[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Erasing a hard disk easily

To: "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>, <Valdis.Kletnieks@xxxxxx>, "'Maarten'" <fulldisc@xxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Erasing a hard disk easily
From: "Joel R. Helgeson" <joel@xxxxxxxxxxxx>
Date: Wed, 14 Jul 2004 20:56:48 -0500

As a forensic analyst, a simple one-pass is often sufficient. The way to pull data off that has been overwritten by these methods, in my experience, can only be recovered by opening up the platters and putting a more sensitive read head attached to an o-scope in order to read the data.

If someone is going to go through those pains to recover the data then there are much easier ways to hack into/gain access to your secrets.

FWIW...

Regards,

Joel R. Helgeson
Director of Networking & Security Services
SymetriQ Corporation

"Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life." ----- Original Message ----- From: "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx> To: <Valdis.Kletnieks@xxxxxx>; "'Maarten'" <fulldisc@xxxxxxxxxxxx> Cc: <full-disclosure@xxxxxxxxxxxxxxxx> Sent: Wednesday, July 14, 2004 4:22 PM Subject: RE: [Full-Disclosure] Erasing a hard disk easily

WipeDrive3 is a DOD approved (HIPAA, etc) product that I use and it calls
DOD-level wiping 3 passes with 3 overwrites each. Most of the time I use 1
pass for less important information.

http://www.whitecanyon.com/wipedrive.php


-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of
Valdis.Kletnieks@xxxxxx
Sent: Tuesday, July 13, 2004 11:45 PM
To: Maarten
Cc: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Erasing a hard disk easily

On Mon, 12 Jul 2004 23:23:24 +0200, Maarten <fulldisc@xxxxxxxxxxxx> said:

* Department-of-defense level (dd as above but lots more times (like 10+))

DOD 5220-22M says:

http://www.irwin.army.mil/ac/Electronic_Publications/DoD_Pubs/DoD%205220-22-
M/cp
8.pdf

Pages 14 and 15 note methods "a, b, d, and m" sanitizing fixed drives,
and continues:

d. Overwrite all addressable locations with a character, its complement,
then a
random character and verify. THIS
  METHOD IS NOT APPROVED FOR SANITIZING MEDIA THAT CONTAINS TOP SECRET
INFORMA-
  TION.

So 3 passes with verification is sufficient for up to Secret.  Top Secret
and higher classifications require physical destruction of the disk.

(Note that these are the regs for civilian-sector contractors to the DoD,
anybody with citations for the military and/or intelligence community
segments feel free to speak up - but I suspect they're fairly similar..)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Erasing a hard disk easily
  - From: Todd Towles

Prev by Date: [Full-Disclosure] Source Code Club gone away!! :(
Next by Date: Re: [Full-Disclosure] RE: Unchecked buffer in mstask.dll
Previous by thread: RE: [Full-Disclosure] Erasing a hard disk easily
Next by thread: Re: [Full-Disclosure] Erasing a hard disk easily
Index(es):
- Date
- Thread