Memories of a Media Card

twistedmoney99 writes "Anyone who has upgraded their digital camera probably has a few older, incompatible media cards lying around — so why not post them on Ebay? Well, if you do, be sure to properly wipe them because the digital voyeurs are watching. Seth Fogie at InformIT.com purchased a bunch of used cards from Ebay and found recoverable data on most of them. Using the freely available PhotoRec application, he was able to extract pictures, movies, and more from apparently formatted cards. The picture is clear — wipe anything that can store digital data before getting rid of it."

I don't even bother to erase mine.

[by Anonymous Coward]

It adds to the value on auction sites. A lot of people are willing to pay a fortune to see images of my dick.

Re:I don't even bother to erase mine.

[DaveM753 (844913)]

You should try using a zoom lens.

(Just kidding!)

Re:I don't even bother to erase mine.

[MS-06FZ (832329)]

You should try using a zoom lens.
 
(Just kidding!)

<sigh>
He'd need a zoom lens if he were very tall - or if otherwise his dick or parts of it were very distant from the camera.

If it were small, he'd want a macro lens.

Re:I don't even bother to erase mine.

[baldass_newbie (136609)]

If it were small, he'd want a macro lens.

You seem to speak from experience...

Re:

[User 956 (568564)]

A lot of people are willing to pay a fortune to see images of my dick.

Do they fight over the microscope as well, or is it usually pretty orderly?

Re:

[Stephen Tennant (936097)]

Even better is, tucked in with dull vacation and random photos, a blurry close up of your balls, which invariably requires closer scrutiny, a "What's that?" from the viewer, and, finally - Huzzah! - rapid recoil and disgust!

Re:

[RESPAWN (153636)]

The sad part is that I remember some friends in college doing this to our RA's camera when we found it left on the stairwell. She was so happy when she knocked on our door to see if anybody had found her camera! I wasn't there when she looked at the pictures, but I can't imagine she was happy for very long. :)

same old story

[born4fun (1045582)]

Hm, haven't we had this story already with hard disks, some time ago?

Re:

[blantonl (784786)]

Ahh.. Hard disks - With all the above posts, I thought you said hard dicks for a second there.

Re:

[ruiner13 (527499)]

No, this one is a copy someone left on a flash card sold on ebay.

Re:

[Fred_A (10934)]

Hm, haven't we had this story already with hard disks, some time ago?

But we haven't had it with tapes, flopticals or CDRW yet. I'm waiting till we can collect the whole set.

Time to use Eraser!

[PurifyYourMind (776223)]

I'm not entirely certain it'd work on memory cards, but it works great on hard drives. You can overwrite clustertips, free space, etc. with many passes of psuedo-random data. I think the new version is commercial, so here's a link to an older version: http://www.tolvanen.com/eraser/ [tolvanen.com]

Memory effect

[by Anonymous Coward]

Memory cards do not have nearly as strong of a memory effect as hard drives. With a hard drive you can write and rewrite multiple times and still have data recovered by someone willing to spend the time, effort, and money. But memory cards are much harder. You could be relatively sure of safety if you just:

1. Delete everything on the card.
2. Fill the card with something not private (maybe a text file that just repeats the same character).
3. Delete everything on the card.
4. If you're paranoid do 2 and 3 again.

If you don't have a computer handy, you can accomplish step 2 by taking photos of a blank sheet of paper or a lenscap or something of that sort.

Re:Memory effect

[ivan_13013 (17447)]

Whoa there. It is NOT bullshit. In fact it is COMPLETELY POSSIBLE to recover overwritten data from a hard drive, even if it was written over several times with random or nonrandom data. Remember that magnetic media cannot really store 1 and 0. It can only store a magnetic flux using ANALOG electronic components!

The NSA today (and other people) can use Magentic Force Microscopy to extract enough detail to reconstruct what used to be on the drive. With only one or two overwrites, a sensitive oscilloscope could suffice.

