RE: Advice regarding servers and Wiping Drives after testing
- From: "dave kleiman" <dave@xxxxxxxxxxxxxxx>
- Date: Wed, 12 Sep 2007 10:07:54 -0400
Bill,
I think you are mistaken. I attend and teach labs at most of the forensic
events yearlong including the FBI InfraGard National Conference (
http://tinyurl.com/24vuj8 ). As a matter of fact, last month at the HTCIA
International conference in San Diego, part of my class demonstrated how to
identify the traces of different types of erasure programs. These were
single random and/or zero passes.
You can download it here: http://tinyurl.com/35mbc9 . I have NEVER seen or
heard of a demonstration or tool, outside of an ESM Electron Scanning
Microscope, that would recover the data after being "wiped".
Perhaps you are thinking of after deleting partitions and/or formatting
several passes??
Dave
Respectfully,
Dave Kleiman - http://www.davekleiman.com
4371 Northlake Blvd
Suite 314
Palm Beach Gardens, FL 33410
561.310.8801
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of William Holmberg
Sent: Tuesday, September 11, 2007 17:36
To: Ansgar -59cobalt- Wiechers; security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: Advice regarding servers and Wiping Drives after testing
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Ansgar -59cobalt- Wiechers
Sent: Tuesday, September 04, 2007 1:03 PM
To: security-basics@xxxxxxxxxxxxxxxx
Subject: Re: Advice regarding servers and Wiping Drives after testing
On 2007-09-01 gjgowey@xxxxxxxxxxxxxxxxxx wrote:
> A since pass with all zero's really won't protect your data from
being
> recovered by more advanced data recovery software let alone alone
> hardware.
I'd like to see a single case where someone was able to recover data
from an overwritten harddisk, even after a single pass with zeroes.
*********************
Hi,
No doubt you are an intelligent and well educated person in these
fields, and probably have many areas of expertise more proficient than
mine. I do have to state however, and nearly any Infragard member can
tell you, the FBI uses tools that accomplish this on a regular basis.
I
have no doubt other agencies do as well. We have had demonstrations of
it remotely in a class I help instruct, SAFE computing for Law
Enforcement and Non-Profits (SAFE is Security And Forensic Education)
at
Metro State University of Minnesota, MCTC campus.
My .02...
-Bil
- Follow-Ups:
- RE: Advice regarding servers and Wiping Drives after testing
- From: William Holmberg
- RE: Advice regarding servers and Wiping Drives after testing
- References:
- Re: Advice regarding servers and Wiping Drives after testing
- From: gjgowey
- Re: Advice regarding servers and Wiping Drives after testing
- From: Ansgar -59cobalt- Wiechers
- RE: Advice regarding servers and Wiping Drives after testing
- From: William Holmberg
- Re: Advice regarding servers and Wiping Drives after testing
- Prev by Date: Re: Threat vector of running a service using a domain account
- Next by Date: Re: Threat vector of running a service using a domain account
- Previous by thread: Re: Advice regarding servers and Wiping Drives after testing
- Next by thread: RE: Advice regarding servers and Wiping Drives after testing
- Index(es):
