Disk Wipe Methods

Dustin Decker dustind at moon-lite.com
Tue Jan 21 15:44:00 CST 2003 

On Tue, 21 Jan 2003 KRFinch at dstsystems.com wrote:

> There's no way to take data off of the disk so it can't be read by someone
> willing to spend the money to do it.  After talking to a friend of mine
> that worked in Naval Intelligence about it, he said that he wouldn't even
> start to feel comfortable about covering his tracks until he had
> overwritten all of the tracks on the disk at least 1500 times.  It's
> amazing what you can pull off a drive with an electron microscope.

Yeah - and most of my clients keep one of these electron microscopes in 
their closet for just such a use.  :)  I'm not trying to keep the 
CIA/NSA/FBI/KGB from seeing stuff on the drive - I am interested in taking 
"reasonable measures" to ensure the confidentiality of the information 
that formerly lived on the drive.

My clients aren't stupid - but they are "users".  They can go out and buy 
OnTrack data recovery software or something comparable, and look to see if 
anything on the drive is recoverable.

> Don't take the risk.  Disks are cheap compared to the cost of losing a
> client or getting sued.  Buy a new one for each client.

There's no way in hell you can cost justify $200+ bucks a pop on this 
issue.  The whole reason we're using the USB drive is because users and 
screwdrivers generally don't mix all that well.  This is a quick and easy 
solution to a "send me several gigs of data" problem.  If I were truely 
paranoid, I'd be concerned that someone from UPS or FedEx might be 
examining the contents of the drive during shipping, in which case my 
"users" would have to learn about encryption as well.  Fortunately, that's 
not the case here.

The good news is, I've found some decent resources on this issue.  Indeed, 
if someone wants to spend "way more $$$ than the data is worth" to see it, 
there isn't much I can do.  Ultimately to suit the case at hand, I need 
only ensure that "the applied DC field used to erase the data is several 
times the media coercivity".  Since I don't feel like degaussing the 
drive, I'll likely pull 75 or more passes with a funky bit order and 
randomization.

Anyone else interested in this stuff might find this link worthwhile:
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

Dustin

-- 
*-----------------------------------*
| Dustin Decker                     |
| dustind at moon-lite.com       *-----------------------------------------*
| http://www.dustindecker.com |                                         |
| Moon-Lite Computing         | "How many teamsters does it take to     |
| 913.579.7117                |  screw in a light bulb?"                |
*-----------------------------|                                         | 
                              | "FIFTEEN!! YOU GOT A PROBLEM WITH THAT?"|
                              |                                         |
                              *-----------------------------------------*

More information about the Kclug mailing list