RE: Interesting One

["Trevor Cushen" <Trevor.Cushen () sysnet ie>]

Thanks James Taylor I was wondering where I got the seven from.  I have
looked at the DOD standard that disk wiping products talk about and it
has no number in it (Orange book).  Other US government documents talk
about three levels of disk destruction, wiping, degaussing, and
destruction.  This may be where the various numbers are coming from.
Another post talked about the US government saying 7 also so "it must be
secure".  I won't go by that since the same US government wants
encryption levels kept down so they can break them.  Do they want the
same from disk wipes??? Yes a bit paranoid conspiracy stuff alright, I
agree.

I think the concensis seems to be that a good overwrite of all sectors
2-3 times will make the disk pretty much safe for reuse if the data is
not highly sensitive.  If it is then burn the disk and buy a new one
instead of reusing it.

Also it seems clear that if it is possible to recover data that was
overwritten 30 times it is not something that would have been done
easily.  It takes great effort, expensive equipment, and expertise.  If
your repair guy could get data then why was he looking and what did he
get.

I would agree it was scare mongering for a sale of some disk wiping
software package they just happen to sell.  Do they sell something like
this???

Trevor Cushen
Sysnet Ltd

www.sysnet.ie
Tel: +353 1 2983000
Fax: +353 1 2960499



-----Original Message-----
From: James Taylor [mailto:james_n_taylor () yahoo com] 
Sent: 30 October 2002 04:50
To: security-basics () securityfocus com
Subject: Re: Interesting One


The CISSP Study Guide (ISBN 0-471-41356-9) states that:

"Information on magnetic media is typically 'destroyed' by degaussing or
overwriting. Formatting a disk once dones not completly destroy all
data, the entire media must be overwritten or formatted seven times to
conform to standards for object reuse".

Also the above book states that "the Orange Book standard reccommends
that magnetic media be formatted seven times before discard or reuse of
media".

So if the US gov't reccommends seven times, you can bet
that they have technology that can read to a lower level
than that! However 30 times seems a bit excessive and it
must depend on the nature of the data being overwritten and what area's
of the media have been completly destroyed. At that level I imagine it's
something like guessing the picture from a 10000 piece jigsaw puzzle,
with most of the pieces missing.

Regards
James


--- Carol Stone <carol () carolstone com> wrote:
> I don't know much about this, but yesterday I read in one
> of the later
> chapters of Bruce Schneier's book, "Secrets and Lies,"
> (link to amazon 
> follows) that over-writing data on a disk does *not*
> completely 
> obliterate it, it just makes it a lot more difficult to
> recover with 
> each over-write. I believe he said just how many
> re-writes were still 
> recoverable was a secret one of our governmental
> organizations wasn't 
> about to give up.  I'll look at my book later when I have
> it in my 
> hands and see if I can't find part and post a pointer to
> *his* 
> reference.
>
> -carol
>
> http://www.amazon.com/exec/obidos/tg/detail/-
/0471253111/qid=1035924654/sr=8-3/ref=sr_8_3/104-4454644-5987143?
> v=glance&n=507846
>
> > Greetings Folks,
> >
> > I had an interesting conversation today with someone
> from FAST
> > (Federation
> > Against Software Theft) They pretend not to be a snitch
> wing of the
> BSA.
> > Anyway, to get to the point, the guy that came to see
> me said that
> their
> > forensics guys could read data off a hard drive that
> had been written
> > over
> > up to thirty times. I find this very hard to believe
> and told him I
> > thought
> > he was mistaken but the guy was adamant that it could
> be done. My
> > question
> > is, does anyone have any views on this, or, can anyone
> point me to a
> > source
> > of information where I can get the facts on exactly how
> much data can
> be
> > retrieved off a hard drive and under what conditions
> etc etc.
> > Thanks
> >
> > Dave Adams
> >  
> >  
> >  
> > This message (and any associated files) is intended
> only for the
> > use of the individual or entity to which it is
> addressed and may
> > contain information that is confidential, subject to
> copyright or
> > constitutes a trade secret. If you are not the intended
> recipient
> > you are hereby notified that any dissemination, copying
> or
> > distribution of this message, or files associated with
> this message,
> > is strictly prohibited. If you have received this
> message in error,
> > please notify us immediately by replying to the message
> and deleting
> > it from your computer. Messages sent to and from
> > John Crowley (Maidstone) Ltd may be monitored. 
> >
> > Internet communications cannot be guaranteed to be
> secure or error-
> free
> > as information could be intercepted, corrupted, lost,
> destroyed,
> arrive 
> > late or incomplete, or contain viruses. Therefore, we
> do not accept
> > responsibility for any errors or omissions that are
> present in this
> > message, or any attachment, that have arisen as a
> result of e-mail
> > transmission. If verification is required, please
> request a hard-copy
> > version. Any views or opinions presented are solely
> those of the
> author 
> > and do not necessarily represent those of John Crowley
> (Maidstone)
> Ltd.
> >
>
> --
> Real people for the virtual world.
> http://www.elirion.net


__________________________________________________
Do you Yahoo!?
HotJobs - Search new jobs daily now
http://hotjobs.yahoo.com/


**************************************************************************************

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed. 

If you have received this message in error please notify SYSNET Ltd., at
telephone no: +353-1-2983000 or postmaster () sysnet ie

**************************************************************************************