Slashdot Mirror
New Tech In Data Retrieval
Johnath writes: "Story over at Science News about magnetoresistive microscopy, which allows very high-res inspection of magnetic media. The article is touting it primarily as a forensic tool, and gets me thinking -- how many passes of write-over-with-random-data are now required to securely delete a file?"
Still, the equipment necessary to recover a 7 times read/write-over pass is probably out of the price range of all but the most well-funded groups; I wouldn't worry too much about it, especially if you use an encrypted file system and encrypted swap files.
Free music from Jack Merlot.
Similar technologies have been around for a few years that could reconstruct the data stored on a disk from magnetic "shadows". This technology just gives them a much higher resolution method to do the same thing.
At any rate, the one true way to prevent anyone from seeing what's on your disk is to encrypt it- even if they recover the data, there's not much that can be done with it!
Briefly, the main problems are the "ghost" of the old data, track misalignment leaving part of the old data on the side of a track, and bad sectors which are marked off by the drive electronics. There are also issues with drives that promise to write the data to the store immeditately, but in fact just cache it.
The only thing you can do is overwrite with random data several times in the hope that this will be enough.
Paul.
You are lost in a twisty maze of little standards, all different.
Well if you read the article you could have read they can take data from a tape that is damaged. i think a hammer is not a problem for this kind of data reconstruction. Which lead me to the best solution: Hcl (? Is this muriatic acid in englisch = zoutzuur in het nederlands ?). Back to the question how many overwrites? An important part of the trick is to know the data density of the disk. Since they are using a head of a recent MR hard disk, it is supposed is to come close to the data density of the best hard disks that exists now. Overwriting would leave nothing in the resolution that it could scan today. SO the number of times you overwrite is according the number of years you want to hide the data. -watergate audio tape is not save at all. -your 20 MB (80286) hard disk could easly be reconstructed if overwriten once. -your 80 GB disk should be save for 5 to 10 years or it should contain very valuable data. This is like encrypting data. It is save, but only for a limited time. So the suggestion of somebody to encrypt the data is just a as (un)save. It only takes time to recover the data.
*Link to GPL'd Source Code Below*!
l .html
The DOD standard you and others mention specifies a specific set of patterns to be used for each pass, in order to maximize the chances of making the data unrecoverable. It's specified in DOD 5220.22-M and generally referred to as "DOD standard 7-pass extended character rotation wiping," which is quite a mouthful.
Sami Tolvanen has done some excellent research into the area, however, and at
http://www.tolvanen.com/eraser/
he goes into specifics, including scientific papers and providing links to the actual text of the DOD standard. He also provides a Windows binary for download and *GPL'd SOURCE CODE*, for a program he wrote called Eraser which is probably the best file shredding util out there. He concludes, based in part on a scientific paper at
http://www.cs.auckland.ac.nz/~pgut001/secure_de
that the DOD standard is outdated, and that the best answer is to use 35-pass "Gutmann shredding" using passes of specific characters as suggested by Dr. Gutmann in his paper linked above.
Maybe some people should start porting Eraser to Linux, nudge-nudge wink-wink hint-hint.
"The more corrupt the state, the more numerous the laws."--Tacitus, *The Annals*
1. Big Magnets... For only 19.95, we'll ship you a super powerful magnet capable of realigning the entire hard disk. This device takes some time, and is best used over a couple days. Please note that while large, and heavy, this is NOT a SPEAKER MAGNET!!!! We purchase ours before they ever reach the speaker manufacturer.
2. Thermite Charges... Yes folks, you now have the ability to not only corrupt every single peice of data on your hard-drive, with our magnesium hotmelt system, we can even guarantee you fragging the computer it is in!!! These hard drive modifications are somewhat difficult to accomplish, so please send your hard drive, along with 200.00 (non-refundable) to our own technical explosives specialist, three fingers McCoy.
