Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Peter Gutmann data deletion theaory?

from [Earnhart, Benjamin J] Network Security [Permanent Link]
Subject: RE: Peter Gutmann data deletion theaory?
Date: Thu, 21 Jul 2005 17:45:21 -0500 
I agree with most of what you say, and the general idea is valid.  However, the 
specifics of 


then a full reformat is quite enough to cause them to move on 
to the next
machine - they're not going to have the motivation or 
equipment to delve
into a randomly selected disk.


is a dangerously naïve approach.  With point-and-click easy to use freeware 
tools under windows, I can do almost 100% retrieval of files after a full 
reformat, and even after reloading the OS and using it for a while, the simple 
point-and-click freeware tools can retieve an awful lot of stuff.  And if I 
have the skills to use more powerful, complex tools, I can do even better, 
without needing a lot of money, time, or even strong motivation.

Even for a home user, I'd recommend using a program that securely deletes stuff 
by actively over-writing with multiple passes of random data (sdelete and DBAN 
are a couple of my favorites).  A format is *not* enough. Your general idea 
(that it depends on the motivation and resources available to the attacker) is 
good, just that your level of paranoia should maybe be turned up a notch :)

I'm not positive which Gutmann piece the OP was referring to, but if it's the 
one I'm thinking of, it's a bit dated -- his methods were briefly really 
popular as a shortcut to secure deletion, but if they're the ones I think he's 
referring to, then they don't work with more modern file systems, so simple 
random passes are better, though more costly to implement.    



-----Original Message-----
From: Jeremy Epstein [mailto:jeremy.epstein@webmethods.com] 
Sent: Thursday, July 21, 2005 2:01 PM
To: Jared Johnson; focus-ms@securityfocus.com
Cc: bugtraq@securityfocus.com
Subject: RE: Peter Gutmann data deletion theaory?

Like anything in security, "it depends".  In particular, it 
depends on what
the assumed adversary motivations and capabilities are.  If 
the adversary is
a nation-state with electron microscopes and other expensive 
devices, and
the disk is believed to have held highly classified information, it's
clearly true that the only way to destroy the data is to burn 
the disk (and
in the right way).  If, on the other hand, the adversary is 
someone who's
randomly buying used computers in hopes of finding carelessly 
deleted files,
then a full reformat is quite enough to cause them to move on 
to the next
machine - they're not going to have the motivation or 
equipment to delve
into a randomly selected disk.

Where in between these two extremes it's necessary to burn 
the disk is an
exercise left to the reader ;-)  You really have to do a risk 
analysis... If
it's cheaper / easier / less dangerous for the adversary to 
dumpster dive to
get hardcopies or bribe someone or hack into the system, then 
destroying the
hardware is putting the effort in the wrong place.  For a lot 
of classified
systems, the assumption is that obtaining used disks is a low 
cost attack,
so it's cost effective to use destruction.

--Jeremy


-----Original Message-----
From: Jared Johnson [mailto:jaredsjazz@Yahoo.com] 
Sent: Wednesday, July 20, 2005 7:49 PM
To: focus-ms@securityfocus.com
Cc: bugtraq@securityfocus.com
Subject: Peter Gutmann data deletion theaory?

All,

Do you all agree with Peter Gutman's conclusion on his theory 
that data can never really be erased, as noted in his quote below:

"Data overwritten once or twice may be recovered by 
subtracting what is expected to be read from a storage 
location from what is actually read. Data which is 
overwritten an arbitrarily large number of times can still be 
recovered provided that the new data isn't written to the 
same location as the original data (for magnetic media), or 
that the recovery attempt is carried out fairly soon after 
the new data was written (for RAM). For this reason it is 
effectively impossible to sanitise storage locations by 
simple overwriting them, no matter how many overwrite passes 
are made or what data patterns are written. However by using 
the relatively simple methods presented in this paper the 
task of an attacker can be made significantly more difficult, 
if not prohibitively expensive."

It seems that the perhaps the only real way to rid your Hard 
Drives of data is to burn them. 

I'd love to hear some thoughts on this from security and data 
experts out there.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Peter Gutmann data deletion theaory?, Dana Hudes
Next by Date:  RE: Peter Gutmann data deletion theaory?, Jared Johnson
Previous by Thread:  RE: Peter Gutmann data deletion theaory?, Glenn.Everhart
Next by Thread:  Re: Peter Gutmann data deletion theaory?, Casper . Dik
Indexes:  [Date] [Thread] [Top] [All Lists]