RES: Flash Memory Wiping





-----Mensagem original-----
De: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] Em
nome de William M. Ryan
Enviada em: sexta-feira, 26 de janeiro de 2007 12:19
Para: security-basics@xxxxxxxxxxxxxxxxx
Assunto: Re: Flash Memory Wiping



Since I started this thread I have tried several of the wiping solutions
that were recommended, but kept coming up on one problem. The user
accessible flash on the PDAs (iPaq File Store) is not mountable as a drive
letter by any technique I know or could find. I could not find a tool
that would let me mount it either. None of the Wiping programs could find
it so they could not wipe it. I finally spend a day determining the size
of the iPaq File Store (to the byte) and writing scripts to create three
files (File 1 all low order blanks (chr(0)), File 2 (all high order blanks
(Chr(255)) and file 3 random characters (chr(int(rnd()*255)))) Each file
was written to the file store in order. The last file was left in place.
My department feels this suffices for wiping the PDA. Anyone have any
other ideas for when this happens in the future?



"Lou Losee"
<llosee@xxxxxxxxx
> To
Sent by: security-basics@xxxxxxxxxxxxxxxxx
listbounce@securi cc
tyfocus.com
Subject
Re: Flash Memory Wiping
01/24/2007 01:16
PM








For some good discussions on the implications of writing to flash and
how the wear-leveling algorithms incorporated by them get in the way
of erasure and overwriting, I would recommend the following links:

http://forums.truecrypt.org/viewtopic.php?t=1702
http://bbs.heidi.ie/viewtopic.php?t=1568&sid=60ea6000a914dced82196c64783feac
c


Lou Losee
atsec information security corp.

On 1/23/07, Dragos Ruiu <dr@xxxxxxxxxxxxx> wrote:
On Monday 22 January 2007 12:55, C Anctil wrote:
I would encrypt the the files before deleting them. If they ever get
recovered, they would at least be encrypted. I would use something
like truecrypt.

This also would not work so well on flash, as you would likely wind up
with encrypted and unecrypted versions sitting on the flash
simultaneously.
Overwriting works oddly with flash...

cheers,
--dr

--
World Security Pros. Cutting Edge Training, Tools, and Techniques
London, U.K. Mar 1-2 - 2007 http://eusecwest.com
pgpkey http://dragos.com/ kyxpgp



--
Artificial Intelligence is no match for Natural Stupidity


Attachment: smime.p7s
Description: S/MIME cryptographic signature



Relevant Pages

  • Re: Flash Memory Wiping
    ... Since I started this thread I have tried several of the wiping solutions ... accessible flash on the PDAs (iPaq File Store) is not mountable as a drive ... I would recommend the following links: ...
    (Security-Basics)
  • Re: Missing links? Eh?
    ... > I thought you were wiping the slate clean, ... > tone. ... It seems that was a flash in the pan. ...
    (talk.origins)
  • Re: SD Card Question
    ... I believe that iPAQ File Store is Flash on the main board of the device. ... However, since it's an installable filesystem, it's possible that it would ...
    (microsoft.public.dotnet.framework.compactframework)