Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Tech In Data Retrieval

Posted by timothy on from the I-didn't-do-it-and-nobody-saw-me dept.

Johnath writes: "Story over at Science News about magnetoresistive microscopy, which allows very high-res inspection of magnetic media. The article is touting it primarily as a forensic tool, and gets me thinking -- how many passes of write-over-with-random-data are now required to securely delete a file?"

12 of 124 comments (clear)

  1. "Officially" by dragonfly_blue · · Score: 3
    Officially (which means nothing of course) I think the Defense Department mandates that 7 random read/write passes be made over data before it is cosidered securely destroyed. However, it has long been hypothesized that no matter how many times the data is written over, there is still a discernable and recoverable trace of the original information, mostly due to an extremely slight positional variation in the read/write heads as they pass over the original.

    Still, the equipment necessary to recover a 7 times read/write-over pass is probably out of the price range of all but the most well-funded groups; I wouldn't worry too much about it, especially if you use an encrypted file system and encrypted swap files.

    --
    Free music from Jack Merlot.
  2. Secure deletion paper by Paul+Johnson · · Score: 5
    The best paper I've seen is here. Its a bit old (1996), but has lots of useful info.

    Briefly, the main problems are the "ghost" of the old data, track misalignment leaving part of the old data on the side of a track, and bad sectors which are marked off by the drive electronics. There are also issues with drives that promise to write the data to the store immeditately, but in fact just cache it.

    The only thing you can do is overwrite with random data several times in the hope that this will be enough.

    Paul.

    --
    You are lost in a twisty maze of little standards, all different.
  3. Actually, do *NOT* use random passes... by Sir_Winston · · Score: 5

    *Link to GPL'd Source Code Below*!

    The DOD standard you and others mention specifies a specific set of patterns to be used for each pass, in order to maximize the chances of making the data unrecoverable. It's specified in DOD 5220.22-M and generally referred to as "DOD standard 7-pass extended character rotation wiping," which is quite a mouthful.

    Sami Tolvanen has done some excellent research into the area, however, and at

    http://www.tolvanen.com/eraser/

    he goes into specifics, including scientific papers and providing links to the actual text of the DOD standard. He also provides a Windows binary for download and *GPL'd SOURCE CODE*, for a program he wrote called Eraser which is probably the best file shredding util out there. He concludes, based in part on a scientific paper at

    http://www.cs.auckland.ac.nz/~pgut001/secure_del .html

    that the DOD standard is outdated, and that the best answer is to use 35-pass "Gutmann shredding" using passes of specific characters as suggested by Dr. Gutmann in his paper linked above.

    Maybe some people should start porting Eraser to Linux, nudge-nudge wink-wink hint-hint.

    --


    "The more corrupt the state, the more numerous the laws."--Tacitus, *The Annals*
  4. Securing Data by krystal_blade · · Score: 5
    Security Fanatic alert!!! There are several new products which have just come on the market that will assist you in ensuring that your data is safe from prying eyes...

    1. Big Magnets... For only 19.95, we'll ship you a super powerful magnet capable of realigning the entire hard disk. This device takes some time, and is best used over a couple days. Please note that while large, and heavy, this is NOT a SPEAKER MAGNET!!!! We purchase ours before they ever reach the speaker manufacturer.

    2. Thermite Charges... Yes folks, you now have the ability to not only corrupt every single peice of data on your hard-drive, with our magnesium hotmelt system, we can even guarantee you fragging the computer it is in!!! These hard drive modifications are somewhat difficult to accomplish, so please send your hard drive, along with 200.00 (non-refundable) to our own technical explosives specialist, three fingers McCoy.

    3. Gravity/Kinetic Data sentry: 79.00... Our Data sentry gives it's best when and where it counts... Simply mount this item near your computer for a "just in case" emergency, and when the feds come pounding on your door, just begin actuating, and deactuating the Data Sentry to pulverize the hard disk. This Data Sentry, superior to others available, not only comes with a completely waterproof fiberglass handle, it also comes with an instruction manual. The solid core mettallic head has a patent on it for it's balled shape, which distributes tremendous kinetic energy into a very small location, (more PSI per use than comparable DATA SENTRIES!!!) Can also be used to hang pictures, pound nails, straightening metal, etc.

