[unisog] Wiping hard drives before computer transfer

Tom Perrine tep at sdsc.edu
Fri Jan 24 17:41:34 GMT 2003


>>>>> On Fri, 24 Jan 2003 07:08:42 -0600, "Curtis K. Shrote" <shrote at arlut.utexas.edu> said:

    CKS> If I have time someday, I'd like to do a forensic analysis to verify its 
    CKS> effectiveness. Of course, I lack the hardware to restore data after a 
    CKS> multi-overwrite.

Peter Gutman in NZ has done about the best non-GOV work on recovering
data from hard drives.  All you need is a scanning tunnelling electron
microscope, IIRC :-)

This was Peter's first paper on the subject, I think he has done more
with it since then.

The premise is that when writing, the heads don't always settle in the
same part of the track, eg they lay down a stripe of new bits that may
not fully over-write the old bits, esp if the old stripe and the new
stripe are at opposite edges of the much wider "track".  You can steer
the microscope along the various stripes and recover data, since the
probe is so much narrower than a write head.

Its interesting reading, and Peter does explain it much better.  I
have also seen DoD data in my prior life that nows makes sense, after
talking to Peter about his research in this area.  Essentially, now we
know why (ot at least another reason) the DoD has always mandated lots
of over-writes.

      Author: Peter Gutmann
       Title: Secure Deletion of Data from Magnetic and Solid-State Memory
       Pages: 77-89
   Publisher: USENIX
 Proceedings: 6th USENIX Security Symposium
        Date: July 22-25, 1996
    Location: San Jose, CA
 Institution: University of Auckland

--tep



More information about the unisog mailing list