Secure data removal question

Printable View

September 27th, 2002, 11:25 PM
proactive

Secure data removal question

I've been wondering about this for a while, why do you have to overwrite data so many times to be completely sure a malicious person cannot restore your data? I would have thought overwriting the data once would be enough, but I guess the harddrive and disk is constructed so recovering of overwritten data is possible.

Earlier I heard overwriting data 7 times would be enough, then you would be really, really sure noone would be able to restore. Today I read that according to new standards for top secret data, it should be overwritten 36(!) times. Now that's a lot writing just to delete a few bytes!

Well what I don't understand you might have guessed, how is it possible to recover overwritten data? And why is it with the construction of media (harddisk, floppy, other removable media) that makes it nessecary to overwrite data so many times?

Information would be greatly appreciated! :)
September 27th, 2002, 11:32 PM
slarty

Certainly, organisations with important data seem to think that deletion (no matter how many times) is not enough.

The NHS (UK National Health Service) has a rule which prevents any physical media (hard discs, floppies etc) that may contain patient data from being reused - indeed, obsolete hard discs etc, have to be destroyed (only if they contained medical data)

This means someone has a job physically smashing up hard discs etc :)

On the other hand, I've heard rumours that some government departments don't even allow destroyed media off the premises - hard discs have to not only be smashed up, but stored indefinitely like radioactive waste. I only hope that their data are secret enough to waste our good money keeping piles of old dead hard discs somewhere.
September 27th, 2002, 11:40 PM
imported_Tek Weasel

Re: Secure data removal question

Quote:

Originally posted here by proactive
Today I read that according to new standards for top secret data, it should be overwritten 36(!) times. Now that's a lot writing just to delete a few bytes!

Well what I don't understand you might have guessed, how is it possible to recover overwritten data? And why is it with the construction of media (harddisk, floppy, other removable media) that makes it nessecary to overwrite data so many times?

Information would be greatly appreciated! :)

For individuals that work in the classified field, you would be able to back the statement that anything classified as upper secret or higher must be destroyed, and as far as recovery goes. The more sensitive the information the more a company may pay to have the data examined. In the base of the process the data is saved as on/off correct, well all someone needs to do is trace the tracks as far back as possible to recover the information/data.
September 27th, 2002, 11:53 PM
proactive

Writing top secret data to the harddisk may not be such a great idea in the first place. It would be better only to store the data in an encrypted form with large keys, so that future technology can't decrypt the data. Then after thoroughly erasing the data it would be safe to throw away the disks. But the media with the large key on it (smart-card, token) would have to be erased and thrown away as well. Maybe in a different trash-can? :)

For the really paranoid, storing all the goods in a bank box may be the better choice. :)
September 28th, 2002, 04:08 PM
alittlebitnumb

I am sure there is really no such thing as 100% secure file deletion other than physically destroying the platters and dumping them in the ocean for the salt water to render it useless even more.

I have wondered what can be good for general purposes so undlete programs will not recover files, and have found The Easer and Norton Wipe to be pretty good choices. However, if somebody really wants to hang you, then you are probably outta luck unless you smash and throw away your media ;)

albn
September 29th, 2002, 01:15 AM
Scorp666

To answer your question. Magnetic patterns can still be uncovered with special techniques even if you delete a file or format your HD several times. Secure deletion makes those patterns very tough to find although not impossible with time and money... The only way to make sure data cannot be recovered is destroying the media.

Here is an excerpt I found that illustrates that:

"Each byte is first overwriten with 01010101. The second overwriting pass uses 10101010. This cycle is repeated three times. The final overwriting pass is performed with random bytes generated with an ANSI X9.17c keystream generator. Disk caches are flushed after each overwrite, and the final overwrite is read-back verified. This method meets or exceeds the Purging requirements of NAVSO P5239-26, AFSSI-5020 and AR380-19. It is approved in DOD 5220.22-M for any reclassifying of Classified hard drives in secure Automated Information Systems, even those certified and accredited for Special Access Programs, but is not approved for Purging disks at any level above Secret. Due to the residual magnetization necessarily left to hold the disk tracking servo data, the only way to truly destroy disk data is through degaussing and destruction of the disk. However, the residual magnetization recovery techniques used by intelligence services require expensive laboratory equipment and are only practical for very small amounts of targeted data, as opposed to scanning entire hard drives for possibly interesting files."

The DOD 5220.22-M security directive can be found here :
http://www.zemericks.com/support/lib...d/d522022m.pdf

I wasn't interested enough to read it all :) maybe u are...
November 2nd, 2002, 12:36 AM
rookrookrook

try using a wipe utlitiiy, then they have to throw a ton of money at it.
November 2nd, 2002, 12:36 AM
rookrookrook

try using a wipe utlitiiy, then they have to throw a ton of money at it.
November 2nd, 2002, 02:45 AM
Striek

Have you ever re-recorded over an old audio tape and still been able to hear the previous recording, just much quieter? It's basically the same idea but with digital storage instead. I still have one tape I kept for nostalgic reasons on which you can clearly hear Green Day's 'Basket Case' playing softly underneath Bryan Adam's 'I Do It For You'. The Watergate tapes were erased 5 times -- even then, the technology existed to recover data after erasure.

Interesting fact: Here in Canada, procedures require the military to first slice a harddrive in half before incinerating it at a Classified 'A' location (equivalent of the U.S.'s Top Secret) before displosal if it was ever in the same room with confidential information. :)
November 2nd, 2002, 02:45 AM
Striek

Have you ever re-recorded over an old audio tape and still been able to hear the previous recording, just much quieter? It's basically the same idea but with digital storage instead. I still have one tape I kept for nostalgic reasons on which you can clearly hear Green Day's 'Basket Case' playing softly underneath Bryan Adam's 'I Do It For You'. The Watergate tapes were erased 5 times -- even then, the technology existed to recover data after erasure.

Interesting fact: Here in Canada, procedures require the military to first slice a harddrive in half before incinerating it at a Classified 'A' location (equivalent of the U.S.'s Top Secret) before displosal if it was ever in the same room with confidential information. :)