Full Disclosure mailing list archives

Re: Erasing a hard disk easily

From: James Riden <j.riden () massey ac nz>
Date: Tue, 13 Jul 2004 11:02:02 +1200

"Gregh" <chows () ozemail com au> writes:

----- Original Message ----- 
From: "Maarten" <fulldisc () ultratux org>
To: <full-disclosure () lists netsys com>
Sent: Tuesday, July 13, 2004 7:23 AM
Subject: Re: [Full-disclosure] Erasing a hard disk easily


An overwrite with all zeros will -allegedly- not withstand a serious
data-recovery attempt by professionals, not even when repeated.


I know you stated "allegedly" but this subject interests me. Many years ago,
a good friend of mine who had been in to pirating and suddenly realised he
could end up behind bars if he was ever caught got the shakes thinking about
it. He deleted it all and I let him know that wasn't good enough. He got
hold of a simple basic program that kept looping until the disk was full,
writing a line of 80 of the number "8" to the disk making one file that got
bigger and bigger until, ultimately, it filled the disk. Once filled, it
would close the file and all you had to do was boot into DOS and delete it
and the space was free once more all overwritten with the number "8"
wherever you looked with a sector editor.


See "Secure Deletion of Data from Magnetic and Solid-State Memory"
at http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

If it's sensitive, it often gets physically destroyed. If it's not,
"wipe -k /dev/hda" will do, from a Knoppix prompt, with whatever
parameters you feel appropriate.

from 'man wipe':

"Recovery of supposedly erased data from magnetic media is easier than
what many people would like to believe. A technique called Magnetic
Force Microscopy (MFM) allows any moderately funded opponent to
recover the last two or three layers of data written to disk; wipe
repeadetly over- writes special patterns to the files to be destroyed,
using the fsync() call and/or the O_SYNC bit to force disk access. In
normal mode, 34 patterns are used (of which 8 are random). These
patterns were recommended in an article from Peter Gutmann [email
elided] entitled "Secure Deletion of Data from Magnetic and
Solid-State Memory". A quick mode allows you to use only 4 passes with
random patterns, which is of course much less secure."

ISTR that 'moderately funded' is in the order of 10K USD, but
unfortunately I don't get to play with those kinds of toys.

cheers, 
 Jamie
-- 
James Riden / j.riden () massey ac nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Remote crash of Half-Life servers and clients (versions before the 07 July 2004) Luigi Auriemma (Jul 12)
- Erasing a hard disk easily amilabs (Jul 12)
  - RE: Erasing a hard disk easily amilabs (Jul 12)
    - Re: Erasing a hard disk easily Maarten (Jul 12)
    - Re: Erasing a hard disk easily Gregh (Jul 12)
    - Re: Erasing a hard disk easily David Vincent (Jul 12)
    - Re: Erasing a hard disk easily James Riden (Jul 12)
    - Re: Erasing a hard disk easily Michael Williamson (Jul 12)
    - Re: Erasing a hard disk easily Dave Horsfall (Jul 12)
    - Re: Erasing a hard disk easily morning_wood (Jul 12)
    - Re: Erasing a hard disk easily Thomas Sjögren (Jul 12)
    - Re: Erasing a hard disk easily Tim (Jul 12)
    - Re: Erasing a hard disk easily Aditya, ALD [ Aditya Lalit Deshmukh ] (Jul 12)
    - Re: Erasing a hard disk easily Pavel Kankovsky (Jul 13)
    - Re: Erasing a hard disk easily Valdis . Kletnieks (Jul 14)
    - RE: Erasing a hard disk easily Todd Towles (Jul 14)
    - Re: Erasing a hard disk easily Joel R. Helgeson (Jul 14)

(Thread continues...)