This subject keeps reappearing - See:
http://www.securityfocus.com/archive/1/405950/30/0/threaded
Or Dan Kaminsky writing in 2001:
http://www.doxpara.com/?q=node&from=60
Peter Gutmann has written a partial revision of his paper, based on a
"technology has progressed" position as an Epilogue to the original,
although it is undated.
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
"Epilogue
In the time since this paper was published, some people have treated the
35-pass overwrite technique described in it more as a kind of voodoo
incantation to banish evil spirits than the result of a technical
analysis of drive encoding techniques. As a result, they advocate
applying the voodoo to PRML and EPRML drives even though it will have no
more effect than a simple scrubbing with random data. In fact performing
the full 35-pass overwrite is pointless for any drive since it targets a
blend of scenarios involving all types of (normally-used) encoding
technology, which covers everything back to 30+-year-old MFM methods (if
you don't understand that statement, re-read the paper). If you're using
a drive which uses encoding technology X, you only need to perform the
passes specific to X, and you never need to perform all 35 passes. For
any modern PRML/EPRML drive, a few passes of random scrubbing is the
best you can do. As the paper says, "A good scrubbing with random data
will do about as well as can be expected". This was true in 1996, and is
still true now.
Looking at this from the other point of view, with the ever-increasing
data density on disk platters and a corresponding reduction in feature
size and use of exotic techniques to record data on the medium, it's
unlikely that anything can be recovered from any recent drive except
perhaps one or two levels via basic error-cancelling techniques. In
particular the the drives in use at the time that this paper was
originally written have mostly fallen out of use, so the methods that
applied specifically to the older, lower-density technology don't apply
any more. Conversely, with modern high-density drives, even if you've
got 10KB of sensitive data on a drive and can't erase it with 100%
certainty, the chances of an adversary being able to find the erased
traces of that 10KB in 80GB of other erased traces are close to zero."
With vertical/perpendicular data storage now available and drives of
750GB, the potential for recovery probably got even closer to zero.
The answer to your question, Steve, is a risk assessment, based on the
value of the data on the disk to you and what you intend to do with the
drive. Whether you format it and reinstall Windows, over-write it once,
do a traditional Gutmann over-write or smelt the drive depends entirely
upon the margin of security/paranoia you want.
However, if the mechanism you have for overwriting is the mechanism on
the hard drive, and it writes all zero's and it reads all zero's, then
short of disassembling the drive it's all zero's.
Mark
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Steve Hickey
Sent: 01 November 2006 14:42
To: forensics@securityfocus.com
Subject: RE: Data Recovery
Sooo... if Magnetic Force Microscopy is not a realistic method for data
recovery, is a single pass of wiping a drive with zero's enough of a
sanitizing process or are there other considerations?
STEVE
[CUT]
