[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050723221442.O34923@zarathustra.linux666.com>
Date: Sat, 23 Jul 2005 22:47:13 +0200 (CEST)
From: Ron van Daal <ronvdaal@....nl>
To: bugtraq@...urityfocus.com
Subject: Re: RE: Peter Gutmann data deletion theaory?
> We were not allowed to do a seven pass government wipe to dispose of the drives as our security people deemed it inadequate, we turned them over to our classified waste people who stored them until there were enough to justify having the platters removed and mechanicaly beaten into little lumps of metal.
Aren't you being too paranoid? I think a simple zeroing out of your entire
drive using dd(1) starting with the first sector is enough to cover your
privacy. I don't know about other ""secret"" government agencies in NL or
other counties who actually do microscopic magnetic recovery efforts, but
dd(1) does the trick to defeat disk analysis by our national digital crime
unit. From what I've read in one of their internal memo's is that they just
use a hexdump(1) alike utility to find any non-zero bytes on the drive to
conclude "the drive has been wiped entirely".
As far as I know will our National Forensics Institute not go any further.
To be more precise: most disks analyses are being done automaticly rather
than by hand (which is even more the case with the digital crime unit).
For this they use registry-catalogs, browser cache/cookie/history inventory
programs, raw disk searching on strings, and the like. Which is pretty
logical as disk sizes are rapidly increasing, making the analysers' job
pretty difficult because of the ever increasing haystack. While data hiding
techniques continue to develop - making the needle even harder to find.
Grt,
Ron van Daal
Powered by blists - more mailing lists