Home page logo

pauldotcom logo PaulDotCom mailing list archives

How much wiping do you do? :)
From: jmanley at aledobb.com (Jim Manley)
Date: Thu, 16 Apr 2009 20:51:29 -0500

Late to the party...

In my world, disks with sensitive data are either zapped in a degausser
or dropped into a shredder.  The customer doesn't allow overwriting of
any kind.

Unclass drives are just overwritten since there's really nothing on them
that is worth the national lab type of attack necessary to get any
residual bits off them.

Chris Merkel wrote:
So, is it totally useless to wipe a drive more that once?

Yeah, pretty much. If you're really paranoid, do it twice.

What would it take to get the data off of a drive wiped once with all zeros?

More money and resources than the value of your recovered data.

As for why DoD, they generally follow the NIST guidelines for wiping
disks from non-classified systems. I've head that if it's sensitive,
they only do physical destruction.Then again, they likely still are
doing 7 passes here and there. but keep in mind that this is the same
DoD that spent money on psychics to attempt to do remote viewing, so I
don't think they're always the fountain of best practices.

If you're up for some hot destruction action, check this out:

- Chris Merkel
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]