RE: Solid State HDD Data Recovery?

From: Wall, Kevin (Kevin.Wallat_private)
Date: Mon Sep 10 2001 - 16:49:30 PDT

Next message: adam: "Re: Forensics on IBM AIX (with JFS)"

Previous message: Matthew.Brownat_private: "Re: Solid State HDD Data Recovery?"
Maybe in reply to: Eric Boltz: "Solid State HDD Data Recovery?"
Next in thread: Stefan Rother: "Re: Solid State HDD Data Recovery?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Eric Boltz writes...
> I am interested in finding out if there is a way to scavenge 
> data from a Solid State HDD, as you would from a standard mechanical 
> drive?  From what I understand, as soon as power is removed from the SSD
> (and the built-in battery is drained), all data is irretrievably lost...
> is this true or is there a way of examining SDRAM-based drives to retrieve
> the data?

I suspect that the techniques that Peter Gutman describes Section 7 of
his excellent paper

	"Secure Deletion of Data from Magnetic and Solid-State Memory,"
	Proceedings of the Sixth USENIX Security Symposium, July 1996,
	
http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gut
mann/

might work as well for SDRAM-based solid state HDD. Gutman states,

	"Both static (SRAM) and dynamic (DRAM) memory retains some
	information on the data stored in it while power was still
	applied. SRAM is particularly susceptible to this problem,
	as storing the same data in it over a long period of time
	has the effect of altering the preferred power-up state to
	the state which was stored when power was removed."

He doesn't specifically detail the special hardware used to do this
and not being a EE or materials science major, I wouldn't have a clue.
But my guess is, data recovery would be pretty expensive. I don't know
if retrieving data from powered-down SRAM/DRAM also involves magnetic
force microscopy (MFM) or magnetic force scanning tunneling microscopy (STM)
that Gutman describes that can access other magnetic media--the USENIX
paper didn't mention it. Perhaps a search for RAM and "data recovery" on
<insert_your_favorite_search_engine_here> would reveal places to followup.

Good luck,
-kevin wall
---
Kevin W. Wall		Qwest Communications International, Inc.
Kevin.Wallat_private	Phone: 614.932.5542
"Microsoft set the security state-of-the-art back 25 years with DOS, and
they
have continued that legacy to this day." -- Bruce Schneier, CRYPTO-GRAM,
6/15/99

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: adam: "Re: Forensics on IBM AIX (with JFS)"
Previous message: Matthew.Brownat_private: "Re: Solid State HDD Data Recovery?"
Maybe in reply to: Eric Boltz: "Solid State HDD Data Recovery?"
Next in thread: Stefan Rother: "Re: Solid State HDD Data Recovery?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Sep 12 2001 - 10:22:12 PDT