9 Mar
2011
9 Mar
'11
12:06 p.m.
On 3/9/11 11:46 AM, vintagecoder at aol.com wrote:
I don't know how that can be true. I can
understand deleting doesn't work
but is it true a simple dd if=/dev/zero of=/dev/sdx onto the flash card
doesn't fill it with zeros?
From reading the papers, there are many redundant cells, and the controller
between you and the flash is free to remap and lie about what it has really
done, including continuing to erase cells that have been marked for garbage
collection long after writing has stopped. This invalidates assumptions of
repeatability of data recovery assumed for forensic evidence.
Concern from the data security folks is what is really still there
on the parts if you go directly to the chips and bypass the controller.
I'm concerned about the optimizations they mention in the controller firmware
geared to proprietary file systems (NTFS). What if these are accidentally performed
on some file system that ISN'T and NTFS file structure?