Here's one paper from ten years ago that talks more about the recovery technique.
http://www.usenix.org/publications/library/proceed ings/sec96/full_papers/gutmann/ [usenix.org]

From the paper:

"In conventional terms, when a one is written to disk the media records a one, and when a zero is written the media records a zero. However the actual effect is closer to obtaining a 0.95 when a zero is overwritten with a one, and a 1.05 when a one is overwritten with a one. Normal disk circuitry is set up so that both these values are read as ones, but using specialised circuitry it is possible to work out what previous "layers" contained. The recovery of at least one or two layers of overwritten data isn't too hard to perform by reading the signal from the analog head electronics with a high-quality digital sampling oscilloscope, downloading the sampled waveform to a PC, and analysing it in software to recover the previously recorded signal. What the software does is generate an "ideal" read signal and subtract it from what was actually read, leaving as the difference the remnant of the previous signal."

THANK YOU. (Yelling deliberate, mods +1 parent)

[BigBlockMopar (191202)]

From the paper: (blah blah blah)

I don't normally waste bandwidth or other resources commenting this way ("Me too! Me too!"), but I have to tell you that was the most kick-ass summary and explanation of the problem. Thank you for knowing an intelligent and concise technical reason for seemingly (and massively) redundant re-writing, thank you for having it handy, thank you for citing the most useful passage, and thank you for posting.

Damn, I never have mod points when I need them. I'd have dumped all of

Re:Memory effect

[plover (150551)]

The only issue I have with Peter's paper (and it's a good one, I read it several years ago) is that it's examining hard drives that are now over ten years old. The "residue" he found of previous passes of data was due in large part to sloppy manufacturing processes, machine tolerances, and out-of-spec electronics.

Modern drives now have data densities two orders of magnitude higher than those on which he did his research. Many of those stray effects have been largely eliminated by higher precision electronics.

Picture in your mind how a hard drive works: the head swings left-and-right, and feedback from a servo track tells the arm when it's centered over the desired data track. In the old days, that arm just had to be close enough. Reading overwritten data worked by checking the area around a bit to see if there was evidence of other bits written when the arm was in a different position. This shows up as higher or lower signal strength.

All that slop was robbing the drive of potential places to store data. By making the mechanics more precise, manufacturers are able to squeeze more cylinders onto a platter, and bits on a track. The slop Peter was able to discover has been largely eliminated.

Re:Memory effect

[Blkdeath (530393)]

I'm sorry, but I don't have any way of publicly contesting this argument and still seem credible. And no offence, but even if I put forth the effort to satisfy your curiosity and yours alone (IE, can it be recovered, or is the data gone)...I feel my time would have been wasted. I'm sure if the tables were turned, you feel the same way.

The fact that I know people who work in criminal forensics labs and recover data for a living aside, you're obviously set in your opinion. I know however that they can recover data from drives that are more seriously mangled than a simple three pass overwrite. If you want to bet your money or your freedom on your opinion that's one thing, but is it too much to ask that you stop posing yourself as some kind of expert on the subject until you become further educated on the subject?

An aside, BTW; I'm tired of reading of the so-called "DoD specifications" for wiping a hard drive. Yes, they exist in the form of software tools etc. but they're for NON CLASSIFIED DATA ONLY. For top-level classification their specification to ensure data destruction remains to this day in the belly of an incinerator. If you don't want a casual user to recover your data with freely available tools and a few hours of spare time the utilities and methods posed will work just fine. If, however, you don't want your {insert law-voilating material here} to be found by actual law enforcement agents, you'd be best served to turn your hard drive and all memory devices into a molten pile of materials and let them have at it.

Re:

[Hawke666 (260367)]

For top-level classification their specification to ensure data destruction remains to this day in the belly of an incinerator.

