Re: Issue about Hard Drives

[Dan Brosemer <odin@cleannorth.org>]

On Tue, Feb 18, 2003 at 03:45:16PM +0000, Don McGorman wrote:
> I noticed this article which we may get questions about at the next BOYD.

I can pull the fluff out of this article.

1.  Deleting files does not erase them.  Often they are easily recoverable.
2.  Reformatting a hard drive does not erase data, merely erases the
directory of how to get to the data.  A knowlegable person can recover the
data with minimal effort.
3.  Simply writing over top of all the sectors on the drive will prevent
most (the city cops, your next-door neighbor, their dog) from reading the
data, but it will not stop someone with a large ammount of money.
4.  $2000 is _not_ a large ammount of money.  If you want to see a data
recovery firm that isn't snake-oil, have a look at Ibas:
http://www.ibas.com/recovery/data-recovery-services.htm
Expect at least ten times that price.
5.  A paper was presented at the 1996 USENIX Security Symposium about how to
securely remove data from a hard disk without physically destroying the
media.  Places like Ibas and the NSA can get around it, but it will
seriously raise the cost:
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

Those are the facts... now, we tell businesses and institutions to wipe
their data.  Do we tell individuals?  I consider it their responsibility
since it's their data.  I won't make the judgement call on how much wiping
needs to occur, and going through the steps described in the Gutmann paper
would not be feasable at the event.  Even overwriting once with zeroes may
be too time consuming.

-Dan

-- 
"Burnished gallows set with red
 Caress the fevered, empty mind
 Of man who hangs bloodied and blind
 To reach for wisdom, not for bread."  -- Deoridhe Grimsdaughter

Attachment: pgp00000.pgp
Description: PGP signature