).
Attachment:
pgpcGMJQ4KZJY.pgp
Description: signature