Wow, even the specification is so secret that it was destroyed immediately? That's f'n hardcore!
One question, though: how do they know how to destroy data properly, if the specification's been destroyed?

dd /dev/random

[ettlz (639203)]

I've recovered photos by hand for family members who've accidentally nuked their memory cards (did it the hard way with a hex editor, dd and cut). So wouldn't dd if=/dev/random of=/dev/ memory-card bs=1K count= card-size-in-kib suffice?

Re:dd /dev/random

[ewhac (5844)]

I wouldn't use /dev/random; it depletes the entropy pool far too quickly. Use /dev/zero instead:

dd if=/dev/zero of=/dev/mem_card_node bs=256k

If you want to be extra-friendly to the card's buyer, write a new partition table to the card after wiping it and format it for FAT32.

Schwab

Re:dd /dev/random

[by Anonymous Coward]

Bols, I don't get it: are you actually saying there's NOT ENOUGH randomness out there?

Here, have some of mine: ldjaofp9 bpm ]ak e]-07

My dead hard drive...

[DaveM753 (844913)]

I had a 4-month-old 250gb hard drive die of heatstroke within a fanless drive enclosure. The drive had, shall we say, material of an "educational" nature. (ahem)

Anyway, I didn't want to release said material to the general public at [insert HD manufacturer here], so I abandoned any warranty recovery and just physically destroyed the drive. So much for that $100.

Re:

[noidentity (188756)]

That, my friend, is why you should keep a backup of your "data"! Then if the original drive goes bad, you still have a copy of the data to destroy if neessary.

Card not wiped because people don't care

[syousef (465911)]

I'm sure a lot of people don't wipe the camera cards because they don't care if someone gets photos of their pets or disney vacation or drunken stupor. They figure most people - ie. those not interested in writing an alarmist privacy article - will simply wipe and use the card. Unless you're a celebrity, or have a stalker why would you care? You're probably photographed more by traffic cameras these days anyway.

Re:Card not wiped because people don't care

[Kelson (129150)]

There's also the possibility that they might not have a way to delete it. If, for instance, the only thing they have that reads the card is the camera itself (and they've been retrieving images via USB), and the reason they're discarding the card is that the camera itself is broken, and their new camera uses different media...

I can see the thought process going from "crap, I left some photos on there" to "eh, they're already on Flickr anyway." Unless there are photos that they haven't already downloaded, there's less motivation to track down something that will read (and erase) the card.

Exactly, I question the premise

[SuperKendall (25149)]

From the article:

In addition, the fact that some of the cards contained undeleted images is a bit disconcerting. At a bare minimum media card owners should have deleted the viewable images.

Why? Why should they have, if they don't care who saw them? As they said, the images were all of clothed people and disney world and things, worth nothing to anyone but the owner.

Privacy just for the sake of privacy seems to have taken hold of too many people, who do not stop to think - is there any point to privacy in this instance?

Obviously if people did not want images being seen they should remove them; I just object to catiioning users against leaving images with the vague fear that "someone may see thier images" when that may not matter at all.

Testing the best erase method?

[GrumpySimon (707671)]

There are ten or fifteen posts here with people suggesting that people should use dd, or wipe to write over these removable media to stop people recovering the data. Most people seem to be suggesting doing a dd from /dev/random TWENTY times.

What I would like to know is what the most effective method is. Someone should take a bunch of these cards (and harddrives etc) and do a little controlled test to see how much of a photo/file is recoverable after one round of dd, after 10 rounds of dd, etc. In short - what's the most effective (time v.s. security) method for cleaning these things?

NASA's methodology

[Audacious (611811)]

When I first started at NASA the methodology was to use something like Norton's Erase, put it on Government Erase (three passes of writing first all ones, then all zeros, then all ones again, then doing half tracks). When Windows 98 came along we still used Norton's Erase but it had a different algorithm which was quite good too. When Windows 2000 came along we were no longer trusted to erase everything properly and we had to send the disk drives to a centralized location where they were wiped before being sold. When Windows XP came along we were told to just take a hammer to them. This was because the government had made so many cutbacks that there wasn't any money to properly erase the disk drives.

