data shredder

Gilles Gravier ggravier at fsfe.org
Mon Dec 21 13:48:26 UTC 2009


 Hi, Amedee!

On 21/12/2009 14:36, Amedee Van Gasse (ub) wrote:
> On Mon, December 21, 2009 10:04, Gilles Gravier wrote:
>
>   
>> The problem with these commands, is that you're not really helping...
>> Forensics tools will read below one or more levels of re-write. You need
>> to do this several times in a row... and, more importantly, you need to
>> use special data patterns that will actually make reading shadows of
>> former data harder if not impossible. There are standards for that. And
>> they do not involve writing random data or zeros, but actual specific
>> patterns.
>>     
> Hi!
>
> Can you name a few of those forensics softwares? + documentation about how
> they actually work and what the conditions are to get usable results?
> Preferably something recent, not some outdated standards published by the
> USA government (I don't trust foreign governments on that subject, I don't
> even trust my own government).
>   
The standards are still there, like /DoD 5220.22-M (3 passes).../ and
more also. See the list on my previous post.
> Or are you talking about disassembling a hard disk in a dustfree room and
> reading the actual magnetic patterns with a scanning probe microscope to
> get a palimpsest image of the disk?
>   
That's why you want to have many overwrites... or a full gaussian
demagnetization (there are machines to do that)...

Of course if you want to re-use your drive... overwrites is the way to
go. Or assured delete.
> If you're afraid of a casual hacker or even most law enforcement (I have
> played a bit with the forensic tools cd of our Federal Computer Crime
> Unit), overwriting it 10 times with random data will be more than enough.
>   
Random data is not enough... If you're going random, you might as well
do one pass.

If you want to benefit from multiple passes, you should use one of the
patterns created for that.
> It's only when you're afraid of *very* large organisations (intelligence
> agencies, multinationals) that procedures with special RLL patterns are
> worth the effort. But then again, if your data is really *that* important,
> you should physically destroy the disk. Throw it in the blash furnace of a
> steel mill.
> But that's just my humble opinion...
>   
True.
> Another argument, if you have 10 KB of sensitive data on a 500 GB drive,
> the chances that it will be found are close to zero. The data density is
> just too high. And then there is the case of perpendicular recording.
>   
Unless there is clear text in that block that allows a sector search to
find it...
> What about flash memory? To shred data on a NAND memory device you will
> need something that is covered by patent WO/2009/009052

Or you use assured delete...

Gilles.





More information about the ubuntu-users mailing list