[clue-talk] Secure Deletion of Data
J
j7s12b at comcast.net
Wed Apr 27 21:24:41 MDT 2005
I ran across this in the latest SANS NewsBites newsletter and its a really
good read. I have seen many threads on this topic often over the years and it
remains an (increasingly) important one.
Here is the link to the paper
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
and here is the blurb from SANS
--Rendering Drives Completely Unreadable Can be Difficult
(20 April 2005)
The National Association for Information Destruction has said it cannot
endorse the use of wiping applications alone for ensuring that data
have
been effectively removed from hard drives. NAID executive director Bob
Johnson said the only way to ensure that the data will be unreadable is
to physically destroy the drives, and even that has to be done in
certain ways to ensure its efficacy. Most major PC makers offer a
drive
destruction service for $20 or $30. Some hardware engineers say they
understand why the drives have been created in a way that makes it hard
to completely erase the data: customers demanded it because they were
afraid of losing information they had stored on their drives.
http://news.com.com/2102-1029_3-5676995.html?tag=st.util.print
[Editor's Note (Pescatore): Cool, I want a "National Association for
Information Destruction" tee shirt. How hard could it be to have an
interlock feature - you can really, really clear the drive if you open
the case, hold this button down while you delete?
(Ranum): Peter Guttman, from New Zealand, did a terrific talk in 1997
at USENIX in which he showed electromicrographs of hard disk surfaces
that had been "wiped" - you could still clearly see the 1s and 0s where
the heads failed to line up perfectly on the track during the
write/erase sequence. He also pointed out that you can tell more
recently written data from less recently written data by the field
strength in the area, which would actually make it much easier to tell
what had been "wiped" versus what was persistent long-term store. The
paper, minus the cool photos may be found at:
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
Hard disks, I've found, make satisfying small arms targets.]
More information about the clue-talk
mailing list