[Dshield] Dead hard drive disposal

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Thu May 24 14:18:19 GMT 2007


On Thu, 24 May 2007 08:49:00 EDT, Jeff Kell said:

> A one-pass overwrite of the media (NIST SP800-88) and you've eliminated even 
> the script kiddies with a Helix CD.
> 
> DBAN and you've probably eliminated most commercial data recovery services as well.

Actually, after even a one-pass overwrite you've eliminated essentially *every*
commercial data recovery services.  The best proof that nobody outside the
spook community is able to do recover after a single overwrite is the fact that
not a single recovery company is claiming to do be able to do it (and consider
that being able to do so would be a huge market differentiator).

The attacks that Guttman outlines a decade ago may well have been feasible
against the drives of that day - but I've not heard a *single* report of anybody
actually recovering data after a single-overwrite on a modern drive.

Anybody got an actual "somebody *did*" report, as opposed to "somebody *could*"?

Actually reading NIST SP800 shows that they concur, as they regard "clearing"
and "purging" as being equivalent on modern drives ("clear" is basically "one
over-write" for when the drive is remaining under your control, "purge" is
"multiple overwrites with extreme prejudice" for when the drive is about to
leave your control).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/list/attachments/20070524/fe2c8602/attachment.bin 


More information about the list mailing list