RE: Advice regarding servers and Wiping Drives after testing
- From: "Joel A. Folkerts" <jfolkert@xxxxxxxxxx>
- Date: Fri, 31 Aug 2007 16:53:29 -0500
Nothing should be left after running that command - in theory, the entire physical disk would be wiped with zeros. Using publically available forensic software, nothing will be recoverable after running this command. To my knowledge, the only possible exception would be a Host Protected Area (HPA)[1] which requires additional steps to detect and adequately destroy.
I am not familiar with the OSX utility that you mentioned; however, one pass of zeros is sufficient. Many people wrongly assume that using multiple wipes is somehow more secure against data recovery efforts.
[1] http://en.wikipedia.org/wiki/Host_Protected_Area
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of cosynmr@xxxxxxxxxxxxxx
Sent: Friday, August 31, 2007 3:37 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Advice regarding servers and Wiping Drives after testing
Can someone explain why anything would be left after running :
dd if=/dev/zero of=/dev/hda
Wouldn't this write zeros across the entire disk? How could anything
be recovered afterward?
I see osx disk utility can with write zeros once, or write zeros many
times. Is there any advantage in multiple writes?
- Follow-Ups:
- Re: Advice regarding servers and Wiping Drives after testing
- From: Steve Olive
- Re: Advice regarding servers and Wiping Drives after testing
- Prev by Date: Re: Advice regarding servers and Wiping Drives after testing
- Next by Date: Re: Access to AD systems
- Previous by thread: Re: Advice regarding servers and Wiping Drives after testing
- Next by thread: Re: Advice regarding servers and Wiping Drives after testing
- Index(es):
Loading
