Home page logo

basics logo Security Basics mailing list archives

RE: Interesting One
From: "Trevor Cushen" <Trevor.Cushen () sysnet ie>
Date: Thu, 31 Oct 2002 11:58:58 -0000

Thanks James Taylor I was wondering where I got the seven from.  I have
looked at the DOD standard that disk wiping products talk about and it
has no number in it (Orange book).  Other US government documents talk
about three levels of disk destruction, wiping, degaussing, and
destruction.  This may be where the various numbers are coming from.
Another post talked about the US government saying 7 also so "it must be
secure".  I won't go by that since the same US government wants
encryption levels kept down so they can break them.  Do they want the
same from disk wipes??? Yes a bit paranoid conspiracy stuff alright, I

I think the concensis seems to be that a good overwrite of all sectors
2-3 times will make the disk pretty much safe for reuse if the data is
not highly sensitive.  If it is then burn the disk and buy a new one
instead of reusing it.

Also it seems clear that if it is possible to recover data that was
overwritten 30 times it is not something that would have been done
easily.  It takes great effort, expensive equipment, and expertise.  If
your repair guy could get data then why was he looking and what did he

I would agree it was scare mongering for a sale of some disk wiping
software package they just happen to sell.  Do they sell something like

Trevor Cushen
Sysnet Ltd

Tel: +353 1 2983000
Fax: +353 1 2960499

-----Original Message-----
From: James Taylor [mailto:james_n_taylor () yahoo com] 
Sent: 30 October 2002 04:50
To: security-basics () securityfocus com
Subject: Re: Interesting One

The CISSP Study Guide (ISBN 0-471-41356-9) states that:

"Information on magnetic media is typically 'destroyed' by degaussing or
overwriting. Formatting a disk once dones not completly destroy all
data, the entire media must be overwritten or formatted seven times to
conform to standards for object reuse".

Also the above book states that "the Orange Book standard reccommends
that magnetic media be formatted seven times before discard or reuse of

So if the US gov't reccommends seven times, you can bet
that they have technology that can read to a lower level
than that! However 30 times seems a bit excessive and it
must depend on the nature of the data being overwritten and what area's
of the media have been completly destroyed. At that level I imagine it's
something like guessing the picture from a 10000 piece jigsaw puzzle,
with most of the pieces missing.


--- Carol Stone <carol () carolstone com> wrote:
I don't know much about this, but yesterday I read in one
of the later
chapters of Bruce Schneier's book, "Secrets and Lies,"
(link to amazon 
follows) that over-writing data on a disk does *not*
obliterate it, it just makes it a lot more difficult to
recover with 
each over-write. I believe he said just how many
re-writes were still 
recoverable was a secret one of our governmental
organizations wasn't 
about to give up.  I'll look at my book later when I have
it in my 
hands and see if I can't find part and post a pointer to




Greetings Folks,

I had an interesting conversation today with someone
from FAST
Against Software Theft) They pretend not to be a snitch
wing of the
Anyway, to get to the point, the guy that came to see
me said that
forensics guys could read data off a hard drive that
had been written
up to thirty times. I find this very hard to believe
and told him I
he was mistaken but the guy was adamant that it could
be done. My
is, does anyone have any views on this, or, can anyone
point me to a
of information where I can get the facts on exactly how
much data can
retrieved off a hard drive and under what conditions
etc etc.


Dave Adams
This message (and any associated files) is intended
only for the
use of the individual or entity to which it is
addressed and may
contain information that is confidential, subject to
copyright or
constitutes a trade secret. If you are not the intended
you are hereby notified that any dissemination, copying
distribution of this message, or files associated with
this message,
is strictly prohibited. If you have received this
message in error,
please notify us immediately by replying to the message
and deleting
it from your computer. Messages sent to and from
John Crowley (Maidstone) Ltd may be monitored. 

Internet communications cannot be guaranteed to be
secure or error-
as information could be intercepted, corrupted, lost,
late or incomplete, or contain viruses. Therefore, we
do not accept
responsibility for any errors or omissions that are
present in this
message, or any attachment, that have arisen as a
result of e-mail
transmission. If verification is required, please
request a hard-copy
version. Any views or opinions presented are solely
those of the
and do not necessarily represent those of John Crowley

Real people for the virtual world.

Do you Yahoo!?
HotJobs - Search new jobs daily now


This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 

If you have received this message in error please notify SYSNET Ltd., at
telephone no: +353-1-2983000 or postmaster () sysnet ie


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]