Home page logo

bugtraq logo Bugtraq mailing list archives

Re: RE: Peter Gutmann data deletion theaory?
From: Ron van Daal <ronvdaal () n1x nl>
Date: Sat, 23 Jul 2005 22:47:13 +0200 (CEST)

We were not allowed to do a seven pass government wipe to dispose of the drives as our security people deemed it 
inadequate, we turned them over to our classified waste people who stored them until there were enough to justify 
having the platters removed and mechanicaly beaten into little lumps of metal.

Aren't you being too paranoid? I think a simple zeroing out of your entire drive using dd(1) starting with the first sector is enough to cover your privacy. I don't know about other ""secret"" government agencies in NL or other counties who actually do microscopic magnetic recovery efforts, but dd(1) does the trick to defeat disk analysis by our national digital crime unit. From what I've read in one of their internal memo's is that they just use a hexdump(1) alike utility to find any non-zero bytes on the drive to conclude "the drive has been wiped entirely".

As far as I know will our National Forensics Institute not go any further.
To be more precise: most disks analyses are being done automaticly rather
than by hand (which is even more the case with the digital crime unit).

For this they use registry-catalogs, browser cache/cookie/history inventory
programs, raw disk searching on strings, and the like. Which is pretty
logical as disk sizes are rapidly increasing, making the analysers' job pretty difficult because of the ever increasing haystack. While data hiding
techniques continue to develop - making the needle even harder to find.


Ron van Daal

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]