Another take
I thought I'd comment on this, even though the thread obviously is a tad old.
First of all, let me be clear that I'm not a computer forensics expert in any way. I do have a background in electrical engineering specializing in semiconductor fabrication, which includes the use of fine/microscopic inspection tools. I'm also a federal employee.
I've been doing a fair amount of online research regarding computer/disk drive forensics. And I'm of the firm belief that the vast majority of people, even those who get into trouble that results in confiscation and examination of a computer, have essentially zero chance of facing anything more than the likes of a Winhex/Encase probe.
I always find it remarkable how much mythology there is in the general public regarding what goes on in the government. Yeah, when it comes right down to it, the government can bring huge resources to bear on a problem. But in practice, making something like that happen can be extremely difficult. Case in point: right now, I'm working hard to get a couple of old (Pentium III 700 MHz) computers upgraded to ~$4300 Dell workstations so that modern Autocad can be run in a reasonable fashion. The request has been turned down twice, even though the upgrades are truly needed.
I've had computer administrators who used to work for the U.S. Marshals tell me they had to scrounge for hand-me-down Pentium II computers to replace Pentiums back when Pentium III's were the norm. Where was the money going? The basics: armament, etc.
The bottom line is that while departments CAN get ultramodern, top-of-the-line equipment costing tens of thousands of dollars (or more), it's not easy. You have to be able to justify it up one side and down the other, and the budget has to be there for it.
What's more, these days government agencies are going with commercial off-the-shelf parts (COTS) as much as possible, not just to encourage private industry, but because that's where the technology is.
Now, from the little bit of research I've done on the subject, magnetic-force microscopy seems to be about the cream of the crop when it comes to fine imaging of disk drive information:
http://www.runtime.org/recoverability.htm
That sounds about right, from what I know of testing techniques. Given the fact that MFM is the equipment of choice by manufacturers to test hard drives commercially AND has been shown to be able to detect old, overwritten data, I think it's a safe bet that MFM is just about the state-of-the-art, inside government or outside. It's obviously a very sensitive technique.
http://www.swissprobe.com/hr_mfm.html
OK, so what are the chances that anyone will ever face an MFM-powered examination of his or her hard drive? Well, look at what it would involve:
- - the MFM itself (a decent one could run tens of thousands of dollars)
- the computer and storage space for detailed imaging data (assuming it were digitized) from a hard drive, which would require tens to hundreds of terabytes of storage, probably in a RAID array for redundancy ($50,000 on up)
- technicians to run the imaging process (maybe $40,000 per year each).
- months of work to full image the entire drive.
In other words, for someone to want to take a microscope to your hard drive, they'd have to justify tying up $50-$100k of equipment (or more), plus one or more technicians, for several months, all for potentially zero payoff. And from what I know of how government works, labs with this sort of specialized capability are very likely not plentiful--not when there are usually other options for obtaining evidence and convictions.
Do you really think there's anything you've done that would warrant that kind of attention and resources?
As I said at the outset, I'm not a forensics expert, so take all of this for what it is: an educated guess. Nonetheless, I am extremely skeptical that anyone who is not involved in espionage, terrorism or running international crime syndicates/child porn rings, etc. will ever face a realistic chance of having techniques brought to bear that can't be defeated by a pass or two of overwriting, plus judicious erasing of system tracks. You are far more likely to have your ISP's records subpoenaed, your phone tapped, etc.
Just my $.02.
