Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Advice regarding servers and Wiping Drives after testing

From: "Joel A. Folkerts" <jfolkert () hiwaay net>
Date: Fri, 31 Aug 2007 16:53:29 -0500
Nothing should be left after running that command - in theory, the entire physical disk would be wiped with zeros. 
Using publically available forensic software, nothing will be recoverable after running this command. To my knowledge, 
the only possible exception would be a Host Protected Area (HPA)[1] which requires additional steps to detect and 
adequately destroy. 

I am not familiar with the OSX utility that you mentioned; however, one pass of zeros is sufficient. Many people 
wrongly assume that using multiple wipes is somehow more secure against data recovery efforts.

[1] http://en.wikipedia.org/wiki/Host_Protected_Area

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of cosynmr () googlemail com
Sent: Friday, August 31, 2007 3:37 PM
To: security-basics () securityfocus com
Subject: Advice regarding servers and Wiping Drives after testing

Can someone explain why anything would be left after running :

dd if=/dev/zero of=/dev/hda

Wouldn't this write zeros across the entire disk? How could anything
be recovered afterward?

I see osx disk utility can with write zeros once, or write zeros many
times. Is there any advantage in multiple writes?
Previous By Date Next
Previous By Thread Next

Current thread: