[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY22-DAV34C6752641A71EFF96581B3D60@phx.gbl>
Date: Fri, 22 Jul 2005 00:08:37 +0100
From: "Tiago Halm" <thalm@...mail.com>
To: <focus-ms@...urityfocus.com>
Cc: <bugtraq@...urityfocus.com>
Subject: RE: Peter Gutmann data deletion theaory?
One thing I would add here is the difference between the physical data and
its meaning.
Physically, it may always be possible to retrieve data, but when there is no
notion of the topic at hand or the possible semantic associated with the
data, then that may be an impossible task trying to assemble pieces that in
the end, can have several meanings.
But in the end, I would assume this thread is focusing on the abilities to
retrieve and not to assemble.
Just my 2 cents.
Tiago Halm
-----Original Message-----
From: Barbara Lockwood [mailto:barbis@...lityit.net]
Sent: quinta-feira, 21 de Julho de 2005 19:43
To: 'Jared Johnson'; focus-ms@...urityfocus.com
Cc: bugtraq@...urityfocus.com
Subject: RE: Peter Gutmann data deletion theaory?
This is a well known fact of data forensic science and why this science
flourishes at all. Overwriting data hardly obscures the data. Even when
sections of data sectors are overwritten many times, changes can very often
be reverse engineered. There are companies out there that make their entire
revenue on just such reconstructions.
In fact even de-gaussing (magnetic relignment of ions) sometimes fails to
remove all residual data. The degaussing machine can fail to cover the
separating bands between data. Imagine you had an eraser and managed to
completely erase everything except the top parts of characters. You could
probably guess what the data said. Imperfections in the media, the optical
writing mechanism and the de-gaussing tools can all contribute to there
being some residual data left.
Bar Biszick-Lockwood (cisa, cissp, csqa)
SDLC & Security Process Standards Expert
GCC SOX 404 Audit and Remediation
QualityIT
206-388-3333
pager message: 4252415391@...mail.net
barbis@...lityit.net
RESOURCE SITE: http://www.securityprocessprofessional.com
SERVICES SITE http://www.qualityit.net
-----Original Message-----
From: Jared Johnson [mailto:jaredsjazz@...oo.com]
Sent: Wednesday, July 20, 2005 4:49 PM
To: focus-ms@...urityfocus.com
Cc: bugtraq@...urityfocus.com
Subject: Peter Gutmann data deletion theaory?
All,
Do you all agree with Peter Gutman's conclusion on his theory that data can
never really be erased, as noted in his quote below:
"Data overwritten once or twice may be recovered by subtracting what is
expected to be read from a storage location from what is actually read. Data
which is overwritten an arbitrarily large number of times can still be
recovered provided that the new data isn't written to the same location as
the original data (for magnetic media), or that the recovery attempt is
carried out fairly soon after the new data was written (for RAM). For this
reason it is effectively impossible to sanitise storage locations by simple
overwriting them, no matter how many overwrite passes are made or what data
patterns are written. However by using the relatively simple methods
presented in this paper the task of an attacker can be made significantly
more difficult, if not prohibitively expensive."
It seems that the perhaps the only real way to rid your Hard Drives of data
is to burn them.
I'd love to hear some thoughts on this from security and data experts out
there.
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.9.2/54 - Release Date: 7/21/2005
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.9.2/54 - Release Date: 7/21/2005
---
[This E-mail has been scanned for viruses but it is your responsibility
to maintain up to date anti virus software on the device that you are
currently using to read this email. ]
Powered by blists - more mailing lists