Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Wiping of Flash based Media.

from [MaddHatter] Network Security [Permanent Link]
Subject: Re: Wiping of Flash based Media.
Date: Wed, 23 Apr 2008 19:20:53 -0700 
"Worrell, Brian" <BWorrell_isdh.IN.gov> said (on 2008/04/23):

The DoD hard drive wipe seems to be okay (not perfect I know.) for
removing sensitive data from a hard drive, but do you think it is
acceptable for an SSD or other Flash based storage?

If a DoD wipe is not good, what are your thoughts on something that is,
or would work?



Your approach will depend on your level of paranoia. As usual, the
truly schizophrenic will only be happy with complete destruction (and
not entirely without good reason). Modern high density Flash devices
use wear-leveling. This means at any time the device could decide that
block A (a random chunk of memory, probably several megabits large)
is about to go belly-up, so it will move the data in block A to block Z
(and remap A->Z). It won't erase block A, just sort of forget that it
ever existed. You have no idea what potentially sensitive data was in
block A before it got decommissioned. A sufficiently knowledgeable and
determined attacker will be able to recover much of the data from block A,
even after the device has otherwise ceased to function.

An attacker might also be able to determine the relative stress seen
by each cell. Erasing (usually, changing to a 11 state) is a stressful
operation in Flash and causes measurable degradation. Cells that are
frequently erased will appear different than cells that have been erased
infrequently. Whether that's sensitive information depends on application
and on details of the device operation (which you have to assume the
attacker would know).

If you're not quite that worried, overwriting once with zeroes, then
ones, then zeroes is likely good enough. You could do ones, zeroes, ones
-- what's relevant is that every single cell has been set to both its
maximum and minimum state. Recovering any old data from the user-accessible
(i.e. not decommissioned) blocks at that point is highly improbable.
The variation in the state of the cells after such an operation is driven
by process variation and intrinsic effects that swamp whatever historical
state could plausibly remain.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  NISPOM Resources, twofish
Next by Date:  RE: Setting up mail server(s) ?, hdm
Previous by Thread:  Wiping of Flash based Media., Worrell, Brian
Next by Thread:  Re: Wiping of Flash based Media., xgermx
Indexes:  [Date] [Thread] [Top] [All Lists]