Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Advice regarding servers and Wiping Drives after testing

From: gjgowey () tmo blackberry net
Date: Wed, 12 Sep 2007 17:52:18 +0000
What you're forgetting is that these pieces of software aren't you normal "access the hdd through regular os calls". 
These pieces of software are sending low level commands to the drive its self an interpreting what's sent back instead 
of relying on a middle layer.  They can literally have the head scan a particular sector as many times as is needed 
until it gets a signal back that resembles something useable.  Writing all 0's will never prevent against software 
recovery because the all 0's approach is like recording over a used VCR tape once.

Geoff

Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>

Date: Wed, 12 Sep 2007 12:48:42 
To:security-basics () securityfocus com
Subject: Re: Advice regarding servers and Wiping Drives after testing


On 2007-09-11 William Holmberg wrote:

On Tuesday, September 04, 2007 1:03 PM Ansgar -59cobalt- Wiechers wrote:

On 2007-09-01 gjgowey () tmo blackberry net wrote:

A since pass with all zero's really won't protect your data from
being recovered by more advanced data recovery software let alone
alone hardware.


I'd like to see a single case where someone was able to recover data
from an overwritten harddisk, even after a single pass with zeroes.


No doubt you are an intelligent and well educated person in these
fields, and probably have many areas of expertise more proficient than
mine. I do have to state however, and nearly any Infragard member can
tell you, the FBI uses tools that accomplish this on a regular basis.
I have no doubt other agencies do as well. We have had demonstrations
of it remotely in a class I help instruct, SAFE computing for Law
Enforcement and Non-Profits (SAFE is Security And Forensic Education)
at Metro State University of Minnesota, MCTC campus.


Demonstrations of recovering data from fully overwritten media, without
opening the case? Sorry, but I seriously doubt that. Feel free to prove
me wrong, but without evidence I find that really hard to believe. Keep
in mind we're not talking about wiping single files, but overwriting the
entire media.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
Previous By Date Next
Previous By Thread Next

Current thread: