Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Disk wiping -- An alternate approach?
From: "E. Prom" <e3prom () gmail com>
Date: Tue, 26 Jan 2010 04:26:08 +0100

2010/1/26 Rohit Patnaik <quanticle () gmail com>:
A few phrases and "surprising" patterns are a lot more suspicious than a
hard drive full of zeroes, especially if there's evidence that other data
has been overwritten or erased.  If you present a hard drive full of zeroes
or random numbers, there's nothing to charge you with.  If most of your data
is random gibberish but there are a few telling phrases here and there, then
there might be enough for the prosecution to bring charges, even if they
aren't able to get a conviction.
[snip]

The point is that they never get a hard-drive full of zeroes or random
numbers, but a hard-drive that have pieces of other data under the
zeroes or random numbers. That's why programs like "wipe" fills more
than 20 times the hard-drive with data. But filling 20 times a whole
disk can be very, very long, expecially if it's a 2TB USB drive. A
"quick" wipe filling a drive only 4 times, is often enouth, but...

If the police or spies look for determined words or sentences
(presumed not encryptered), at an unknown point on an unknown layer of
the disk, it will be much easier for them to find it if the rest was
random data (or video or whatever) than if it was random text that can
have a meaning when looking with a program, but not in front of a
Court.

I don't find Bipin's idea so bad, but I'm not sure it adds significant security.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault