| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: joel at helgeson.com (Joel R. Helgeson) Subject: Erasing a hard disk easily As a forensic analyst, a simple one-pass is often sufficient. The way to pull data off that has been overwritten by these methods, in my experience, can only be recovered by opening up the platters and putting a more sensitive read head attached to an o-scope in order to read the data. If someone is going to go through those pains to recover the data then there are much easier ways to hack into/gain access to your secrets. FWIW... Regards, Joel R. Helgeson Director of Networking & Security Services SymetriQ Corporation "Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life." ----- Original Message ----- From: "Todd Towles" <toddtowles@...okshires.com> To: <Valdis.Kletnieks@...edu>; "'Maarten'" <fulldisc@...ratux.org> Cc: <full-disclosure@...ts.netsys.com> Sent: Wednesday, July 14, 2004 4:22 PM Subject: RE: [Full-Disclosure] Erasing a hard disk easily > WipeDrive3 is a DOD approved (HIPAA, etc) product that I use and it calls > DOD-level wiping 3 passes with 3 overwrites each. Most of the time I use 1 > pass for less important information. > > http://www.whitecanyon.com/wipedrive.php > > > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > Valdis.Kletnieks@...edu > Sent: Tuesday, July 13, 2004 11:45 PM > To: Maarten > Cc: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] Erasing a hard disk easily > > On Mon, 12 Jul 2004 23:23:24 +0200, Maarten <fulldisc@...ratux.org> said: > >> * Department-of-defense level (dd as above but lots more times (like >> 10+)) > > DOD 5220-22M says: > > http://www.irwin.army.mil/ac/Electronic_Publications/DoD_Pubs/DoD%205220-22- > M/cp > 8.pdf > > Pages 14 and 15 note methods "a, b, d, and m" sanitizing fixed drives, > and continues: > > d. Overwrite all addressable locations with a character, its complement, > then a > random character and verify. THIS > METHOD IS NOT APPROVED FOR SANITIZING MEDIA THAT CONTAINS TOP SECRET > INFORMA- > TION. > > So 3 passes with verification is sufficient for up to Secret. Top Secret > and higher classifications require physical destruction of the disk. > > (Note that these are the regs for civilian-sector contractors to the DoD, > anybody with citations for the military and/or intelligence community > segments feel free to speak up - but I suspect they're fairly similar..) > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists