Some software such as evidence eliminator say that their software can defeat electron microscopes. I have no idea if the product is able to do what is says below, I am quoting evidence eliminator 5.054 Help Files, ---------------------------------------------------------------------------- ----------------------------------- "Secure Under-Writing of existing Files and Folders New World-Beating technology in v4.5 is now available. The disk space beneath existing files and folders can be securely overwritten with multiple passes of garbage according to your settings under the Mode Tab to defeat hardware analysis of deleted files by electron microscopes. Future advancements for this function have already been designed too, and will be available in new versions of Evidence EliminatorT as soon as we have manufactured and fully tested them for reliability and performance. This function may take several hours to complete on a large drive. On ULTRA-DMA drives with a single Zero overwrite set in the Mode tab we have achieved test results of around 10GB of drive space cleaned per hour. The time taken increases proportional to the number of overwrites you select in the Mode Tab and the size of your drives......... """ ---------------------------------------------------------------------------- ------------------------------------------ later4,mike f. lATER4,Mike Fiorentino Master Links 4 Master Investigators http://www.ml4mi.com e-mail: infoat_private OR friindy@a-znet.com -----Original Message----- From: Craig Earnshaw [mailto:Craig.Earnshawat_private] Sent: Tuesday, October 02, 2001 11:25 AM To: Mike Zanker Cc: forensicsat_private Subject: Re: Recovering data from a wiped HD Encase is one of the many computer forensics tools out there - one of the better ones though. In terms of recovering data from a wiped drive that has been overwritten your chances are slim (unless you've got a very big budget and are very determined). If you're serious about wanting to do it you need to find out more about microscopy - the technique that can be employed to recover the data based upon the magnetic signal strength on the drives surface.. In addition to this when data is overwritten many times (eg the DoD standard of 7) the chances of a technique such as microscopy recovering the data are very slim. I could go on and explain why, but it's rather boring..... Regards Craig Earnshaw Lee & Allen Forensic Computing Services Mike Zanker wrote: > At 14:50 02/10/2001, wim.remes wrote: > > > I've used Encase a few times to perform jobs like this...but I don't have > > a deep understanding of the product ... you can find information on the > > product on http://www.encase.com > > I didn't think Encase could recover completely overwritten data - it's a > software recovery tool isn't it? > > -- > Mike Zanker | E-mail: M.Zankerat_private > AACS Network Development Team | Tel : +44 1908 652726 > The Open University | Fax : +44 1908 652193 > Milton Keynes, UK | PGP public key available > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 03 2001 - 04:17:11 PDT