Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Erasing a hard disk easily
From: "Joel R. Helgeson" <joel () helgeson com>
Date: Wed, 14 Jul 2004 20:56:48 -0500

As a forensic analyst, a simple one-pass is often sufficient. The way to pull data off that has been overwritten by these methods, in my experience, can only be recovered by opening up the platters and putting a more sensitive read head attached to an o-scope in order to read the data.

If someone is going to go through those pains to recover the data then there are much easier ways to hack into/gain access to your secrets.

FWIW...

Regards,

Joel R. Helgeson
Director of Networking & Security Services
SymetriQ Corporation

"Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life." ----- Original Message ----- From: "Todd Towles" <toddtowles () brookshires com>
To: <Valdis.Kletnieks () vt edu>; "'Maarten'" <fulldisc () ultratux org>
Cc: <full-disclosure () lists netsys com>
Sent: Wednesday, July 14, 2004 4:22 PM
Subject: RE: [Full-disclosure] Erasing a hard disk easily


WipeDrive3 is a DOD approved (HIPAA, etc) product that I use and it calls
DOD-level wiping 3 passes with 3 overwrites each. Most of the time I use 1
pass for less important information.

http://www.whitecanyon.com/wipedrive.php


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of
Valdis.Kletnieks () vt edu
Sent: Tuesday, July 13, 2004 11:45 PM
To: Maarten
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Erasing a hard disk easily

On Mon, 12 Jul 2004 23:23:24 +0200, Maarten <fulldisc () ultratux org>  said:

* Department-of-defense level (dd as above but lots more times (like 10+))

DOD 5220-22M says:

http://www.irwin.army.mil/ac/Electronic_Publications/DoD_Pubs/DoD%205220-22-
M/cp
8.pdf

Pages 14 and 15 note methods "a, b, d, and m" sanitizing fixed drives,
and continues:

d. Overwrite all addressable locations with a character, its complement,
then a
random character and verify. THIS
  METHOD IS NOT APPROVED FOR SANITIZING MEDIA THAT CONTAINS TOP SECRET
INFORMA-
  TION.

So 3 passes with verification is sufficient for up to Secret.  Top Secret
and higher classifications require physical destruction of the disk.

(Note that these are the regs for civilian-sector contractors to the DoD,
anybody with citations for the military and/or intelligence community
segments feel free to speak up - but I suspect they're fairly similar..)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]