[unisog] Wiping hard drives before computer transfer

Bradley Ellis Bradley.Ellis at its.monash.edu.au
Mon Nov 28 01:48:56 GMT 2005


In a lot of ways, I like to make life simple - So when disposing
of failed disks the following come to mind:

	Is the drive still working ?
		- Disk wiping can be used easily.

	Does the drive contain really confidential stuff ?
		- consider physical disk destruction.

	How much does wiping vs destruction and replacement cost ?
	Taking into consideration people's time, certification 
	efforts that the data has been removed, etc.

In many cases - replacing the $AU80 hdd with another and
physically destorying the old disk with a destruction service
is cheaper overall than the efforts to the wipd disk to any 
reasonable degree.

This to me simplifies the whole process and saves having to
worry about:

	* Encoding format as different formats may need different
	  input streams for optimal erasure.

	* Off track data leakage - the data stored in the areas a
	little either side of the track. (Disk heads are accurate,
	but there is nearly always so off track data leakage.

	* Potential Recovery due to partial overwrites.

Sure Disk erasure commands that are part of proposal's where
the drive electronics can perform an erase the disk in a couple 
of modes are interesting and may offer some benefits.

But even when (if) this becomes main stream, I stil like the 
idea of keeping things simple from a daily operations point of view.

The forensics discussions are fun, but I wouldn't want to have 
them everyday.


> -----Original Message-----
> From: unisog-bounces at lists.sans.org 
> [mailto:unisog-bounces at lists.sans.org] On Behalf Of Daniel Feenberg
> Sent: Saturday, 26 November 2005 10:22 AM
> To: UNIversity Security Operations Group
> Subject: Re: [unisog] Wiping hard drives before computer transfer
> On Fri, 25 Nov 2005, Carl Miller wrote:
> > In regard to
> > http://www.dshield.org/pipermail/unisog/2003-January/010022.php
> >  
> > "Gutmann explains that when a 1 bit is written over a zero bit, the 
> > "actual  effect is closer to obtaining a .95 when a zero is 
> > overwritten with a one,  and a 1.05 when a one is 
> overwritten with a 
> > zero"."
> >  
> >  
> > Actually, he compared over-writing both a 0 and 1 with a 1, 
> not as you 
> > say "a 1.05 when a one is overwritten with a zero".
> >  
> > He desribed it all in terms of over-writing with a 1.
> >  
> Thank you. A corrected and enlarged version of my essay "Can 
> Intelligence Agencies Read Overwritten Data" has been available at
>   http://www.nber.org/sys-admin/overwritten-data-gutmann.html
> for several years. I am always interested in additional 
> information on the feasibility of reading overwritten disk 
> sectors, but so far I have not heard from anyone claiming to 
> have done so, or referring me to someone who has done so. 
> By coincidence, we recently had 24 scsi drives filled with 
> confidential data to discard, and ended up drilling the 
> platters, simply because it was much easier than mounting 
> them once the computer that had controlled them died.
> Daniel Feenberg
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

More information about the unisog mailing list