Re: [opensuse] scrathsing old harddisks

On Wed, Mar 26, 2008 at 11:33 PM, Sam Clemens <clemens.sam1@xxxxxxxxx> wrote:
Greg Freemyer wrote:
> On Wed, Mar 26, 2008 at 6:38 AM, Hans defaber <hans.defaber@xxxxxxxxx> wrote:
>> What is the best (easiest) way to overwrite old harddisks with random garbage ?
>>
>> thanks, Hans
>
> Lots of ways, but the easiest is "dd if=/dev/zero of=/dev/sdX bs=4k
> conv=noerror"
>
> Basically everything beyond that is overkill. Even NIST has started
> buying off on the above for drive 20GB or larger. holding confidential
> data (Older, less dense drives need more passes, random data, etc.)
> For more secret data, they require physical destruction I think.. I
> have not seen any docs that cover drives holding top secret data etc.
>

U.S. government SECRET requires a low-level format.
TOP SECRET requires destruction of the disk platters.


> If you need a boot CD/floppy look into dban.
>
> If you think you data is worth someone attempting a multi-million
> dollar recovery on and you think their is an ultra-secret government
> agency that actually has some SciFi like ability to recovery
> overwritten data, then take it apart and belt sand the magnetic media
> off of each platter.

You would be amazed at what can be accomplished with scanning
electron microscopes (due to the fact that the path of an
electron is effected by magnetic fields.). From what I
understand, due to hysteresis effects, a track starts out
at 'full width', but each time a magnetic field is reversed,
a "tail" is left on each side. Apparently, these residual
fields can be used to reconstruct data which was previously
overwritten.

I would love a true reference (from the last 15 years). I have spent
many hours looking into the question. The best I have seen is people
claiming they can recover a bit here and bit there from modern drives.
Not even any full bytes.

I have a NIST document that says labratory based recovery of data is
impossible for disk drives 20GB or larger if the have been overwritten
with a single pass of data. ie. Any data including all zeros.

Greg
--
Greg Freemyer
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
First 99 Days Litigation White Paper -
http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

Relevant Pages

  • RE: Advice regarding servers and Wiping Drives after testing
    ... recovery process was not shown), in this case a .jpg which was partially ... with 1's and Zeroes we can often get evidence with this new procedure". ... recovered immediately after the overwrite. ... Advice regarding servers and Wiping Drives after testing ...
    (Security-Basics)
  • RE: Advice regarding servers and Wiping Drives after testing
    ... Using a factor of the drives magnetic density that relates to a +1 ... nullify that overwrite, leaving the last write before that one plainly ... one of the speakers Red and Black connectors. ... Writing all 0's will never prevent against software recovery ...
    (Security-Basics)
  • RE: Peter Gutmann data deletion theaory?
    ... A simple format is nothing like a low level format or a 3* overwrite. ... about data being recovered from decommissioned drives you can do like we ... If you have ever done any form of data recovery, ...
    (Bugtraq)
  • Re: Unclassified Disk "Sanitizers"
    ... you will OVERWRITE it with data from the first sector to the ... wish to pursue other PHYSICAL RECOVERY methods such as the use of Scanning ... >> Read each physical sector of the drive and explain to me how meaningful ... >>> into account various encoding methods used my makers of the drives. ...
    (Security-Basics)
  • Re: recovering overwritten file
    ... Apparantly professional recovery companies can recover "overwritten" files in some circumstances, maybe the OS's uses the date and time in the file name, but I don't think even this helps in Windows, as the old version of the files apparently just disapears, weird. ... Windows is good that its always warns me when about to overwrite a file on a USB flash drive, its a good idea for its easy to forget whats on the flash drive. ... The original file was detected and found with a zero byte size. ... Thats why they call them Flash drives. ...
    (microsoft.public.windowsxp.general)
Loading