lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <004101c46a0e$fdd07500$471610ac@Security>
From: joel at helgeson.com (Joel R. Helgeson)
Subject: Erasing a hard disk easily 

As a forensic analyst, a simple one-pass is often sufficient. The way to 
pull data off that has been overwritten by these methods, in my experience, 
can only be recovered by opening up the platters and putting a more 
sensitive read head attached to an o-scope in order to read the data.

If someone is going to go through those pains to recover the data then there 
are much easier ways to hack into/gain access to your secrets.

FWIW...

Regards,

Joel R. Helgeson
Director of Networking & Security Services
SymetriQ Corporation

"Give a man fire, and he'll be warm for a day; set a man on fire, and he'll 
be warm for the rest of his life."
----- Original Message ----- 
From: "Todd Towles" <toddtowles@...okshires.com>
To: <Valdis.Kletnieks@...edu>; "'Maarten'" <fulldisc@...ratux.org>
Cc: <full-disclosure@...ts.netsys.com>
Sent: Wednesday, July 14, 2004 4:22 PM
Subject: RE: [Full-Disclosure] Erasing a hard disk easily


> WipeDrive3 is a DOD approved (HIPAA, etc) product that I use and it calls
> DOD-level wiping 3 passes with 3 overwrites each. Most of the time I use 1
> pass for less important information.
>
> http://www.whitecanyon.com/wipedrive.php
>
>
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
> Valdis.Kletnieks@...edu
> Sent: Tuesday, July 13, 2004 11:45 PM
> To: Maarten
> Cc: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Erasing a hard disk easily
>
> On Mon, 12 Jul 2004 23:23:24 +0200, Maarten <fulldisc@...ratux.org>  said:
>
>> * Department-of-defense level (dd as above but lots more times (like 
>> 10+))
>
> DOD 5220-22M says:
>
> http://www.irwin.army.mil/ac/Electronic_Publications/DoD_Pubs/DoD%205220-22-
> M/cp
> 8.pdf
>
> Pages 14 and 15 note methods "a, b, d, and m" sanitizing fixed drives,
> and continues:
>
> d. Overwrite all addressable locations with a character, its complement,
> then a
> random character and verify. THIS
>   METHOD IS NOT APPROVED FOR SANITIZING MEDIA THAT CONTAINS TOP SECRET
> INFORMA-
>   TION.
>
> So 3 passes with verification is sufficient for up to Secret.  Top Secret
> and higher classifications require physical destruction of the disk.
>
> (Note that these are the regs for civilian-sector contractors to the DoD,
> anybody with citations for the military and/or intelligence community
> segments feel free to speak up - but I suspect they're fairly similar..)
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