[32044] in bugtraq
Re: [PAPER] Juggling with packets: floating data storage
daemon@ATHENA.MIT.EDU (Brandon Eisenmann)
Fri Oct 10 12:28:12 2003
From: Brandon Eisenmann <beisenmann@earthlink.net>
To: bugtraq@securityfocus.com
Cc: Adeel Hussain <ad33lh@hotmail.com>
In-Reply-To: <20031009123859.29678.qmail@sf-www1-symnsj.securityfocus.com>
Content-Type: text/plain
Message-Id: <1065754714.2269.22.camel@localhost.localdomain>
Mime-Version: 1.0
Date: Thu, 09 Oct 2003 22:58:34 -0400
Content-Transfer-Encoding: 7bit
I don't in principal disagree that data can be recovered even from DRAM,
even powered down DRAM. I have yet to hear of a case where it has been
performed for forensic reasons. Academically there are quite a few
examples of techniques for recovering data from DRAM not to mention
SRAM. The Peter Gutmann paper you mention does cover the topic
briefly, for further reading I would suggest a later more technical
paper from him titled "Data Remanence in Semiconductor Devices". You
can find it at http://citeseer.nj.nec.com/gutmann98data.html.
Also Sandia Labs did a lot of research on retrieving data from
semiconductors. I can't think of any paper titles off hand but I do
recall finding a paper or two in the "IEEE Transactions on Nuclear
Science"
There has also been some talk about freezing DRAM before powering it
down to help maintain state and aid in data recovery.
All very interesting but other than extreme cases involving national
security I doubt that anyone would spare the expense. Especially law
enforcement or forensics investigators.
-Brandon Eisenmann
On Thu, 2003-10-09 at 08:38, Adeel Hussain wrote:
> In-Reply-To: <75a101c38dd8$40064170$1200a70a@watdougmoen>
>
> Show me another
> >> method that can delete 6.5 GB a data in a completely unrecoverable manner
> >> that quickly.
> >
> >A ramdisk.
> >
> >Doug Moen.
> >
> >
>
> Section 7 of Peter Gutman's paper "Secure Deletion of Data from Magnetic and Solid-State Memory" touches on the fact that data can be retreived from RAM with varying degrees of success.
>
> Corrections are always welcomed.
>
> Paper available at:
> http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/
