Welcome to the SecAware blog

I spy with my beady eye ...

7 Oct 2007

Data recovery from 'erased' CD-RWs

Picking up on a technique used to retrieve MP3s from an 'erased' CD-RW disk, a forensic investigator has succeeded in retrieving incriminating data from 'erased' CD-RWs, sufficient to secure the defendant's prosecution in a child abuse case.

The news article barely outlines the method: it appears to involve writing a new file to the 'erased' CD-RW but interrupting the write process. I presume the first part of the write creates the 'lead-in' file system synchronization and identification data. If interrupted soo after, the PC can presumably be fooled into reading the rest of the disk.

Presumably, also, if 'erasing' a CD-RW only involves wiping the disk sync and ID part leaving all the data intact just waiting to be overwritten by the next write operation (rather like deleting the directory on a hard drive), then surely it ought to be possible to manufacture forensic CD/DVD software or drives that sync directly to the data tracks to make their bitwise copies, all without having to overwrite the lead-in part of the (evidential) disk? Indeed, a very quick Google query reveals that one can buy data recovery software for damaged CDs. I wonder if the 'clever officer' in the news story tried such an approach?

Anyway, the take-home-message is not to discard even 'erased' CD-RWs that might contain valuable or sensitive data. Shredding/grinding/physical disintegration and burning remains the safest option.

1 comment:

  1. A good option to erase the data on CD/RW is to use CyberScrub Privacy Suite http://www.cyberscrub.com/privacy suite

    It uses the Department of Defense erasure method DoD 5220.22