Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Tech In Data Retrieval

Posted by timothy on from the I-didn't-do-it-and-nobody-saw-me dept.

Johnath writes: "Story over at Science News about magnetoresistive microscopy, which allows very high-res inspection of magnetic media. The article is touting it primarily as a forensic tool, and gets me thinking -- how many passes of write-over-with-random-data are now required to securely delete a file?"

4 of 124 comments (clear)

  1. Secure deletion paper by Paul+Johnson · · Score: 5
    The best paper I've seen is here. Its a bit old (1996), but has lots of useful info.

    Briefly, the main problems are the "ghost" of the old data, track misalignment leaving part of the old data on the side of a track, and bad sectors which are marked off by the drive electronics. There are also issues with drives that promise to write the data to the store immeditately, but in fact just cache it.

    The only thing you can do is overwrite with random data several times in the hope that this will be enough.

    Paul.

    --
    You are lost in a twisty maze of little standards, all different.
  2. Actually, do *NOT* use random passes... by Sir_Winston · · Score: 5

    *Link to GPL'd Source Code Below*!

    The DOD standard you and others mention specifies a specific set of patterns to be used for each pass, in order to maximize the chances of making the data unrecoverable. It's specified in DOD 5220.22-M and generally referred to as "DOD standard 7-pass extended character rotation wiping," which is quite a mouthful.

    Sami Tolvanen has done some excellent research into the area, however, and at

    http://www.tolvanen.com/eraser/

    he goes into specifics, including scientific papers and providing links to the actual text of the DOD standard. He also provides a Windows binary for download and *GPL'd SOURCE CODE*, for a program he wrote called Eraser which is probably the best file shredding util out there. He concludes, based in part on a scientific paper at

    http://www.cs.auckland.ac.nz/~pgut001/secure_del .html

    that the DOD standard is outdated, and that the best answer is to use 35-pass "Gutmann shredding" using passes of specific characters as suggested by Dr. Gutmann in his paper linked above.

    Maybe some people should start porting Eraser to Linux, nudge-nudge wink-wink hint-hint.

    --


    "The more corrupt the state, the more numerous the laws."--Tacitus, *The Annals*
  3. Securing Data by krystal_blade · · Score: 5
    Security Fanatic alert!!! There are several new products which have just come on the market that will assist you in ensuring that your data is safe from prying eyes...

    1. Big Magnets... For only 19.95, we'll ship you a super powerful magnet capable of realigning the entire hard disk. This device takes some time, and is best used over a couple days. Please note that while large, and heavy, this is NOT a SPEAKER MAGNET!!!! We purchase ours before they ever reach the speaker manufacturer.

    2. Thermite Charges... Yes folks, you now have the ability to not only corrupt every single peice of data on your hard-drive, with our magnesium hotmelt system, we can even guarantee you fragging the computer it is in!!! These hard drive modifications are somewhat difficult to accomplish, so please send your hard drive, along with 200.00 (non-refundable) to our own technical explosives specialist, three fingers McCoy.

    3. Gravity/Kinetic Data sentry: 79.00... Our Data sentry gives it's best when and where it counts... Simply mount this item near your computer for a "just in case" emergency, and when the feds come pounding on your door, just begin actuating, and deactuating the Data Sentry to pulverize the hard disk. This Data Sentry, superior to others available, not only comes with a completely waterproof fiberglass handle, it also comes with an instruction manual. The solid core mettallic head has a patent on it for it's balled shape, which distributes tremendous kinetic energy into a very small location, (more PSI per use than comparable DATA SENTRIES!!!) Can also be used to hang pictures, pound nails, straightening metal, etc.

    4. And finally, we would like to give you one of the finest data security measures we have to offer. The cost is 5.00 for the item, and 25.00 shipping and handling. This item utilizes new space age non-kilned ceramo-limestone material to create a heavy, yet durable and portable security measure. When the need is there, simply lift our destructo bloc about 4 feet in the air, and let it fall on your hard disk. This item guarantees hard disk breakage on the first impact, or your money back. (Shipping and handling costs not included). Item can also be thrown at incoming agents to buy time with the "DATA SENTRY". Caution: Do not drop on foot, on Glass, or on Pets. This product is in no way related to an ordinary concrete block, although you can disguise it as one if you think you are being watched!!!

    krystal_blade

    --
    It will be easy to motivate our fellow man; there is hardly anything people treasure more than not being annihilated.
  4. Peter Gutmann's deletion algo is in GNU fileutils by tau_ · · Score: 5

    Colin Plumb's shred(1) is part of GNU fileutils 4.0, standard install on Red Hat 6.2. From the info page:

    "This uses many overwrite passes, with the data patterns chosen to maximize the damage they do to the old data. While this will work on floppies, the patterns are designed for best effect on hard drives. For more details, see the source code and Peter Gutmann's paper `Secure Deletion of Data from Magnetic and Solid-State Memory', from the
    proceedings of the Sixth USENIX Security Symposium (San Jose, California, 22-25 July, 1996)."

    --
    Ask a silly person, get a silly answer.