Re: Deleting data from a HP 3000 disk drives
- From: Pete Eggers <peter.m.eggers@xxxxxxxxx>
- Date: Thu, 17 May 2007 03:13:17 +0000
On 5/17/07, Stan Sieler <sieler@xxxxxxxxxxx> wrote:
Re:
> Option "c" is only for clearing, not sanitizing.
Not true, according to NIST Special Publication 800-88 "Guidelines
For Media Sanitization":
Clearing information is a level of media sanitization
I think that only confuses the issue. If you are worrying about DoD
standards and have reason to, you had better know the difference.
Now, some people (including the above document) distinguish between
"clearing" and "purging":
Purging information is a media sanitization process that protects the
confidentiality of information against a laboratory attack. For some
media, clearing media would not suffice for purging. However, for ATA disk
drives manufactured after 2001 (over 15 GB) the terms clearing and purging
have converged.
Unless your ATA disk has a firmware secure wipe function, this makes
no sense at all. If anything, people are less aware that chunks of
sensitive data maybe lurking on a well used drive that are out of
sight of everything but the drives firmware, or some low budget spy.
And for the high budget spy, what difference is there in the magnetic
media that eliminates magnetic ghosting in the data?
But, such distinction does not mean that "clearing" isn't a method of
sanitizaing.
> Option "d" does sanitize, but not for the higher levels of security.
"d" is still a method of sanitizing ... it just isn't an acceptable level
for some needs.
Hmmm, isn't that what I just said?
> Even your "ridiculously toughest" does not erase/clear/sanitize any
> sparred tracks/sectors, or does it?
nope...no access to that from MPE or HP-UX :(
Well actually, if you know what you are doing, you can issue firmware
commands to the drives themselves. Drives tend to support different
function sets even from the same manufacturer, let alone different
manufacturers. And then there is the problem of getting documentation
on drive firmware, errors in the documentation, and being able to get
the function calls right without trashing too many drives. This of
course is compounded my the variety of firmware that exists between
manufacturers and drive models themselves. Time consuming and costly
in drives alone, unless you have ways of low level formatting drives
that you killed! ;-)
Anyone that has $5,000 to $10,000 dollars can get an independent lab
to do an easy data extraction off an "accidentally" erased disk. If
the lab notices that there is obvious government or medical
information on the disk, they will want credentials authorizing your
access to it, otherwise there is going to be someone from homeland
security, the FBI, or local law enforcement calling on you. For
around $50,000 to $100,000, you can get some black market, off shore,
or maybe a foreign government's lab to do at least as good a job, and
probably better with pricier equipment. For a $1,000,000 or so, you
can get your disk interrogated by near state-of-the-art equipment. It
really boils down to what your data is worth to people you don't want
to have it, and to a large extent, who those people are. Foreign
governments with excess lab capacity, the bar is much lower for
probing your drive(s). Industrial espionage, I believe is mostly
foreign or at least off-shore. Of course, transporting numbers of
used disk drives out of the country is not likely to go unnoticed.
But, all you need here is an ultra sensitive disk platter reader in a
clean enclosure where the disk drive can be disassembled and the
platters read at very high analog sensitivity with an A/D converter
producing a 32bit (or greater) integers for each 0/1 bit location.
This file could then be sent anywhere in the world for analysis to
peel off previous data "ghosts". I don't have any firsthand
experience with this equipment, and the top-of-the-line are
undoubtably built for NSA as top secret equipment, but you know it has
to be small and lightweight and probably uses something like a
firewire link to hook up to a workstation. From there to a
super-computer with a customized numerical analysis program, and
voila!
Of course at some point, the S/N ratio of the magnetic media creates a
threshold where additional sensitivity of the reader is useless, but
up to that point, you'd be amazed at how many generations of writes
can be teased out of the data. The better the quality of the drive,
the more (deeper) generations of data can be teased out, generally
speaking. This will only continue to get better. Well, until mass
storage is actually kept in a truly binary form and not analog as it
is with magnetic media.
Peter M. Eggers, CISSP
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
.
- Follow-Ups:
- Re: Deleting data from a HP 3000 disk drives
- From: Stan Sieler
- Re: Deleting data from a HP 3000 disk drives
- References:
- Re: Deleting data from a HP 3000 disk drives
- From: Stan Sieler
- Re: Deleting data from a HP 3000 disk drives
- From: Pete Eggers
- Re: Deleting data from a HP 3000 disk drives
- From: Stan Sieler
- Re: Deleting data from a HP 3000 disk drives
- Prev by Date: Re: LOGOFF.DATA.VESOFT's where is the log file.
- Next by Date: Re: sendmail
- Previous by thread: Re: Deleting data from a HP 3000 disk drives
- Next by thread: Re: Deleting data from a HP 3000 disk drives
- Index(es):
Relevant Pages
|