3. Gravity/Kinetic Data sentry: 79.00... Our Data sentry gives it's best when and where it counts... Simply mount this item near your computer for a "just in case" emergency, and when the feds come pounding on your door, just begin actuating, and deactuating the Data Sentry to pulverize the hard disk. This Data Sentry, superior to others available, not only comes with a completely waterproof fiberglass handle, it also comes with an instruction manual. The solid core mettallic head has a patent on it for it's balled shape, which distributes tremendous kinetic energy into a very small location, (more PSI per use than comparable DATA SENTRIES!!!) Can also be used to hang pictures, pound nails, straightening metal, etc.
4. And finally, we would like to give you one of the finest data security measures we have to offer. The cost is 5.00 for the item, and 25.00 shipping and handling. This item utilizes new space age non-kilned ceramo-limestone material to create a heavy, yet durable and portable security measure. When the need is there, simply lift our destructo bloc about 4 feet in the air, and let it fall on your hard disk. This item guarantees hard disk breakage on the first impact, or your money back. (Shipping and handling costs not included). Item can also be thrown at incoming agents to buy time with the "DATA SENTRY". Caution: Do not drop on foot, on Glass, or on Pets. This product is in no way related to an ordinary concrete block, although you can disguise it as one if you think you are being watched!!!
krystal_blade
It will be easy to motivate our fellow man; there is hardly anything people treasure more than not being annihilated.
Colin Plumb's shred(1) is part of GNU fileutils 4.0, standard install on Red Hat 6.2. From the info page:
"This uses many overwrite passes, with the data patterns chosen to maximize the damage they do to the old data. While this will work on floppies, the patterns are designed for best effect on hard drives. For more details, see the source code and Peter Gutmann's paper `Secure Deletion of Data from Magnetic and Solid-State Memory', from the
proceedings of the Sixth USENIX Security Symposium (San Jose, California, 22-25 July, 1996)."
Ask a silly person, get a silly answer.
1) -Triggering of a super strong electro-magnet, followed by,
2) -An instantaneous release of acid that would eat away at the surface of the disk.
These ideas may seem stupid to most, but you must realize that by opening a harddrive, you are ruining it anyway. I got this idea from the Guinness Tall Boy cans which have a Nitrogen Booster that gets released as soon as you open the can. The drives would have to be manufactured in such a way that these mechanisms could not be interjected before opening the case. This kind of hardware would not be targeted to the average consumer, but to those who may feel a little paranoid about the MAN getting a hold of their data.
http://www.nist.gov/public_ affairs/releases/g00-108.htm
I don't think this press release is referenced at the Science News article.
Answer: Assume that security via obliteration will be ineffective. Instead, use non-random data. Use something so nasty, atrocious, and baiting that those that pry go for the lure rather than the information beneath the palimpsest.
Security through what-they-want-ifiscation.
Mojotoad
> I'm not a data recovery expert, but wouldn't a random sequence of bits written between
> each step of writing the specified sequential pattern of bits make it harder to
> establish physical patterns during data recovery?
The point of using specified patterns when wiping is so that those patterns will have the combined effect of completely obliterating the magnetic signature of any stored data. That's why certain patterns are mathematically thought to have a much more useful effect in the secure deletion of files than just using random data.
Think about it this way; the following parallel isn't accurate as to the exact process, but should illustrate the same methodology: You have a few lines of text written on a sheet of paper, and you wish to render them unreadable even to very close examination. (Obviously you'd burn the paper, but for the sake of example assume we have to keep the paper.) Now, what would be most effective in destroying your writing, randomly scribbling over each character, or carefully writing successive patterns of other letters over the existing ones in order to methodically obliterate them? A simplistic analogy, but that's the easiest way to grok it. I doubt 100 passes of random data could be as effective as 35-pass Guttmann wiping.
"The more corrupt the state, the more numerous the laws."--Tacitus, *The Annals*
Burn it to CDROM? But wont that leave more evidence to destroy than what you started with?
