> From: zfs-discuss-boun...@opensolaris.org [mailto:zfs-discuss- > boun...@opensolaris.org] On Behalf Of Eric D. Mudama > > I believe the reason strings of bits "leak" on rotating drives you've > overwritten (other than grown defects) is because of minute off-track > occurances while writing (vibration, particles, etc.), causing > off-center writes that can be recovered in the future with the right > equipment.
That's correct. In spindle drives, even if you "zero" the drive, the imprecise positioning of the head is accurate enough for itself to later read "zeroes" accurately from that location, but if the platters are removed and placed into special high precision hardware, the data can be forensically reconstructed by reading the slightly off-track traces. This process costs a few thousand per drive, and takes about a week. So "zero"ing the drive is good enough data destruction for nearly all people in nearly all situations, but not good enough if a malicious person were willing to pay thousands to recover the data. BTW, during the above process, they have to make intelligent guesses about when they're picking up formerly erased bits and when they're picking up noise. They have to know what to listen for. So they can identify things like "that sounds like a jpg file" and so on ... but if the data itself were encrypted, and the empty space around the useful data were also encrypted, and then the whole thing was then zeroed, it would be nearly impossible to recover the encrypted data after zero'ing, because even the intended data signal would be indistinguishable from noise. And even if they were able to get that ... they'd still have to decrypt it. > Flash doesn't have this "analog positioning" problem. While each > electron well is effectively analog, there's no "best guess" work at > locating the wells. Although flash doesn't have the tracking issue, it does have a similar stored history characteristic, which at least theoretically could be used to read formerly erased data. Assuming the storage elements are 3-bit multilevel cells, it means the FG charge level should land into one of 8 bins ... ideally at the precise center of each bin each time. But in reality, it never will. When programming or erasing the element, the tunnel injection or release is held at a known value for a known time, sufficiently long enough to bring the FC into the desired bin, but if the final charge level lands within +/- 5% or even 10% or more, off center from the precise center of the bin, that doesn't matter in normal operation. Because it's still clearly identifiable which bin it's in. But if a flash device were "zero"ed or "erased" (all 1's) and a forensic examiner could directly access the word lines, then using instrumentation of higher precision than the on-chip A2D's, the former data could be extracted, with a level of confidence similar to the aforementioned off-track forensic data reconstruction of a spindle drive. Problem is, how to access the word lines. Cuz generally speaking, they didn't bring 'em out to pins of the chip. So like I said ... theoretically possible. I expect the NSA or CIA could do it. But the local drive recovery mom & pop shop ... not so likely. _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
