Re: Flash Memory Wiping

[Atom Smasher <atom () smasher org>]

On Thu, 18 Jan 2007, William M. Ryan wrote:

> Can anyone recommend a tool/technique that will ensure that no data is 
> recoverable from flash memory devices including USB drives, Memory 
> cards, and PDAs?
========================

this applies to flash drives and similar devices. i don't know enough 
about wiping a PDA to make any comments.

just last night, i came into possession of a previously owned flash drive 
(warranty replacement) and i was curious what could be recovered from it.

mounting it and looking for linked files showed that it was empty. so i 
dd'd it to a file and scanned that file for data [using 
http://foremost.sourceforge.net/].

apparently the previous owner of this flash drive was in the [legal] 
pharmaceutical business. i found a PDF, a bunch of images (most belonging 
to the PDF), several AVI and MPG movies. everything was info about some 
kind of treatment for aneurysms.

also, it seemed that the drive probably wasn't used much since it was new 
and/or since the U3 was removed from it. aside from the pharma stuff, 
there were GIFs that looked like they probably came with U3... logos for 
migo and mozilla, and a bunch of buttons and icons.

this kind of "attack" can be prevented by simply running
        dd if=/dev/zero of=/path/to/dev/flashdrive bs=512

and then optionally repartitioning the drive (fdisk, disklabel, 
newfs_msdos, etc, or their equivalents).

if one is not that technically inclined, another option is to just 
"delete" (unlink) the sensitive files, then save non-proprietary data to 
the device until it's full. then delete all of the files. then the only 
thing that can be recovered (without exotic techniques) would be the 
non-proprietary data. assuming that your threat model doesn't include 
exotic techniques, just overwriting the data once will get rid of it.

others have mentioned a hammer, but that's probably overkill for most 
situations. of course, a hammer may be called for sometimes, but i think a 
less radical method of data destruction that leaves the hardware usable 
should work most of the time.

regarding industrial shredders, my only concern would be that something as 
small as a USB flash drive might pass through it unharmed. if you really 
need to destroy the hardware, i'd recommend a hammer... and safety 
glasses.

hypothetically, if i wanted to sell a used flash drive on ebay... and 
hypothetically if the drive was previously used to store "sensitive" data, 
i'd be fairly comfortable just overwriting the drive once from /dev/zero 
or /dev/urandom and reformatting it.


--
        ...atom

 ________________________
 http://atom.smasher.org/
 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
 -------------------------------------------------

        "Politics would be a helluva good business
         if it weren't for the goddamned people."
                -- Richard M. Nixon