- da Lawn
't used to be LawnMOWER, really...
As the sample moves back and forth, the head detects the strength and direction of the magnetic field at millions of points. A computer then can make a topographic image from the data or interpret the data directly-into sound, for instance.
Imagine the possibilities: you could record sound onto a piece of magnetic material - a loop of tape coated with powdered iron oxide, for example - and this advanced computer technology would allow you to play back that sound at will! The gramophone will be a thing of the past! I predict that in ten years' time room-sized devices based on this technology will be available, making it possible to listen to music anywhere there is access to a 24 kW power supply (required to run the computer). Now if only we could find a smaller, less power-hungry replacement for vacuum tubes...
$ cat < /dev/mouse
Anyways, this should destroy just about anything.. work as an emergency device for the paranoid.
Didn't you know that O'Brien has been doing this for ages? He always manages to find some fragments of the file which he can use to reconstruct the original. I always thought it was a little far-fetched. Guess I was wrong.
> primarily as a forensic tool, and gets me
> thinking -- how many passes of write-over-with
> random-data are now required to securely delete
> a file?"
the more interesting aspect is that if you've got such a great method of recovering partially deleted data, you can easily pack more data onto the medium by just writing more data over it.
Retrieval will be *really* slow but this might change in the future.
Da Warez D00d
Point being, 99% of the time, if you want to get rid of all of the data on a hard drive... you'd probably like to be able to use that drive again in the future. The security of my data is not worth the $200 that I payed for my drive (I have nothing important), however if I can protect myself by writing over the data x times, in pattern y, then I am interested.
--
Restating the obvious since nineteen aught five.
If you can't count on your data being dead even after you performed a multi-pass wipe of the hard drive and then burned it, then where do you seek protection?
Obviously, encryption.
Big brother is watching, if you want to keep anything secret you better use something that will at least be hard for "them" to penetrate. Encryption is the only known last defense.
Hmmm, let's see if I can get Echelon to take notice of this post. Nuclear weapons grade plutonium uranium kryptonite terrorism attack make the infidels pay bomb blood killing death www.terrorists.org DEATH TO THE UNBELIEVERS! allah'u akbar muhammad purple monkey dishwasher.
I remember reading that big HDDs were starting to be sold where the _real_ capacity was quite a bit larger than the stated capacity and the drive automatically looked for sectors about to go bad and started using the 'spare' parts of the drive. Hence giving a more reliable drive than you might otherwise get. If this is the case then you might be writing your obscuring data over the parts of the platters that the HDD is using _now_ but not what it was using when you first got it and started using it to store your por^H^H^H sensitive data.
Anyone know any more about this?
My dad was working for Controll Data Corporation back in the '70s, which was then a big comptuer company. (Cray designed their systems before starting his own company).
They had drum drives. Like a normal harddrive, but instead of a platter it was a drum (like a big tin can). The department of defense bought on of these units, which turned out to be defective. After a few days of operation it broke, and deformed the drum. There was now no machine that could read it. They DOD sent it back to the factory for replacement - with two armed gaurds. Those gaurds were with the machine at all times until technitions opened the case. Then they took rags, rubed the magnetic coating off the drum, and burned the rags.
Believe it or not, that may not be enough. Guttmann's paper goes into some detail as to how much magnetic field is required to fully reset the media. As an example of an "adequate" field, he mentions a DOD device which produced a field so strong it actually bent the drive platter.
The military actually uses these things. One of the neater James Bond devices I've seen is what appears (at first glance) to be two thick hanging file folders. One at the front of the drawer, one at the back. Then you notice the wires attached to them. They're shaped explosive charges, designed to completely destroy the contents of a file cabinate or safe quicky. For use in the event of "imminent compromise" of security by enemy forces.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Anyone know any more about this?