On a side note: When I first started working at NASA we had a budget of well over a million dollars. We got rid of all of the really big mainframes, and minis, and went to micros. Our budget was reduced to somewhere around $500,000.00 a year (about a third of what we originally were given each year). What I'd like to know is - whatever happened to all of that money? We certainly never go pay raises which equaled the amount of money lost. So where did it go? The answer might be a bit more surprising than anyone really wants to know about. :-/

Why not post them on eBay?

[frdmfghtr (603968)]

Why would I not post them on eBay, even if wiped?

Aren't there data recovery services that recover data from supposedly wiped media (hard drives, memory cards, etc.)?

Besides, how likely are you to to make back the listing fees on used media? Given how the prices are coming down, why would you buy used when you can buy new for only a little more? Brand new 1 GB CF is going for $10, why buy used?

I would be worried that I would lose money selling used memory media on eBay; it would make more sense moneywise to just smash them with a hammer; get some exercise, and anything that was on them is now unrecoverable.

Who cares?

[ErikTheRed (162431)]

I mean seriously, the discussion shouldn't be about "proper erasure techniques that 99.999% of the public couldn't understand if they tried", it should be about not being such a tight-ass cheap fuck that you have to sell your old drives (flash / hard / whatever) on E-Bay. I mean, seriously, do you need to spend that much effort to net yourself an extra $5 or $10?

I erase my old media with a sledgehammer. Try to recover that, bitch.

Re:Who cares?

[ivan_13013 (17447)]

Throwing away or destroying manufactured items when they are working and reusable is irresponsible, because it does not attempt to minimize environmental impact.

Used items that are still in demand should be reused as much as possible, to reduce the demand for manufacturing these items (with all the power and waste involved in that) and the size of landfills.

Re:

[pclminion (145572)]

Throwing away or destroying manufactured items when they are working and reusable is irresponsible, because it does not attempt to minimize environmental impact.

And burning who knows how much gasoline in order to physically transport an object across the country that weighs something around 2 grams is not irresponsible?

What would be responsible is giving it to an acquaintance or selling it locally on something like Craigslist. Putting it on eBay and shipping it to somebody who may be thousands of mile

Call me a packrat.

[Perseid (660451)]

I'd just keep the damn thing. You know that as soon as you sell it you'll have a desperate need for it. That's just how the world works.

Debian Administration Page.

[Erris (531066)]

Much of the information in the article about data recovery is also covered by DebianAdministration.org [debian-adm...ration.org]. TestDisk and photorec, are afterall, free software.

Hip, hip hooray!

Re:

[Akaihiryuu (786040)]

Don't quote me on this (I haven't gotten my RAZR yet, still waiting on UPS)...but from the specs I read, the memory card on the RAZR is removable, and the site said it also came with an SD adaptor so you can put the card in anything that can read SD cards. Currently the only thing I have with an SD reader is my Wii, so I can't really test this out even after I get my phone until I get an SD reader. Might be worth a shot though.

Re:

[drinkypoo (153816)]

If you can't boot the phone you can't clear it. Motorola phones have two settings, a MASTER RESET and a MASTER CLEAR that collectively clear all data and settings from the phone. The memory card in the V3i is used only for ringtones, video and such - phone numbers are still stored to SIM or Phone.

Re:

[emc (19333)]

Your signature vexes me:
Aych tea tea pea colon slash slash dot dot org slash
h t t p : / / dot . org /

Unless your signature is advertising some link farming site, I think you have a missing slash.

Re:speaking of wiping data

[Sylver Dragon (445237)]

If it's data you care about someone else getting a hold of, I would recommend using Thermite [wikipedia.org]. It's a wonderful, all purpose, cleanser of just about everything.

Re:speaking of wiping data

[phalse phace (454635)]

"What are the best methods for removing almost any record of data?"

Have Chuck Norris give it a roundhouse kick.

