Bugtraq mailing list archives

Re: Peter Gutmann data deletion theaory?

From: devnull () Rodents Montreal QC CA
Date: Tue, 26 Jul 2005 01:20:31 -0400 (EDT)

[The From: is a bit-bucket, thanks for the hordes of broken
autoresponders.  Use the address in my signature to reach me.]

With point-and-click easy to use freeware tools under windows, I can
do almost 100% retrieval of files after a full reformat,


I don't believe this for a moment.  What you probably can do is recover
data after running DOS/Windows "format".  Except on floppies, this does
not actually do a reformat; what it does do is more properly called
making a filesystem.  (The misleading name is probably due to DOS's
floppy-based origins and Windows's DOS origins.)

A reformat - a *real* reformat, as in the SCSI FORMAT UNIT command or
whatever the analog is under other interfaces - will, with the possible
exception of blocks spared out while holding sensitive data[%], erase
beyond hope of retrieval by any means short of opening up the drive -
that is, any means that uses the usual data interface to the drive.  If
you don't care about anyone with the resources and interest to open up
the drive and examine the magnetic patterns with tools more sensitive
than the disk's own read/write heads, this is almost certainly[%] all
you need to do.

But if you do, then you probably are paranoid enough that thermite (or
some equivalent that melts the drive into a puddle of liquid metal) is
the best option for you.  Multiple overwrites are *probably* enough
with modern drives - but if your data are sensitive enough for your
adversary to be willing to open the drive up in a cleanroom, melting it
down is cheap, and about as sure as you're going to get.

[%] Some drives may have commands to best-effort read spared-out
    blocks, which may leave data recoverable if the reformat believes
    the current bad-block list instead of (re)constructing it from the
    surface scan inherent in the reformat.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               mouse () rodents montreal qc ca
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Current thread:

Re: [BugTraq] Peter Gutmann data deletion theaory?, (continued)
- Re: [BugTraq] Peter Gutmann data deletion theaory? Robin Whittle (Jul 22)
  - Re: [BugTraq] Peter Gutmann data deletion theaory? Volker Kuhlmann (Jul 27)
- RE: Peter Gutmann data deletion theaory? dave kleiman (Jul 27)
- RE: Peter Gutmann data deletion theaory? Jeremy Epstein (Jul 21)
- RE: Peter Gutmann data deletion theaory? Glenn.Everhart (Jul 21)
- Re: RE: Peter Gutmann data deletion theaory? underwood-de (Jul 22)
  - Re: RE: Peter Gutmann data deletion theaory? Ron van Daal (Jul 27)
    - Re: RE: Peter Gutmann data deletion theaory? Simple Nomad (Jul 28)
- RE: Peter Gutmann data deletion theaory? Earnhart, Benjamin J (Jul 22)
  - Re: Peter Gutmann data deletion theaory? Casper . Dik (Jul 27)
  - Re: Peter Gutmann data deletion theaory? devnull (Jul 27)
- RE: Peter Gutmann data deletion theaory? Robert Thompson Jr. (Jul 22)
  - Re: Peter Gutmann data deletion theaory? Andreas Beck (Jul 27)
  - RE: Peter Gutmann data deletion theaory? Bret Morey (Jul 27)