I did try a reply before on this subject but my post seemed not to have been approved being my first one on the forum and all. So I will try again since the question of evidence recovery has resurfaced.
Please be gentle with me as I am not a pilot but I am a computer forensics examiner with over 10 years in the field. My original post was in response to a comment about examination of solid state drives that were discussed earlier as they are a whole new ball game in forensic examinations and not so straight forward to examine as traditional hard drives.
There are all kinds of issues with the SSD's that can affect their reliability - data can easily get corrupted if power goes midway through a write cycle. If these are to be used in future to preserve evidence of events, they are going to have to have some kind of power source of their own to ensure that data can be preserved and retrieved otherwise you are likely to recover dead drives. Even if you can resurrect them you will likely find the data corrupted, never a good start to a forensic investigation.
They also run the risk that the garbage process runs and wipes data even if you have the drive plugged into a write blocker. The only way to be absolutely certain that you wont lose data from one of these drives is to remove the drive controller and plug each flash memory chip into the write block hardware. Those interested in this can find more detail here:
Belkasoft - Leading Digital Evidence Extraction Software for Computer Forensic Investigations.
As for the retrieval of data that has been overwritten using the previous write pattern on the disk, yes it is technically possible. But the reality of it is that there are very few organisations that will have the monetary, staff and time resources to put into retrieving that information - basically governments or research institutions. This capability isnt going to be available at your nearest PC World anytime soon
Whether data is retrievable and whether that is meaningful depends on a number of factors such as file system, the kind of overwriting that was done and even things like file size can determine whether the original data can be retrieved from the slack space. It ultimately comes down to how the data is recorded to the disk and whether you can determine what is data being recorded vs what is previously written data.
Its possible to retrieve fragments of old files which have been overwritten. This can be crucial in traditional law enforcement investigations because quite often it can show a file existed and also that it was deleted. A jpeg can be recovered from a very small part of the file remaining if you are lucky to the bytes that flag it as a jpeg - which can be crucial for a paedophile investigation to prove an image existed on the drive. However, audio and video data are far more complex to recover.
Even if you retrieve part of the file, you need other pieces of information to try and determine what part of the file you have. If you are lucky, and have the start, then its likely you will be able to find software that will play what part of the file you have. If you have lost the beginning of the file, thats a lot of time consuming work that needs to be done to try and get it back and recovered.
The simpler solution would be to put in drives that hold much more audio to avoid overwriting anything than to rely on being able to recover overwritten data.