Security Basics mailing list archives
RE: Interesting One
From: Tim Donahue <TDonahue () haynesconstruction com>
Date: Thu, 31 Oct 2002 13:14:32 -0500
You are using software to try and recover information. If you can recover files after filling the platter with zeros 4 or 5 times and recover it without a direct attack on the platters (ie,using a SEM), then why is it so hard to believe that specialized HARDWARE can recover it after 30 times? At this point, I think it has been determined that the best way (and possibly the only way in the near future) to prevent the recovery of information is the complete and total destruction of the drive. Here is a good question for you though, at what point is it worth just destroying the drive? My guess would be we are at that point now, because we have to use so many resources to be reasonably sure that the data is unrecoverable, that is is cost effective to just destroy the drive and purchase a replacement for it. Tim Donahue
-----Original Message----- From: Chris Chandler [mailto:chandlerchrisc () earthlink net] Sent: Wednesday, October 30, 2002 1:05 PM To: thomas () northernsecurity net; 'Dave Adams'; security-basics () security-focus com Subject: RE: Interesting One When they say it can be retrieved if a drive has been formatted up to 30 times, they are probably a little ambitious. Most formats are done using "format c:" and nothing else. Again, this just removes the pointers. When I redo a drive, I run a zero fill 3 times over it. Then to test whether or not data has been completely erased, I run the drive on my Encase machine. If anything shows up I erase some more. So your FAST person may be a little ambitious in his/her claims, I know that just regular formatting can leave a drive recoverable up to about 5 times anyway. Chris Chandler A+, Network +, MCSE NT4/2000 Network Security Consultant http://www.wilykiote.com -----Original Message----- From: Thomas Sjögren [mailto:thomas () northernsecurity net] Sent: Tuesday, October 29, 2002 5:29 PM To: Dave Adams; security-basics () security-focus com Subject: Re: Interesting One On Monday 28 October 2002 23:06, Dave Adams wrote:I had an interesting conversation today with someone from FAST (Federation Against Software Theft) They pretend not to be a snitch wing of the BSA. Anyway, to get to the point, the guy thatcame to seeme said that their forensics guys could read data off a hard drive that had been written over up to thirty times. [...]Really? Wow. Please email me about the tools they are using, but that's probably classified.
Current thread:
- RE: Interesting One lvickers (Oct 31)
- <Possible follow-ups>
- RE: Interesting One Jimmy Liang (Oct 31)
- Re: Interesting One easy (Oct 31)
- RE: Interesting One Michael Vaughan (Oct 31)
- Re: Interesting One Candice Ward (Oct 31)
- RE: Interesting One Tim Donahue (Oct 31)
- RE: Interesting One Carol Stone (Oct 31)
- RE: Interesting One Rygg Christian (Oct 31)
- RE: Interesting One Trevor Cushen (Oct 31)
- Re: Interesting One ONEILL David J (Nov 01)
- Re: Interesting One Greg van der Gaast (Nov 01)
- RE: Interesting One Leonard.Ong (Nov 01)
- RE: Interesting One Holmes, Ben (Nov 01)
- RE: Interesting One Trevor Cushen (Nov 01)
- Re: Interesting One Meritt James (Nov 01)
- Re: Interesting One Chet Uber (Nov 01)
(Thread continues...)