Talk:Device configuration overlay

More examples should be cited of multiple forensics tools, I've cited two of the major ones. I believe Logicube is able to image both an HPA and DCO effectively with their physical imaging devices, I'll have to do some more research (NIJ validation reports mostly) to see.

This entire article mostly just quotes sources. Someone could perhaps reword stuff and add some filler. Also, I'm not sure how to make it clearer that these are quotes in most cases, perhaps use indentation? (I'm new at Wikipedia, but I had to fix this article as I've extensively researched HPAs and DCOs in hard disk forensics, plus I know the author of the article that was plagiarized and couldn't let that stand). —Preceding unsigned comment added by 69.51.161.6 (talk) 01:28, 24 September 2010 (UTC)

NPOV
Section 2, entitled using the name of a commercial product appears to violate Neutral Point of View. The information may be useful but it doesn't belong in a Wikipedia article. A reference that might be useful would be published, independent test results. A caveat would be as long as they are not posted by the testing organization. Citing vendor marketing literature as fact is simply inappropriate and violates NPOV. Since the edit is unsigned it should likely be removed. Kernel.package (talk) 06:04, 8 January 2011 (UTC)
 * Agree: it's near to commercial 95.223.222.186 (talk) 00:28, 23 July 2011 (UTC)

I removed the citations pointing back to the vendor's website, and also added some additional information. I'm pretty sure the newer versions of both EnCase and FTK support the removal of DCOs, but I don't have any solid references for that so I left it out. I kept the NIJ test results since those are scientific tests that validate the tools themselves. I also linked to NIST and NIJ where hardware imaging tools are validated. There are tons of them and many of them can successfully detect and remove DCOs from a disk. I think this should satisfy the NPOV dispute, but didn't want to remove the notice on the front page without someone else agreeing. If anything, we can just remove all references to any specific tools and keep the article generic. Digitaloday (talk) 22:14, 25 August 2011 (UTC)

Clarification of Subject needed
The difference and relation of Device configuration overlay (DCO) vs. Host Protected Area (HPA) needs to be explained. 95.223.222.186 (talk) 00:28, 23 July 2011 (UTC)

Meh, I could put this in the article, but I don't think the differences are much except that HPA is an ATA-4 standard while DCO is ATA-6, HPA can be temporarily removed, DCO cannot (permanent changes only). Otherwise they are fairly similar in regards to causing IDENTIFY_DEVICE to report a smaller number for the drive size, but HPAs cannot lie about drive features, only size. HPA is to keep some data on the drive that users can't erase and get to, DCO is to actually limit the capabilities and/or size of a drive (often for standardization purposes as in mass-producing models with various types of hard drives but making them all report the same specs). Digitaloday (talk) 22:24, 25 August 2011 (UTC)

Why So Mysterious?
The way this article is written it makes it sound like DCO is some undocumented mysterious thing, and although it's not a well-known feature, its behaviour is clearly defined in the ATA spec. 24.85.180.193 (talk) 13:12, 31 October 2013 (UTC)