Re: Program to wipe data from disk free space

[[EMAIL PROTECTED]]

On Sat, 16 Aug 2003 06:40:16 +0200, Ansgar Wiechers <[EMAIL PROTECTED]>  said:

> to be a different answers, I was wondering: has there ever been proof of
> recovering data (overwritten just once with zeroes or arbitrary values)
> via software? I mean real recovery not just restoring one bit and
> another.

A single wipe with zeros is probably enough to stop *most* software recovery
attempts.  However, this comes with two *HUGE* gotchas:

1) Quite often, "just one bit and another" is sufficient for the adversary's
needs - they might get lucky, or total recovery isn't needed (for instance,
recovering 2 or 3 identifiable blocks of a 200M file may be sufficient to prove
that the file *was* once on the system for an intellectual-property theft
case....)

2) A single pass of all-zeros is almost certainly *NOT* sufficient for
protecting against a hardware-based attack, due to residual magnetism issues.
And the hardware to do this is *NOT* that expensive (I've seen budgets for
do-it-yourself for around $5K).

Given that multiple-pass overwriting isn't THAT much more expensive, and raises
the problem into a "need the budget of a large TLA to mount a recovery", I
can't recommend single-pass wiping for anything worth wiping.

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com