    4. And finally, we would like to give you one of the finest data security measures we have to offer. The cost is 5.00 for the item, and 25.00 shipping and handling. This item utilizes new space age non-kilned ceramo-limestone material to create a heavy, yet durable and portable security measure. When the need is there, simply lift our destructo bloc about 4 feet in the air, and let it fall on your hard disk. This item guarantees hard disk breakage on the first impact, or your money back. (Shipping and handling costs not included). Item can also be thrown at incoming agents to buy time with the "DATA SENTRY". Caution: Do not drop on foot, on Glass, or on Pets. This product is in no way related to an ordinary concrete block, although you can disguise it as one if you think you are being watched!!!

    krystal_blade

    --
    It will be easy to motivate our fellow man; there is hardly anything people treasure more than not being annihilated.
  5. Peter Gutmann's deletion algo is in GNU fileutils by tau_ · · Score: 5

    Colin Plumb's shred(1) is part of GNU fileutils 4.0, standard install on Red Hat 6.2. From the info page:

    "This uses many overwrite passes, with the data patterns chosen to maximize the damage they do to the old data. While this will work on floppies, the patterns are designed for best effect on hard drives. For more details, see the source code and Peter Gutmann's paper `Secure Deletion of Data from Magnetic and Solid-State Memory', from the
    proceedings of the Sixth USENIX Security Symposium (San Jose, California, 22-25 July, 1996)."

    --
    Ask a silly person, get a silly answer.
  6. Mission Impossible Hardware by crlf · · Score: 3
    I assume that to read magnetic media, one must remove the case from the drive. I don't know if the following are feasable or safe, but wouldn't it be nice if opening a harddrive and by breaking the vacuum seal, one of two (or maybe both) things may happen:

    1) -Triggering of a super strong electro-magnet, followed by,

    2) -An instantaneous release of acid that would eat away at the surface of the disk.

    These ideas may seem stupid to most, but you must realize that by opening a harddrive, you are ruining it anyway. I got this idea from the Guinness Tall Boy cans which have a Nitrogen Booster that gets released as soon as you open the can. The drives would have to be manufactured in such a way that these mechanisms could not be interjected before opening the case. This kind of hardware would not be targeted to the average consumer, but to those who may feel a little paranoid about the MAN getting a hold of their data.

  7. More info at NIST by ph117 · · Score: 3

    http://www.nist.gov/public_ affairs/releases/g00-108.htm

    I don't think this press release is referenced at the Science News article.

  8. Think About It This Way... by Sir_Winston · · Score: 3

    > I'm not a data recovery expert, but wouldn't a random sequence of bits written between
    > each step of writing the specified sequential pattern of bits make it harder to
    > establish physical patterns during data recovery?

    The point of using specified patterns when wiping is so that those patterns will have the combined effect of completely obliterating the magnetic signature of any stored data. That's why certain patterns are mathematically thought to have a much more useful effect in the secure deletion of files than just using random data.

    Think about it this way; the following parallel isn't accurate as to the exact process, but should illustrate the same methodology: You have a few lines of text written on a sheet of paper, and you wish to render them unreadable even to very close examination. (Obviously you'd burn the paper, but for the sake of example assume we have to keep the paper.) Now, what would be most effective in destroying your writing, randomly scribbling over each character, or carefully writing successive patterns of other letters over the existing ones in order to methodically obliterate them? A simplistic analogy, but that's the easiest way to grok it. I doubt 100 passes of random data could be as effective as 35-pass Guttmann wiping.

    --


    "The more corrupt the state, the more numerous the laws."--Tacitus, *The Annals*
  9. Program based on this paper by The+Apocalyptic+Lawn · · Score: 3
    A program that is based on this paper is WIPE. Free software so it's good for you.

    - da Lawn

    --
    't used to be LawnMOWER, really...
  10. Yet another reason why encryption is important by ZanshinWedge · · Score: 3

    If you can't count on your data being dead even after you performed a multi-pass wipe of the hard drive and then burned it, then where do you seek protection?

    Obviously, encryption.

    Big brother is watching, if you want to keep anything secret you better use something that will at least be hard for "them" to penetrate. Encryption is the only known last defense.

    Hmmm, let's see if I can get Echelon to take notice of this post. Nuclear weapons grade plutonium uranium kryptonite terrorism attack make the infidels pay bomb blood killing death www.terrorists.org DEATH TO THE UNBELIEVERS! allah'u akbar muhammad purple monkey dishwasher.

  11. Well, back in the '70s... by bluGill · · Score: 3

    My dad was working for Controll Data Corporation back in the '70s, which was then a big comptuer company. (Cray designed their systems before starting his own company).

    They had drum drives. Like a normal harddrive, but instead of a platter it was a drum (like a big tin can). The department of defense bought on of these units, which turned out to be defective. After a few days of operation it broke, and deformed the drum. There was now no machine that could read it. They DOD sent it back to the factory for replacement - with two armed gaurds. Those gaurds were with the machine at all times until technitions opened the case. Then they took rags, rubed the magnetic coating off the drum, and burned the rags.

  12. Truth is Stranger then Slashdot by DragonHawk · · Score: 3

    ... Thermite Charges ...

    The military actually uses these things. One of the neater James Bond devices I've seen is what appears (at first glance) to be two thick hanging file folders. One at the front of the drawer, one at the back. Then you notice the wires attached to them. They're shaped explosive charges, designed to completely destroy the contents of a file cabinate or safe quicky. For use in the event of "imminent compromise" of security by enemy forces.

    --

    dragonhawk@iname.microsoft.com
    I do not like Microsoft. Remove them from my email address.