RE: Peter Gutmann data deletion theaory?

From: Jared Johnson (jaredsjazz_at_Yahoo.com)
Date: 07/22/05

  • Next message: Robin Whittle: "Re: [BugTraq] Peter Gutmann data deletion theaory?" 
    To: <bugtraq@securityfocus.com>
Date: Thu, 21 Jul 2005 19:37:09 -0400

    Interesting. Well it all makes sense. I'm trying to setup a routine for our
    corporation to regularly wipe our old hard drives before dumping and
    donating them. It's fairly sensitive data in that if our competitors got a
    hold of it, it would probably put us out of business.

    Seems that just the simple DoD standard should suffice though.

    Thanks for all your responses.

     

    -----Original Message-----
    From: Simple Nomad [mailto:thegnome@nmrc.org]
    Sent: Thursday, July 21, 2005 3:07 PM
    To: bugtraq@securityfocus.com
    Cc: Jared Johnson; focus-ms@securityfocus.com
    Subject: Re: Peter Gutmann data deletion theaory?

    On Wednesday 20 July 2005 18:48, Jared Johnson wrote:
    > Data overwritten once or twice
    <snip>

    The quote is from 1996. I spoke with Guttman about this at AusCERT a few
    years ago and even *he* doesn't believe it anymore. Drive technology has
    changed substantially since then.

    The main areas where criminals get caught with bad stuff on their drives by
    forensics people is from 1) not knowing where the data is being written to
    (browser cache, swap file, etc) 2) not doing any overwrite of the data as a
    part of deletion, and 3) not taking into consideration such items as file
    slack.

    Drives that do caching and file systems that do journaling also may be a
    factor. That being said, 3 wipes are "good enough for government work". DoD
    5220.22-M chapter 8 subsection 306 in the Cleaing and Sanitization Matrix
    shows under the Magentic Disk section that to properly sanitize a
    non-removable rigid drive, that the choices of degaussing, destruction of
    the drive, or a 3 pass wipe are acceptible methods for disk sanitation. Note
    that the 3 pass wipe method is NOT acceptable for drives that contained Top
    Secret information - so unless the drive contained Top Secret material,
    you're covered.

    It should be noted that this issue has been done to death on bugtraq several
    times. 

    -- 
# Simple Nomad, C˛ISSP  --  thegnome@nmrc.org        #
# C1B1 E749 25DF 867C 36D4  1E14 247A A4BD 6838 F11D #
# http://www.nmrc.org/~thegnome/                     #
  • Next message: Robin Whittle: "Re: [BugTraq] Peter Gutmann data deletion theaory?"

    Relevant Pages

    • RE: Hard Drive eraser recommendation
      ... Any single wipe is ok, the issue is that they may not complete and may not ... If you are in a hurry, modern drives have ... Securing Apache Web Server with thawte Digital Certificate ...
      (Security-Basics)
    • Re: Identity theft risk
      ... Most will wipe the job after the copy ... Yep, but surely, normally the "Temporary " Image File isn't ... of) time to actually securely *Wipe* the Drives, ...
      (uk.people.silversurfers)
    • Re: FAILURE TO RECOGNIZE HARD DRIVE
      ... INSTALLED THERE, A 160GB MAXTOR SLAVE INTERNALLY, A 160GB MAXTOR EXTERNAL ... TONIGHT I DECIDED TO WIPE THE INTERNAL MAXTOR 160GB. ... DEVICE MANAGER RECOGNIZES THE 160GB HD. ... IT RECOGNIZES ALL 4 DRIVES. ...
      (microsoft.public.windowsxp.general)
    • RE: Interesting One
      ... I have heard similar claims from "agencies" about the ability to recover ... their drives then incinerate them. ... What is the point of taking the time to wipe ... to the incinerator. ...
      (Security-Basics)
    • Re: Esther Rantzen: Fear of paedophiles is harming children
      ... Windows I put the internal on disk wipe, which takes a minute or so ... Wiping a HDD consists of writing to every single byte on every sector ... drives. ...
      (uk.legal)