Re: Hard Drive Formatting'
From: Albert P. Belle Isle (belleisl@CerberusSystems.com)Date: 02/23/02
- Next message: Daisy: "buy book for CISSP exam"
- Previous message: Vladimir: "=?ISO-8859-1?Q?=F0=E5=E0=EB=FC=ED=FB=E9 =E7=E0=F0=E0=E1=EE=F2=EE=EA, =E2?= =?ISO-8859-1?Q?=FB=F1=EE=EA=E8=E9 =E4=EE=F5=EE=E4?="
- In reply to: John J Breen: "Hard Drive Formatting'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Albert P. Belle Isle <belleisl@CerberusSystems.com> Date: Sat, 23 Feb 2002 13:28:10 -0500
On 23 Feb 2002 00:06:34 GMT, jbreen@red.seas.upenn.edu (John J Breen)
wrote:
>Hey,
> Concerning Hard Drive Formatting, What is a secure way to destroy all
> information on a hard drive so that it is unrecoverable. I heard from
> many sources that the only way is to physically destroy the hard
> drive. I heard from other sources there are ways to format the hard
> drive so that the information is unrecoverable. Anyone ever hear of
> something like format /u that overwrites all binary digits with 0. Let
> me know of any useful links you may have.
>
>Thanks
>John
Mr. Breen:
What "format" formats is the File Allocation Table that contains the
64K pointers to the clusters of 512-byte data sectors on the disk.
Just as "delete" just changes the first character in one of those
pointers to a symbol that means "this cluster is available if you want
to use it for a new file" (and doesn't actually affect the contents of
the file's beginning data cluster to which it points), "format" just
creates an entire clean set of 64K zeroized pointers.
Even the "long" version of "format" only tries to _read_ each cluster,
to see if it should be marked in the FAT as "bad," without writing
anything.
Low-level formating of hard drives hasn't been possible for the last
several generations of devices - since the adoption of servo tracking.
Until the actual data in the sectors of each cluster previously
allocated to a file are overwritten, they are available for "recovery"
by forensic software, regardless of what has happened to the
"bookkeeping" data associated with that file stored in the FAT.
Forensic disk data recovery attacks attempt to read "deleted" (or
inadequately overwritten) magnetically stored data on your disk either
(1) through its drive controller connector, using PC-hosted software;
(2) through its drive heads, bypassing the disk's controller circuits;
or
(3) directly on each disk platter's recording surface in a clean-room.
Class 1 attacks can be mounted directly with forensic software, hosted
on your PC or on the attackers' PC. These software-based attack
measures can be countered with software-based countermeasures; viz.,
any kind of disk data overwriting (such as Clearing per DOD 5220.22-M)
that is applied to _all_ sensitive plaintext on the disk.
Class 2 attacks use special amplifiers and signal processing to
extract previously recorded data from under subsequent overwrites.
They rely on increased capabilities over the disk's on-board
electronics. Sanitizing per DOD 5220.22-M was designed to counter such
attacks by increasing the noise-to-signal ratio beyond their
capabilities.
Many (but not all) INFOSEC people believe that the increased
signal-processing sophistication of the on-board controllers required
to even read the last-written data has kept Sanitizing ahead in this
particular measure/countermeasure race. However, most question the
adequacy of Sanitizing in protecting older, lower-density disks
(especially diskettes) against the most modern and sophisticated Class
2 attacks.
Class 3 attacks (such as with magnetic force microscopy), are
generally considered able to penetrate any software countermeasures,
including _any_ kind of overwriting. They are very costly techniques
to use to recover the complete image-as-it-used-to-be of an
overwritten multi-gigabyte disk, as opposed to a few specifically
targeted bytes.
(Try getting a quote for recovery of overwritten data - not just
"reformatted" drive contents.)
Nevertheless, any data of sufficient value to intelligence services or
comparably funded adversaries should not have its confidentiality rely
upon overwriting countermeasures.
The value of your data to the kinds of attackers who can use each
class of techniques will determine whether you must counter that
class.
This is the basis for requiring defense contractors to use Clearing or
Sanitizing per DOD 5220.22-M (for re-use or for disposal,
respectively) of media containing data classified as Confidential or
Secret, while requiring NSA-approved degaussing and destruction for
Top Secret media.
The three armed services' standards for disk data overwriting are
NAVSO P5239-26, AFSSI-5020 and AR 380-19, respectively.
Albert P. BELLE ISLE
Cerberus Systems, Inc.
================================================
ENCRYPTION SOFTWARE with
Forensic Software Countermeasures
http://www.CerberusSystems.com
================================================
- Next message: Daisy: "buy book for CISSP exam"
- Previous message: Vladimir: "=?ISO-8859-1?Q?=F0=E5=E0=EB=FC=ED=FB=E9 =E7=E0=F0=E0=E1=EE=F2=EE=EA, =E2?= =?ISO-8859-1?Q?=FB=F1=EE=EA=E8=E9 =E4=EE=F5=EE=E4?="
- In reply to: John J Breen: "Hard Drive Formatting'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
