[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87brikde39.fsf@it029205.massey.ac.nz>
From: j.riden at massey.ac.nz (James Riden)
Subject: Erasing a hard disk easily
"Gregh" <chows@...mail.com.au> writes:
> ----- Original Message -----
> From: "Maarten" <fulldisc@...ratux.org>
> To: <full-disclosure@...ts.netsys.com>
> Sent: Tuesday, July 13, 2004 7:23 AM
> Subject: Re: [Full-Disclosure] Erasing a hard disk easily
>
>
>>
>> An overwrite with all zeros will -allegedly- not withstand a serious
>> data-recovery attempt by professionals, not even when repeated.
>
> I know you stated "allegedly" but this subject interests me. Many years ago,
> a good friend of mine who had been in to pirating and suddenly realised he
> could end up behind bars if he was ever caught got the shakes thinking about
> it. He deleted it all and I let him know that wasn't good enough. He got
> hold of a simple basic program that kept looping until the disk was full,
> writing a line of 80 of the number "8" to the disk making one file that got
> bigger and bigger until, ultimately, it filled the disk. Once filled, it
> would close the file and all you had to do was boot into DOS and delete it
> and the space was free once more all overwritten with the number "8"
> wherever you looked with a sector editor.
See "Secure Deletion of Data from Magnetic and Solid-State Memory"
at http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
If it's sensitive, it often gets physically destroyed. If it's not,
"wipe -k /dev/hda" will do, from a Knoppix prompt, with whatever
parameters you feel appropriate.
from 'man wipe':
"Recovery of supposedly erased data from magnetic media is easier than
what many people would like to believe. A technique called Magnetic
Force Microscopy (MFM) allows any moderately funded opponent to
recover the last two or three layers of data written to disk; wipe
repeadetly over- writes special patterns to the files to be destroyed,
using the fsync() call and/or the O_SYNC bit to force disk access. In
normal mode, 34 patterns are used (of which 8 are random). These
patterns were recommended in an article from Peter Gutmann [email
elided] entitled "Secure Deletion of Data from Magnetic and
Solid-State Memory". A quick mode allows you to use only 4 passes with
random patterns, which is of course much less secure."
ISTR that 'moderately funded' is in the order of 10K USD, but
unfortunately I don't get to play with those kinds of toys.
cheers,
Jamie
--
James Riden / j.riden@...sey.ac.nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
Powered by blists - more mailing lists