Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Wiping of Flash based Media.

from [xgermx] Network Security [Permanent Link]
Subject: Re: Wiping of Flash based Media.
Date: Thu, 24 Apr 2008 10:21:11 -0500 
Additionally, after wiping the drive, you could use TrueCrypt to
encrypt it. (adding another layer of security)

On Wed, Apr 23, 2008 at 9:20 PM, MaddHatter
<maddhatt+securitybasics@cat.pdx.edu> wrote:

"Worrell, Brian" <BWorrell_isdh.IN.gov> said (on 2008/04/23):


The DoD hard drive wipe seems to be okay (not perfect I know.) for

 >removing sensitive data from a hard drive, but do you think it is
 >acceptable for an SSD or other Flash based storage?
 >
 >If a DoD wipe is not good, what are your thoughts on something that is,
 >or would work?


 Your approach will depend on your level of paranoia. As usual, the
 truly schizophrenic will only be happy with complete destruction (and
 not entirely without good reason). Modern high density Flash devices
 use wear-leveling. This means at any time the device could decide that
 block A (a random chunk of memory, probably several megabits large)
 is about to go belly-up, so it will move the data in block A to block Z
 (and remap A->Z). It won't erase block A, just sort of forget that it
 ever existed. You have no idea what potentially sensitive data was in
 block A before it got decommissioned. A sufficiently knowledgeable and
 determined attacker will be able to recover much of the data from block A,
 even after the device has otherwise ceased to function.

 An attacker might also be able to determine the relative stress seen
 by each cell. Erasing (usually, changing to a 11 state) is a stressful
 operation in Flash and causes measurable degradation. Cells that are
 frequently erased will appear different than cells that have been erased
 infrequently. Whether that's sensitive information depends on application
 and on details of the device operation (which you have to assume the
 attacker would know).

 If you're not quite that worried, overwriting once with zeroes, then
 ones, then zeroes is likely good enough. You could do ones, zeroes, ones
 -- what's relevant is that every single cell has been set to both its
 maximum and minimum state. Recovering any old data from the user-accessible
 (i.e. not decommissioned) blocks at that point is highly improbable.
 The variation in the state of the cells after such an operation is driven
 by process variation and intrinsic effects that swamp whatever historical
 state could plausibly remain.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: browser identiciation, Ansgar -59cobalt- Wiechers
Next by Date:  RE: Setting up mail server(s) ?, Rhett Grant
Previous by Thread:  Re: Wiping of Flash based Media., MaddHatter
Next by Thread:  AD Child Domains, Raoul Armfield
Indexes:  [Date] [Thread] [Top] [All Lists]