lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050723221442.O34923@zarathustra.linux666.com>
Date: Sat, 23 Jul 2005 22:47:13 +0200 (CEST)
From: Ron van Daal <ronvdaal@....nl>
To: bugtraq@...urityfocus.com
Subject: Re: RE: Peter Gutmann data deletion theaory?


> We were not allowed to do a seven pass government wipe to dispose of the drives as our security people deemed it inadequate, we turned them over to our classified waste people who stored them until there were enough to justify having the platters removed and mechanicaly beaten into little lumps of metal.

Aren't you being too paranoid? I think a simple zeroing out of your entire 
drive using dd(1) starting with the first sector is enough to cover your
privacy. I don't know about other ""secret"" government agencies in NL or 
other counties who actually do microscopic magnetic recovery efforts, but
dd(1) does the trick to defeat disk analysis by our national digital crime 
unit. From what I've read in one of their internal memo's is that they just
use a hexdump(1) alike utility to find any non-zero bytes on the drive to 
conclude "the drive has been wiped entirely".

As far as I know will our National Forensics Institute not go any further.
To be more precise: most disks analyses are being done automaticly rather
than by hand (which is even more the case with the digital crime unit).

For this they use registry-catalogs, browser cache/cookie/history inventory
programs, raw disk searching on strings, and the like. Which is pretty
logical as disk sizes are rapidly increasing, making the analysers' job 
pretty difficult because of the ever increasing haystack. While data hiding
techniques continue to develop - making the needle even harder to find.

Grt,

Ron van Daal


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