Re: Advice regarding servers and Wiping Drives after testing

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2007-09-11 William Holmberg wrote:
> On Tuesday, September 04, 2007 1:03 PM Ansgar -59cobalt- Wiechers wrote:
> > On 2007-09-01 gjgowey () tmo blackberry net wrote:
> > > A since pass with all zero's really won't protect your data from
> > > being recovered by more advanced data recovery software let alone
> > > alone hardware.
> >
> > I'd like to see a single case where someone was able to recover data
> > from an overwritten harddisk, even after a single pass with zeroes.
>
> No doubt you are an intelligent and well educated person in these
> fields, and probably have many areas of expertise more proficient than
> mine. I do have to state however, and nearly any Infragard member can
> tell you, the FBI uses tools that accomplish this on a regular basis.
> I have no doubt other agencies do as well. We have had demonstrations
> of it remotely in a class I help instruct, SAFE computing for Law
> Enforcement and Non-Profits (SAFE is Security And Forensic Education)
> at Metro State University of Minnesota, MCTC campus.

Demonstrations of recovering data from fully overwritten media, without
opening the case? Sorry, but I seriously doubt that. Feel free to prove
me wrong, but without evidence I find that really hard to believe. Keep
in mind we're not talking about wiping single files, but overwriting the
entire media.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq