Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Disk wiping -- An alternate approach?
From: Tracy Reed <treed () ultraviolet org>
Date: Mon, 25 Jan 2010 20:32:35 -0800

On Tue, Jan 26, 2010 at 04:26:08AM +0100, E. Prom spake thusly:
The point is that they never get a hard-drive full of zeroes or random
numbers, but a hard-drive that have pieces of other data under the
zeroes or random numbers. That's why programs like "wipe" fills more
than 20 times the hard-drive with data. But filling 20 times a whole
disk can be very, very long, expecially if it's a 2TB USB drive. A
"quick" wipe filling a drive only 4 times, is often enouth, but...

Fortunately, so many rewrites are not necessary and have not been for
a long time. I destroy drives containing credit card and other
personal data with just one wipe (assuming the drive is operational)
and if not I drill a few holes in it.

While investigating how to best destroy such data I happened across
some postings with some actual experimental results from trying
recover overwritten data:

http://blogs.sans.org/computer-forensics/2009/01/15/overwriting-hard-drive-data/

And some analysis of modern techniques for recovering data and their
effectiveness:

https://blogs.sans.org/computer-forensics/2009/01/28/spin-stand-microscopy-of-hard-disk-data/

Executive summary: Data overwritten once is unrecoverable on any drive
made in the last 10 years. So do a single write pass from /dev/random
on working drives.

For non-functional drives or where overwriting is not possible
drilling holes is very sufficient for any business and personal data.

For top secret data wanted by an enemy with millions to spend and you
cannot overwrite the data just once then recovery via Spin Stand
Microscopy from undamaged areas of the platter is possible at great
expense and weeks of constant work. Shattering the platter makes this
technique much harder rendering perhaps 80% of the data
unrecoverable. You are still best off with a cheap one time write of
the whole drive.

And as far as data recovery from failed drives goes this is rather
amusing:

http://blogs.sans.org/computer-forensics/2009/09/30/the-failed-hard-drive-the-toaster-oven-and-a-little-faith/

-- 
Tracy Reed
http://tracyreed.org

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]