[unisog] Wiping hard drives before computer transfer
Bradley.Ellis at its.monash.edu.au
Mon Nov 28 01:48:56 GMT 2005
In a lot of ways, I like to make life simple - So when disposing
of failed disks the following come to mind:
Is the drive still working ?
- Disk wiping can be used easily.
Does the drive contain really confidential stuff ?
- consider physical disk destruction.
How much does wiping vs destruction and replacement cost ?
Taking into consideration people's time, certification
efforts that the data has been removed, etc.
In many cases - replacing the $AU80 hdd with another and
physically destorying the old disk with a destruction service
is cheaper overall than the efforts to the wipd disk to any
This to me simplifies the whole process and saves having to
* Encoding format as different formats may need different
input streams for optimal erasure.
* Off track data leakage - the data stored in the areas a
little either side of the track. (Disk heads are accurate,
but there is nearly always so off track data leakage.
* Potential Recovery due to partial overwrites.
Sure Disk erasure commands that are part of proposal's where
the drive electronics can perform an erase the disk in a couple
of modes are interesting and may offer some benefits.
But even when (if) this becomes main stream, I stil like the
idea of keeping things simple from a daily operations point of view.
The forensics discussions are fun, but I wouldn't want to have
> -----Original Message-----
> From: unisog-bounces at lists.sans.org
> [mailto:unisog-bounces at lists.sans.org] On Behalf Of Daniel Feenberg
> Sent: Saturday, 26 November 2005 10:22 AM
> To: UNIversity Security Operations Group
> Subject: Re: [unisog] Wiping hard drives before computer transfer
> On Fri, 25 Nov 2005, Carl Miller wrote:
> > In regard to
> > http://www.dshield.org/pipermail/unisog/2003-January/010022.php
> > "Gutmann explains that when a 1 bit is written over a zero bit, the
> > "actual effect is closer to obtaining a .95 when a zero is
> > overwritten with a one, and a 1.05 when a one is
> overwritten with a
> > zero"."
> > Actually, he compared over-writing both a 0 and 1 with a 1,
> not as you
> > say "a 1.05 when a one is overwritten with a zero".
> > He desribed it all in terms of over-writing with a 1.
> Thank you. A corrected and enlarged version of my essay "Can
> Intelligence Agencies Read Overwritten Data" has been available at
> for several years. I am always interested in additional
> information on the feasibility of reading overwritten disk
> sectors, but so far I have not heard from anyone claiming to
> have done so, or referring me to someone who has done so.
> By coincidence, we recently had 24 scsi drives filled with
> confidential data to discard, and ended up drilling the
> platters, simply because it was much easier than mounting
> them once the computer that had controlled them died.
> Daniel Feenberg
> unisog mailing list
> unisog at lists.sans.org
More information about the unisog