"Do you all agree with Peter Gutman's conclusion on his theory that data
can never really be erased, as noted in his quote below:"
Absolutely...
If you have ever done any form of data recovery, you will see how much
information is recoverable, with just basic tools off of the internet.
If you haven't, just google "data recovery", find almost any program
with a free demo and take a hard drive, catalog it, format it (after
backing up what you need of course) then recover it. Watch how much
information you retrieve. Should be all of it, and then some.
I recall the first time I ever did a recovery from a hard drive that had
something off happen to it. I pulled up information on that drive from
back when it was first used. YEARS before...
That is just with a basic program off of the internet.
With wiping/sanitizing of your hard drives, you have elimiated having to
worry about any mediocre programs doing any data recovery, but "good"
programs or hardware recovery is still an option. The software recovery
will eventually fail if you are careful enough...
Now imagine what a hardware based recovery could pull off?
I would recommend using the sanitizing products as they will help keep
the people that don't have the time or money from locating anything on
your box, but for those out there that have the money or have the time,
they will be able to get just about anything off of your disk.
To keep your drives completely secure, you have two choices: either
don't use them, ever... OR physically destroy them when you are
finished.
Rob.
-----Original Message-----
From: Jared Johnson [mailto:jaredsjazz@Yahoo.com]
Sent: Wednesday, July 20, 2005 4:49 PM
To: focus-ms@securityfocus.com
Cc: bugtraq@securityfocus.com
Subject: Peter Gutmann data deletion theaory?
All,
Do you all agree with Peter Gutman's conclusion on his theory that data
can never really be erased, as noted in his quote below:
"Data overwritten once or twice may be recovered by subtracting what is
expected to be read from a storage location from what is actually read.
Data which is overwritten an arbitrarily large number of times can still
be recovered provided that the new data isn't written to the same
location as the original data (for magnetic media), or that the recovery
attempt is carried out fairly soon after the new data was written (for
RAM). For this reason it is effectively impossible to sanitise storage
locations by simple overwriting them, no matter how many overwrite
passes are made or what data patterns are written. However by using the
relatively simple methods presented in this paper the task of an
attacker can be made significantly more difficult, if not prohibitively
expensive."
It seems that the perhaps the only real way to rid your Hard Drives of
data is to burn them.
I'd love to hear some thoughts on this from security and data experts
out there.
