Full Disclosure mailing list archives
Re: Disk wiping -- An alternate approach?
From: Tracy Reed <treed () ultraviolet org>
Date: Mon, 25 Jan 2010 20:32:35 -0800
On Tue, Jan 26, 2010 at 04:26:08AM +0100, E. Prom spake thusly:
The point is that they never get a hard-drive full of zeroes or random numbers, but a hard-drive that have pieces of other data under the zeroes or random numbers. That's why programs like "wipe" fills more than 20 times the hard-drive with data. But filling 20 times a whole disk can be very, very long, expecially if it's a 2TB USB drive. A "quick" wipe filling a drive only 4 times, is often enouth, but...
Fortunately, so many rewrites are not necessary and have not been for a long time. I destroy drives containing credit card and other personal data with just one wipe (assuming the drive is operational) and if not I drill a few holes in it. While investigating how to best destroy such data I happened across some postings with some actual experimental results from trying recover overwritten data: http://blogs.sans.org/computer-forensics/2009/01/15/overwriting-hard-drive-data/ And some analysis of modern techniques for recovering data and their effectiveness: https://blogs.sans.org/computer-forensics/2009/01/28/spin-stand-microscopy-of-hard-disk-data/ Executive summary: Data overwritten once is unrecoverable on any drive made in the last 10 years. So do a single write pass from /dev/random on working drives. For non-functional drives or where overwriting is not possible drilling holes is very sufficient for any business and personal data. For top secret data wanted by an enemy with millions to spend and you cannot overwrite the data just once then recovery via Spin Stand Microscopy from undamaged areas of the platter is possible at great expense and weeks of constant work. Shattering the platter makes this technique much harder rendering perhaps 80% of the data unrecoverable. You are still best off with a cheap one time write of the whole drive. And as far as data recovery from failed drives goes this is rather amusing: http://blogs.sans.org/computer-forensics/2009/09/30/the-failed-hard-drive-the-toaster-oven-and-a-little-faith/ -- Tracy Reed http://tracyreed.org
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Disk wiping -- An alternate approach?, (continued)
- Re: Disk wiping -- An alternate approach? Thor (Hammer of God) (Jan 27)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 27)
- Re: Disk wiping -- An alternate approach? Rohit Patnaik (Jan 27)
- Re: Disk wiping -- An alternate approach? T Biehn (Jan 26)
- Re: Disk wiping -- An alternate approach? E. Prom (Jan 25)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 25)
- Re: Disk wiping -- An alternate approach? Thor (Hammer of God) (Jan 25)
- Re: Disk wiping -- An alternate approach? Rohit Patnaik (Jan 25)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 25)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 25)
- Re: Disk wiping -- An alternate approach? Tracy Reed (Jan 25)
- Re: Disk wiping -- An alternate approach? E. Prom (Jan 25)
- Re: Disk wiping -- An alternate approach? Bipin Gautam (Jan 25)
- Re: Disk wiping -- An alternate approach? Michael Holstein (Jan 26)
- Re: Disk wiping -- An alternate approach? Christian Sciberras (Jan 26)
- Re: Disk wiping -- An alternate approach? T Biehn (Jan 26)
- Re: Disk wiping -- An alternate approach? T Biehn (Jan 26)
- Re: Disk wiping -- An alternate approach? Christian Sciberras (Jan 26)
- Re: Disk wiping -- An alternate approach? T Biehn (Jan 26)
- Re: Disk wiping -- An alternate approach? Valdis . Kletnieks (Jan 26)
- Re: Disk wiping -- An alternate approach? T Biehn (Jan 26)