Yes, most any hard drive made past 1990 or so will have "spare sectors", which are used to replace sectors the drive detects are going bad. This is considered a problem for the DoD, which is why you are required to either (1) use drives certified not to do that or (2) physically destroy the drive before you can call it "clean".
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Since this incident we have gone back to the traditional method of: 1) Place drive on bare concrete floor 2) Hit repeatedly with a 50# sledge (this is a BIG mofo) 3) Put your new extreme slimline drive in the trash.
Note that physical deformation may still leave recoverable magnetic signatures on the recording medium. There are companies who specialize in this sort of data recovery. I know of at least one case where a laptop (with hard drive) was run over by a truck, completely crushing it. The company was able to recover all most all of the data.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
I wrote a Tempest certified disk formatter in the 80s and was required to do 10 passes with specific patterns to qualify. To prove their point they had me write a text file onto a disk and then run the formatter. With earlier/fewer passes they were able to print the file out and give it to me (I chose the text) This was in the 80s, so I'm sure it's better now. They used to grind up bad disk drives so that all that came out was sand, that was the preferred method to "sanitize" them
... wouldn't it be nice if opening a harddrive and by breaking the vacuum seal ...
... but you must realize that by opening a harddrive, you are ruining it anyway.
It is a common misconception that hard drives are vacuum sealed. In fact, Winchester-style disk drives use an air cushion to "float" the heads above the disk platters. They won't work in a vacuum. Furthermore, hard disk drives have filtered "breather holes" which connect the inside of the drive to the outside. They need to do this because as the spindle motor heats up, the air inside the chamber expands, and it needs a place to go.
Not true. The danger is contamination -- i.e., dust. If even a tiny dust particle gets between the read/write head and the platter while it is spinning at 3600 RPM or faster, Bad Things Happen. If you use a clean-room environment, you can open up a hard drive -- and even run it with the cover off. Data recovery companies sometimes do this sort of thing.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Hmmm... I hadn't thought about that. For a short file, it shouldn't make any difference (since the first 12(?) blocks on an ext2 FS are accessed directly through the inode, which should be the same even if open(2) is carried out with the O_TRUNC flag. I don't know wenough about the kernel's inner workings (especially how it caches these sort of operations before writing them out to physical media) to make any definite statements, but it would certainly seem like there's a race condition between the time the file's truncated and the random data is written out (unless these two operations are actually carried out atomically, which I think is unlikely). In normal use, it probably doesn't matter too much, but we're talking about normal use by extreme paranoiacs, so it's obviously not good enough.
To do thus properly, you'd have to go digging into the kernel and alter the unlinking operation to all the random overwriting before it actually unlinks the file. Bummer.
At work, we have several NSA certified tape degaussers. The degaussers are certified for media up to 750 oersted at better than -90 dB erasure. They are strong enough to erase the credit cards in your wallet if you stand too close to one that is in operation. Signs are posted that warn people with heart pacemakers to stay out of the area. As strong as they are, they are not powerful enough to securely erase the high coercivity media used in many modern tape cartridges and disk drives. The other problem is that a hard disk enclosure is going to shield the platters inside the drive.
See A Guide to Understanding Data Remanence in Automated Information Systems for the National Computer Security Center guide to the subject.
Mea navis aericumbens anguillis abundat
Here are the articles:
Trashing your PC - http://archive.abc news.go.com/sections/tech/Geek/geek000706.html
Data Dump - http://archive.abc news.go.com/sections/tech/Geek/geek000622.html
The Hard (Drive) Facts - http://archive.abc news.go.com/sections/tech/Geek/geek000615.html
I could not justify my existence if I were a turkey farmer. Would I terminate myself? Undoubtably, yes.
However, if you use cryptography, for example, the Steganographics File System, and if you implement it securely, then it doesn't matter what people can retrieve.
Of course, with cryptography, you run into some of the same issues. In particular, keeping your keys secure is, in itself, not trivial. For example, if you type in your key and the program that reads the key gets swapped out, your plaintext key will have been written to disk.