RE: Interesting One

[<David () cawdgw net>]

Actually, the DoD standard is :

Secret - three times overwriting using approved software, but must be reused
in a secret or higher level machine
Top Secret - must be degaussed and broken up (with specific size of pieces
limits)
Top Secret Compartmentalized - melt in furnace or media surface removed
(sanding) then degauss and break up

D. Weiss
ccna/mcse/ssp2


-----Original Message-----
From: Paul Carroll [mailto:PaulC () CLC PITT EDU]
Sent: Wednesday, October 30, 2002 2:00 AM
To: security-basics () security-focus com
Subject: RE: Interesting One


The NSA zero-filling standard which you reference, as well as Disk erasing
software is only compliant to DOD non-classified.  Any further level of disk
erasure requires the use of a high-temperature furnace.

PJC

-----Original Message-----
From: Nero, Nick [mailto:Nick.Nero () disney com]
Sent: Tuesday, October 29, 2002 12:30 PM
To: Dave Adams; security-basics () security-focus com
Subject: RE: Interesting One

Well, the NSA standard I believe is that zero-filling a drive (writing
all 0's to the platter) will make the data impossible to recover, but I
am sure there are some instances when this isn't the cause depending on
how retentive the media is and all that.  If is electromagnetically
degaussed for an extended period of time, I can't imagine anything could
recover the data.

Nick Nero, CISSP

-----Original Message-----
From: Dave Adams [mailto:dadams () johncrowley co uk]
Sent: Monday, October 28, 2002 5:06 PM
To: security-basics () security-focus com
Subject: Interesting One


Greetings Folks,

I had an interesting conversation today with someone from FAST
(Federation Against Software Theft) They pretend not to be a snitch wing
of the BSA. Anyway, to get to the point, the guy that came to see me
said that their forensics guys could read data off a hard drive that had
been written over up to thirty times. I find this very hard to believe
and told him I thought he was mistaken but the guy was adamant that it
could be done. My question is, does anyone have any views on this, or,
can anyone point me to a source of information where I can get the facts
on exactly how much data can be retrieved off a hard drive and under
what conditions etc etc.

Thanks

Dave Adams



This message (and any associated files) is intended only for the
use of the individual or entity to which it is addressed and may
contain information that is confidential, subject to copyright or
constitutes a trade secret. If you are not the intended recipient
you are hereby notified that any dissemination, copying or
distribution of this message, or files associated with this message,
is strictly prohibited. If you have received this message in error,
please notify us immediately by replying to the message and deleting
it from your computer. Messages sent to and from
John Crowley (Maidstone) Ltd may be monitored.

Internet communications cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. Therefore, we do not accept
responsibility for any errors or omissions that are present in this
message, or any attachment, that have arisen as a result of e-mail
transmission. If verification is required, please request a hard-copy
version. Any views or opinions presented are solely those of the author
and do not necessarily represent those of John Crowley (Maidstone) Ltd.