Re:speaking of wiping data

[timeOday (582209)]

dd bs=1024 if=/dev/random of=/dev/sda1

That was my system boot partition, you insensitive clod!

As for erasing solid state media, I'd feel perfectly safe simply overwriting it with zeroes, one time over.

I realize years ago magnetic media were written sparsely (inefficiently) with sloppy positioning mechanisms, but those days are long gone. I'd be really impressed to see somebody recover overwritten data on a hard drive instead of just talking about it.

As for flash memory, I'll believe it when I see it.

As for leaking information through discarded camera memory cards in the first, place, it's about the 1000th thing down my list of privacy concerns, way down below "binoculars." If you want to see pictures of random people's snapshots of each other, they're all over the web. How many of us really use our digicams to capture super-secret info? I just can't bring myself to care when I know databases of thousands of credit card numbers and SSNs are being bought and sold on the black market.

Re:speaking of wiping data

[Nazlfrag (1035012)]

Secure Deletion of Data from Magnetic and Solid-State Memory [auckland.ac.nz] is a good insight into magnetic memory issues, and his followup paper [cypherpunks.to] covers solid state devices. It's by Peter Gutmann, Department of Computer Science, University of Auckland. His homepage [auckland.ac.nz] has more good info.

In a nutshell, for hard drives, "If commercially-available SPM's are considered too expensive, it is possible to build a reasonably capable SPM for about US$1400, using a PC as a controller". So it is in the reach of the hobbyist to recover up to around the last 20 items recorded on any magnetic media (easier for floppies, harder as drives become denser). On solid state memory, I believe an electron microscope is needed for analysis. Still, data that has been in one location in RAM for more than five minutes is in theory recoverable.

Re:

[jetmarc (592741)]

> As for erasing solid state media, I'd feel perfectly safe
> simply overwriting it with zeroes, one time over.

For most purposes, this might be perfectly enough.

Certainly an "all-zero" overwrite is far better than a "all-one" overwrite (flash erase operation). But then again it also depends on the controller, because what ends up in the floating gates is what really counts.

See link (below) for some techniques to recover erased or overwritten flash memory. The basic idea is to measure the trapped charg

Re:speaking of wiping data

[croddy (659025)]

Better (and more convenient) than dd'ing from /dev/urandom is wipe(1). It will, at your option, overwrite the disk using 34 different byte patterns, 8 of which are random.

Its man page is also the only one I know of that uses the phrases "rising totalitarianism", "Department of Homeland Security", and "THIS IS AN EXTREMELY DANGEROUS THING TO DO".

unnecessary

[oohshiny (998054)]

Something like "wipe" is needed for rotational magnetic media. For flash, a simple cat /dev/zero > /dev/sd... is sufficient.

Re:

[fireman sam (662213)]

Here is a tried and trusted method:
http://en.wikipedia.org/wiki/Gutmann_method [wikipedia.org]

Re:

[Blkdeath (530393)]

At my last job, we used "Darik's Boot and Nuke", available at dban.sourceforge.net. You boot off the floppy, type "dod" and it wiped the drive according to Dept of Defense standards. It worked great (I hope)!

{sigh} This has been discussed before. The DoD's standards for highly classified computers amounts to a very large hole-punch and an incinerator. The "standards" you refer to amount to the wiping they do on receptionist and non-classified computers.

Re:

[udderly (890305)]

I've been using Eraser for years. What more could you want? DOD & better wipe capability, secure move, right click context menu, erasing report and all for the low, low price of FREE!

Re:

[drawfour (791912)]

So, if you're a pervert who enjoys walking around in a trench coat naked underneath

You know, we're all naked beneath our clothes.

Re:

[ScrewMaster (602015)]

Modern storage systems either forget what they're supposed to remember, just when you need it the most ... or they remember it long after it is best forgotten.

Re:Been there, done that...

[tylernt (581794)]

Please Post pix. Thanks in Advance.

Yes, I'd love to see thermite destroy a hard drive.