Re: Interesting One

From: Carol Stone (carol@carolstone.com)
Date: 10/29/02


Date: Tue, 29 Oct 2002 13:57:45 -0700
From: "Carol Stone" <carol@carolstone.com>
To: security-basics@securityfocus.com

I don't know much about this, but yesterday I read in one of the later
chapters of Bruce Schneier's book, "Secrets and Lies," (link to amazon
follows) that over-writing data on a disk does *not* completely
obliterate it, it just makes it a lot more difficult to recover with
each over-write. I believe he said just how many re-writes were still
recoverable was a secret one of our governmental organizations wasn't
about to give up. I'll look at my book later when I have it in my
hands and see if I can't find part and post a pointer to *his*
reference.

-carol

http://www.amazon.com/exec/obidos/tg/detail/-
/0471253111/qid=1035924654/sr=8-3/ref=sr_8_3/104-4454644-5987143?
v=glance&n=507846

> Greetings Folks,
>
> I had an interesting conversation today with someone from FAST
> (Federation
> Against Software Theft) They pretend not to be a snitch wing of the
BSA.
> Anyway, to get to the point, the guy that came to see me said that
their
> forensics guys could read data off a hard drive that had been written
> over
> up to thirty times. I find this very hard to believe and told him I
> thought
> he was mistaken but the guy was adamant that it could be done. My
> question
> is, does anyone have any views on this, or, can anyone point me to a
> source
> of information where I can get the facts on exactly how much data can
be
> retrieved off a hard drive and under what conditions etc etc.
>
> Thanks
>
> Dave Adams
>
>
>
> This message (and any associated files) is intended only for the
> use of the individual or entity to which it is addressed and may
> contain information that is confidential, subject to copyright or
> constitutes a trade secret. If you are not the intended recipient
> you are hereby notified that any dissemination, copying or
> distribution of this message, or files associated with this message,
> is strictly prohibited. If you have received this message in error,
> please notify us immediately by replying to the message and deleting
> it from your computer. Messages sent to and from
> John Crowley (Maidstone) Ltd may be monitored.
>
> Internet communications cannot be guaranteed to be secure or error-
free
> as information could be intercepted, corrupted, lost, destroyed,
arrive
> late or incomplete, or contain viruses. Therefore, we do not accept
> responsibility for any errors or omissions that are present in this
> message, or any attachment, that have arisen as a result of e-mail
> transmission. If verification is required, please request a hard-copy
> version. Any views or opinions presented are solely those of the
author
> and do not necessarily represent those of John Crowley (Maidstone)
Ltd.
>
>

--
Real people for the virtual world.
http://www.elirion.net



Relevant Pages

  • RE: Interesting One
    ... ago) is that they were able to successfully retrieve at least partial ... > constitutes a trade secret. ... > John Crowley (Maidstone) Ltd may be monitored. ...
    (Security-Basics)
  • Re: Interesting One
    ... time I dug into these things), the ability to recover ... > John Crowley (Maidstone) Ltd may be monitored. ...
    (Security-Basics)
  • RE: Interesting One
    ... > all 0's to the platter) will make the data impossible to recover, ... If you are not the intended recipient ... > and do not necessarily represent those of John Crowley (Maidstone) Ltd. ...
    (Security-Basics)
  • Interesting One
    ... Against Software Theft) They pretend not to be a snitch wing of the BSA. ... If you are not the intended recipient ... John Crowley (Maidstone) Ltd may be monitored. ...
    (Security-Basics)
  • Re: Interesting One
    ... Actually, the DoD standard is to write over the data 7 times, alternating ... If you are not the intended recipient ... > and do not necessarily represent those of John Crowley (Maidstone) Ltd. ...
    (Security-Basics)