The Great Zero Challenge - Since January 2008
Frank Merlott
A. A challenge to confirm whether or not a professional, established
data recovery firm can recover data from a hard drive that has been
overwritten with zeros once. We used the 32 year-old Unix dd command
using /dev/zero as input to overwrite the drive. Three data recover
companies were contacted. All three are listed on this page. Two
companies declined to review the drive immediately upon hearing the
phrase 'dd', the third declined to review the drive after we spoke to
second level phone support and they asked if the dd command had
actually completed (good question). Here is their response...
paraphrased from a phone conversation:
"According to our Unix team, there is less than a zero percent chance
of data recovery after that dd command. The drive itself has been
overwritten in a very fundamental manner. However, if for legal reasons
you need to demonstrate that an effort is being made to recover some or
all of the data, go ahead and send it in and we'll certainly make an
effort, but again, from what you've told us, our engineers are certain
that we cannot recover data from the drive. We'll email you a quote."
. Why are you doing this?
A. Because many people believe that in order to permanently delete data
from a modern hard drive that multiple overwrites with random data,
mechanical grinding, degaussing and incinerating must be used. They
tell others this. Like chaos, it perpetuates itself until everyone
believes it. Lots of good, usable hard drives are ruined in the
process.
What exactly is the challenge?
A. Your company can have a crack at the drive. You don't actually have
to recover any more data to win the challenge, just tell us the name of
one (1) of the two (2) files or the name of the one (1) folder that
existed in this screen shot before the dd command was executed.
What kind of hard drive is it? How much did it cost? Is it new? Does it
work? How did you format it? Why did you buy this drive?
A. Western Digital (WD800JB) 80GB hard drive. We paid roughly $60 USD
for the drive. It is new. Yes, it works. We did a default
initialization and NTFS format from within Windows XP. It was the
smallest and least expensive hard drive we could purchase new. It's
also a very plain, common drive. Data recovery firms should have a lot
of experience dealing with this type of hard drive.
May I enter the challenge?
A. Yes, if your company is an established, professional data recovery
company (see below). Send a self-addressed, postage-paid box with
packaging material to the address listed below and we will mail the
drive to you.
THE CHALLENGE BEGAN ON JANUARY 15th 2008.
How do I win the challenge?
A. Your company must identify the name of one (1) of the two (2) files
or the name of the one (1) folder that existed in this screen shot
before the dd command was executed. You do not have to actually recover
any more data from the drive, but you can if you are able to. You also
must publicly disclose in a reproducible manner the method(s) used to
win the challenge. Here is the answer to the challenge. It's a TIF
screen shot that shows the original contents of the root folder of the
drive before the dd command was executed. It's PGP symmetrically
encrypted using GnuPG. The key will be released should someone win the
challenge. Should someone win, they get to keep the drive. They also
will receive $500.00 USD and the title "King (or Queen) of Data
Recovery".
Q. Is this a scam?
A. No. The challenge is real. The hard drive is real. We hope to
demonstrate that recovering data from a zeroed hard drive is
impossible. Legitimate data recovery firms know this. They will not
take the challenge. Lastly, "Action speaks louder than words but not
nearly as often." - Mark Twain.
--
Privacylover: http://www.privacylover.com
Mike Jones
This starts to look like a publicity stunt when you break down whats
being asked here, and what the legitimate concerns might be of anyone
interested in such matters.
Whats being asked is for companies with reputations to protect to recover
a whole disk of data. Of course they're going to claim its impossible,
because this task under these conditions practically is.
However, the concerns behind the need to wipe data are not regarding
recovering a whole disk of data, but if /enough/ of what was on that disk
can be salvaged to mean something in court, or to a business competitor,
etc.
Even the slightest confirmed shadow of the remains of an already
identified image, for instance, or the contents of a certain known
document, could be enough to swing a jury or a judge, and when you
consider the professional charlatans who occupy positions genuine
techically competant and informed people should occupy, you can put
together an "open and shut case" scenario pretty quickly.
Fact is, even after several "wipes" there is still enough remaining
footprint "splash-over" of previous data for higher level disk-sniffers
to find something of value in a case. Considering the USA now has the
PATRIOT Act virtually neutralising the Constitution and the BoR, this
should be of significant concern to those engaging in "high risk" data
activities.
The only thing dd can /effectively/ do is take a HDD off the "We can make
some money and look good" list for a working data management company with
a reputation to protect, and make it a high expense activity getting the
information they need for whoever wants to find it.
IOW, this is close to a strawman publicity stunt and not much more.
--
*===( http://www.400monkeys.com/God/
*===( http://principiadiscordia.com/
*===( http://www.slackware.com/
Justin Thyme
wrote:
>A. Because many people believe that in order to permanently delete data
>from a modern hard drive that multiple overwrites with random data,
>mechanical grinding, degaussing and incinerating must be used. They
>tell others this. Like chaos, it perpetuates itself until everyone
>believes it. Lots of good, usable hard drives are ruined in the
>process.
>
I think you may be missing the point. It is often cheaper to slag a
$60 drive than to pay an employee or IT service company to wipe it.
How would you zero the drive if all you had was a win32 system? Then
how do you guarantee to some specified level of confidence that the
wipe was successful? I do agree that a DOD style three pass wipe is
probably no better than a single pass, but it is not used because of
its effectiveness. Rather it is used because it is a regulatory or
contractual requirement,
J. T.