Security Basics mailing list archives

RE: Interesting One

From: Tim Donahue <TDonahue () haynesconstruction com>
Date: Thu, 31 Oct 2002 13:14:32 -0500

You are using software to try and recover information.  If you can recover
files after filling the platter with zeros 4 or 5 times and recover it
without a direct attack on the platters (ie,using a SEM), then why is it so
hard to believe that specialized HARDWARE can recover it after 30 times?  

At this point, I think it has been determined that the best way (and
possibly the only way in the near future) to prevent the recovery of
information is the complete and total destruction of the drive.  

Here is a good question for you though, at what point is it worth just
destroying the drive?  My guess would be we are at that point now, because
we have to use so many resources to be reasonably sure that the data is
unrecoverable, that is is cost effective to just destroy the drive and
purchase a replacement for it.

Tim Donahue

-----Original Message-----
From: Chris Chandler [mailto:chandlerchrisc () earthlink net] 
Sent: Wednesday, October 30, 2002 1:05 PM
To: thomas () northernsecurity net; 'Dave Adams'; 
security-basics () security-focus com
Subject: RE: Interesting One

When they say it can be retrieved if a drive has been 
formatted up to 30 times, they are probably a little 
ambitious. Most formats are done using "format c:" and 
nothing else. Again, this just removes the pointers. When I 
redo a drive, I run a zero fill 3 times over it. Then to test 
whether or not data has been completely erased, I run the 
drive on my Encase machine. If anything shows up I erase some more. 
So your FAST person may be a little ambitious in his/her 
claims, I know that just regular formatting can leave a drive 
recoverable up to about 5 times anyway.

Chris Chandler
A+, Network +, MCSE NT4/2000
Network Security Consultant
http://www.wilykiote.com

-----Original Message-----
From: Thomas Sjögren [mailto:thomas () northernsecurity net] 
Sent: Tuesday, October 29, 2002 5:29 PM
To: Dave Adams; security-basics () security-focus com
Subject: Re: Interesting One

On Monday 28 October 2002 23:06, Dave Adams wrote:

I had an interesting conversation today with someone from FAST 
(Federation Against Software Theft) They pretend not to be a snitch 
wing of the BSA. Anyway, to get to the point, the guy that

came to see

me said that their forensics guys could read data off a hard drive 
that had been written over
up to thirty times. [...]


Really? Wow. Please email me about the tools they are using, 
but that's 
probably classified.

Current thread:

RE: Interesting One lvickers (Oct 31)
- <Possible follow-ups>
- RE: Interesting One Jimmy Liang (Oct 31)
- Re: Interesting One easy (Oct 31)
- RE: Interesting One Michael Vaughan (Oct 31)
- Re: Interesting One Candice Ward (Oct 31)
- RE: Interesting One Tim Donahue (Oct 31)
- RE: Interesting One Carol Stone (Oct 31)
- RE: Interesting One Rygg Christian (Oct 31)
- RE: Interesting One Trevor Cushen (Oct 31)
- Re: Interesting One ONEILL David J (Nov 01)
- Re: Interesting One Greg van der Gaast (Nov 01)
- RE: Interesting One Leonard.Ong (Nov 01)
- RE: Interesting One Holmes, Ben (Nov 01)
- RE: Interesting One Trevor Cushen (Nov 01)
  - Re: Interesting One Meritt James (Nov 01)
- Re: Interesting One Chet Uber (Nov 01)

(Thread continues...)