Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Advice regarding servers and Wiping Drives after testing

From: "dave kleiman" <dave () davekleiman com>
Date: Wed, 12 Sep 2007 10:07:54 -0400
Bill,

I think you are mistaken.  I attend and teach labs at most of the forensic
events yearlong including the FBI InfraGard National Conference (
http://tinyurl.com/24vuj8 ).  As a matter of fact, last month at the HTCIA
International conference in San Diego, part of my class demonstrated how to
identify the traces of different types of erasure programs. These were
single random and/or zero passes.
You can download it here:  http://tinyurl.com/35mbc9 .  I have NEVER seen or
heard of a demonstration or tool, outside of an ESM Electron Scanning
Microscope, that would recover the data after being "wiped".
Perhaps you are thinking of after deleting partitions and/or formatting
several passes??

Dave



Respectfully,

Dave Kleiman - http://www.davekleiman.com
4371 Northlake Blvd
Suite 314
Palm Beach Gardens, FL 33410
561.310.8801 







      -----Original Message-----
      From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On
      Behalf Of William Holmberg
      Sent: Tuesday, September 11, 2007 17:36
      To: Ansgar -59cobalt- Wiechers; security-basics () securityfocus com
      Subject: RE: Advice regarding servers and Wiping Drives after testing
      
      
      
      -----Original Message-----
      From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
      On Behalf Of Ansgar -59cobalt- Wiechers
      Sent: Tuesday, September 04, 2007 1:03 PM
      To: security-basics () securityfocus om
      Subject: Re: Advice regarding servers and Wiping Drives after testing
      
      On 2007-09-01 gjgowey () tmo blackberry net wrote:
      > A since pass with all zero's really won't protect your data from
being
      > recovered by more advanced data recovery software let alone alone
      > hardware.
      
      I'd like to see a single case where someone was able to recover data
      from an overwritten harddisk, even after a single pass with zeroes.
      
      *********************
      Hi,
      No doubt you are an intelligent and well educated person in these
      fields, and probably have many areas of expertise more proficient than
      mine. I do have to state however, and nearly any Infragard member can
      tell you, the FBI uses tools that accomplish this on a regular basis.
I
      have no doubt other agencies do as well. We have had demonstrations of
      it remotely in a class I help instruct, SAFE computing for Law
      Enforcement and Non-Profits (SAFE is Security And Forensic Education)
at
      Metro State University of Minnesota, MCTC campus.
      
      My .02...
      -Bil
Previous By Date Next
Previous By Thread Next

Current thread: