[unisog] Wiping hard drives before computer transfer
docbook.xml at gmail.com
Mon Nov 28 02:57:39 GMT 2005
Similar topic on SecurityFocus' Seurity Basic Mailing List:
But it relates to Bkup tapes.
On 11/27/05, Bradley Ellis <Bradley.Ellis at its.monash.edu.au> wrote:
> In a lot of ways, I like to make life simple - So when disposing
> of failed disks the following come to mind:
> Is the drive still working ?
> - Disk wiping can be used easily.
> Does the drive contain really confidential stuff ?
> - consider physical disk destruction.
> How much does wiping vs destruction and replacement cost ?
> Taking into consideration people's time, certification
> efforts that the data has been removed, etc.
> In many cases - replacing the $AU80 hdd with another and
> physically destorying the old disk with a destruction service
> is cheaper overall than the efforts to the wipd disk to any
> reasonable degree.
> This to me simplifies the whole process and saves having to
> worry about:
> * Encoding format as different formats may need different
> input streams for optimal erasure.
> * Off track data leakage - the data stored in the areas a
> little either side of the track. (Disk heads are accurate,
> but there is nearly always so off track data leakage.
> * Potential Recovery due to partial overwrites.
> Sure Disk erasure commands that are part of proposal's where
> the drive electronics can perform an erase the disk in a couple
> of modes are interesting and may offer some benefits.
> But even when (if) this becomes main stream, I stil like the
> idea of keeping things simple from a daily operations point of view.
> The forensics discussions are fun, but I wouldn't want to have
> them everyday.
> > -----Original Message-----
> > From: unisog-bounces at lists.sans.org
> > [mailto:unisog-bounces at lists.sans.org] On Behalf Of Daniel Feenberg
> > Sent: Saturday, 26 November 2005 10:22 AM
> > To: UNIversity Security Operations Group
> > Subject: Re: [unisog] Wiping hard drives before computer transfer
> > On Fri, 25 Nov 2005, Carl Miller wrote:
> > > In regard to
> > > http://www.dshield.org/pipermail/unisog/2003-January/010022.php
> > >
> > > "Gutmann explains that when a 1 bit is written over a zero bit, the
> > > "actual effect is closer to obtaining a .95 when a zero is
> > > overwritten with a one, and a 1.05 when a one is
> > overwritten with a
> > > zero"."
> > >
> > >
> > > Actually, he compared over-writing both a 0 and 1 with a 1,
> > not as you
> > > say "a 1.05 when a one is overwritten with a zero".
> > >
> > > He desribed it all in terms of over-writing with a 1.
> > >
> > Thank you. A corrected and enlarged version of my essay "Can
> > Intelligence Agencies Read Overwritten Data" has been available at
> > http://www.nber.org/sys-admin/overwritten-data-gutmann.html
> > for several years. I am always interested in additional
> > information on the feasibility of reading overwritten disk
> > sectors, but so far I have not heard from anyone claiming to
> > have done so, or referring me to someone who has done so.
> > By coincidence, we recently had 24 scsi drives filled with
> > confidential data to discard, and ended up drilling the
> > platters, simply because it was much easier than mounting
> > them once the computer that had controlled them died.
> > Daniel Feenberg
> > _______________________________________________
> > unisog mailing list
> > unisog at lists.sans.org
> > http://www.dshield.org/mailman/listinfo/unisog
> unisog mailing list
> unisog at lists.sans.org
Consensus is good, but informed dictatorship is better.
More information about the unisog