Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Securely wiping a "dead" usb pen drive

from [PPowenski] Network Security [Permanent Link]
Subject: RE: Securely wiping a "dead" usb pen drive
Date: Thu, 30 Sep 2004 15:36:34 +0100 
you can either do two things
1. call the manufacturer and ask how they handle repairs and ask for
written policy on what they claim.
2. destroy the unit

Is all the time debating etc... worth the cost of the unit....



-----Original Message-----
From: Tom Stowell [mailto:jts@deforest.k12.wi.us] 
Sent: 30 September 2004 14:39
To: jpippin@nc.rr.com; forensics@securityfocus.com
Subject: Re: Securely wiping a "dead" usb pen drive


Maybe you could get them to sign an NDA...  :-)

Microwave should destroy everything, but the manufacturer 
will notice when all the chips have their traces blown out.

If the flash is what's busted (and obviously the firmware and 
microcontroller work, otherwise you wouldn't have a usb 
storage-class device :-), your data could easily have been 
mapped out by the firmware as being in a bad sector, and 
therefore untouchable by you. Google found no way to bypass 
that. But my google-fu is weak today...

Good luck,

Tom






Tom Stowell
Network Administrator
DeForest Area School District
520 E. Holum St.
DeForest, WI 53532
Fax: (608)-842-6545
Voice: (608)-842-6500
Email: <jts@deforest.k12.wi.us>


console, n. [From latin consolatio(n) "comfort, spiritual 
solace."] A device for displaying or printing condolances or 
obituaries for the operator.
            -- Stan Kelly-Bootle, The Computer Contradictionary.



"jpippin" <jpippin@nc.rr.com> 09/28/04 08:20PM >>>

Anyone have any idea how to wipe a solid state, lipstick 
sized usb drive before returning it to the manufacturer for a 
replacement? The drive stopped responding while performing a 
complete file encryption of the data using the manufacturer's 
software. I have no reason to believe that everything was 
actually encrpyted before we hit a nonresponsive state. The 
drive still shows up when plugged into any usb port, but 
browsing gives an error and a notice that the drive must be 
formatted to continue - which doesn't work, either.

This usb drive holds company data and two credit card 
numbers, and although we can no longer access the 
information, it is still seen by the OSes, which forces me to 
infer a potential security risk if the manufacturer can still 
read the data. It's not worth the $100 loss for a new one if 
I can't be reasonable sure it's unreadable. That said, is 
there a decent option to wipe such an inaccessable device? 
Magnets won't work on eeprom chips that I'm aware, and 
microwave seems kinda questionable, so I'm open for 
suggestions. Thanks.

Joel





-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer 
service. For more information on this free incident handling, 
management and tracking system please see: 
http://aris.securityfocus.com 



-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer 
service. For more information on this free incident handling, 
management 
and tracking system please see: http://aris.securityfocus.com



NOTICE: This e-mail is intended for the named recipient(s). It may contain 
privileged and/or confidential information. If you are not one of the intended 
recipients, please notify the sender immediately and destroy this e-mail and 
attachment(s): you must not copy, distribute, retain or take any action in 
reliance upon the email or attachment(s). While all reasonable efforts are made 
to safeguard inbound and outbound e-mails, OAG Worldwide Ltd and its affiliate 
companies cannot guarantee that attachments are virus-free or are compatible 
with your systems, and does not accept liability in respect of viruses or 
computer problems experienced. Thank you.


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Hard disk file system identification, kris carlier
Next by Date:  Re: Hard disk file system identification, compuwar
Previous by Thread:  RE: Securely wiping a "dead" usb pen drive, Tennyson, John
Next by Thread:  Hard disk file system identification, Nick Puetz
Indexes:  [Date] [Thread] [Top] [All Lists]