Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RES: Flash Memory Wiping

from [Cleverson de Freitas Ferla] Network Security [Permanent Link]
Subject: RES: Flash Memory Wiping
Date: Mon, 29 Jan 2007 16:15:28 -0300 


-----Mensagem original-----
De: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] Em
nome de William M. Ryan
Enviada em: sexta-feira, 26 de janeiro de 2007 12:19
Para: security-basics@securityfocus.com
Assunto: Re: Flash Memory Wiping



Since I started this thread I have tried several of the wiping solutions
that were recommended, but kept coming up on one problem.  The user
accessible flash on the PDAs  (iPaq File Store) is not mountable as a drive
letter by any technique I know or could find.   I could not find a tool
that would let me mount it either.  None of the Wiping programs could find
it so they could not wipe it.  I finally spend a day determining the size
of the iPaq File Store (to the byte) and writing scripts to create three
files (File 1 all low order blanks (chr(0)),  File 2 (all high order blanks
(Chr(255)) and file 3 random characters (chr(int(rnd()*255)))) Each file
was written to the file store in order.  The last file was left in place.
My department feels this suffices for wiping the PDA.   Anyone have any
other ideas for when this happens in the future?


                                                                           
             "Lou Losee"                                                   
             <llosee@gmail.com                                             
             >                                                          To 
             Sent by:                  security-basics@securityfocus.com   
             listbounce@securi                                          cc 
             tyfocus.com                                                   
                                                                   Subject 
                                       Re: Flash Memory Wiping             
             01/24/2007 01:16                                              
             PM                                                            
                                                                           
                                                                           
                                                                           
                                                                           




For some good discussions on the implications of writing to flash and
how the wear-leveling algorithms incorporated by them get in the way
of erasure and overwriting, I would recommend the following links:

http://forums.truecrypt.org/viewtopic.php?t=1702
http://bbs.heidi.ie/viewtopic.php?t=1568&sid=60ea6000a914dced82196c64783feac
c


Lou Losee
atsec information security corp.

On 1/23/07, Dragos Ruiu <dr@eusecwest.com> wrote:

On Monday 22 January 2007 12:55, C Anctil wrote:

I would encrypt the the files before deleting them. If they ever get
recovered, they would at least be encrypted. I would use something
like truecrypt.


This also would not work so well on flash, as you would likely wind up
with encrypted and unecrypted versions sitting on the flash

simultaneously.

Overwriting works oddly with flash...

cheers,
--dr

--
World Security Pros. Cutting Edge Training, Tools, and Techniques
London, U.K.    Mar 1-2 - 2007    http://eusecwest.com
pgpkey http://dragos.com/ kyxpgp




--
Artificial Intelligence is no match for Natural Stupidity

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: DNS poisoning or ?? (Found by Paul daSilva), Bill Stout
Next by Date:  Re: Erasing private files from Windows XP., Yousef Syed
Previous by Thread:  Re: Flash Memory Wiping, William M. Ryan
Next by Thread:  Re: Flash Memory Wiping, Snoopy Brown
Indexes:  [Date] [Thread] [Top] [All Lists]