[39808] in bugtraq
Re: Peter Gutmann data deletion theaory?
daemon@ATHENA.MIT.EDU (Simple Nomad)
Fri Jul 22 01:47:41 2005
From: Simple Nomad <thegnome@nmrc.org>
To: bugtraq@securityfocus.com
Date: Thu, 21 Jul 2005 14:07:12 -0500
Cc: "Jared Johnson" <jaredsjazz@yahoo.com>, focus-ms@securityfocus.com
In-Reply-To: <20050720235626.17186.qmail@mail.securityfocus.com>
MIME-Version: 1.0
Content-Type: multipart/signed;
boundary="nextPart2236158.5QqGBUutjy";
protocol="application/pgp-signature";
micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200507211407.21468@nmrc.org>
--nextPart2236158.5QqGBUutjy
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Wednesday 20 July 2005 18:48, Jared Johnson wrote:
> Data overwritten once or twice
<snip>
The quote is from 1996. I spoke with Guttman about this at AusCERT a few ye=
ars=20
ago and even *he* doesn't believe it anymore. Drive technology has changed=
=20
substantially since then.
The main areas where criminals get caught with bad stuff on their drives by=
=20
forensics people is from 1) not knowing where the data is being written to=
=20
(browser cache, swap file, etc) 2) not doing any overwrite of the data as a=
=20
part of deletion, and 3) not taking into consideration such items as file=20
slack.
Drives that do caching and file systems that do journaling also may be a=20
factor. That being said, 3 wipes are "good enough for government work". DoD=
=20
5220.22-M chapter 8 subsection 306 in the Cleaing and Sanitization Matrix=20
shows under the Magentic Disk section that to properly sanitize a=20
non-removable rigid drive, that the choices of degaussing, destruction of t=
he=20
drive, or a 3 pass wipe are acceptible methods for disk sanitation. Note th=
at=20
the 3 pass wipe method is NOT acceptable for drives that contained Top Secr=
et=20
information - so unless the drive contained Top Secret material, you're=20
covered.
It should be noted that this issue has been done to death on bugtraq severa=
l=20
times.
=2D-=20
# Simple Nomad, C=B2ISSP -- thegnome@nmrc.org #
# C1B1 E749 25DF 867C 36D4 1E14 247A A4BD 6838 F11D #
# http://www.nmrc.org/~thegnome/ #
--nextPart2236158.5QqGBUutjy
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQBC3/JpJHqkvWg48R0RAm8NAJsEengeBmq+/s+4C1sC+2EHub0+RwCfe34z
gfe0XwWAcE+Q5PseLuEtQ4A=
=fHx4
-----END PGP SIGNATURE-----
--nextPart2236158.5QqGBUutjy--
