Re: Hard Drive data security

[Alessandro Bottonelli <a.bottonelli () axis-net it>]

On Friday 01 October 2004 04:17, Leong Kok Wah Kenneth wrote:
> But questions are - 1. where do we get 'free'
> disk wiping program from the net?
Google for "bcwipe" for Microsoft environments. 

Many Unix flavours come shipped with the "shred" utility. Or you 
can overwrite data with other standard utilitues as already 
mentioned in the thread.

>       2. what assurance that it will do a good job using the
> 'free' disk wiping program as they are compared commerical
> licensed ones?
Unless you have a well geared lab for actual testing, you'll 
have to rely on others' testing. Personally, I'd trust more a 
free utilty that maybe comes with sources that I can analyze, 
rather than a commercial utility. But that's me.

Much also depends on the value of the data you want to shred vs. 
the motivation and the tools for recovery of your "adversary" 
(whoever he/she happens to be). If returning a drive with low to 
mid-level classified data on it to the manufacturer is the 
concern, then I would simply degauss the drive with a strong 
magnet. I doubt a technician who is paid for refurbishing the 
disk has  motive, opportunity and  means to scan it with 
sophisticated devices.

If the drive contained high level classified data and I were 
concerned that some "agency" (with motivation and tools) may be 
interested in them, then probably I would trust no wiping tools 
and I would simply pay the extra price for not returning the 
drive to the manufacturer and take care personally of destroying 
physically the drive before disposing of it. Many gray-scale 
scenarios may lay in between those to extremes.

My 2 Eurocents worth :-)

-- 
Alessandro Bottonelli
AXIS-NET Provacy & InfoSec Consulting
http://www.axis-net.it
http://www.axamonline.net