<<< Date Index >>>     <<< Thread Index >>>

Re: Peter Gutmann data deletion theaory?



On Wednesday 20 July 2005 18:48, Jared Johnson wrote:
> Data overwritten once or twice
<snip>

The quote is from 1996. I spoke with Guttman about this at AusCERT a few years 
ago and even *he* doesn't believe it anymore. Drive technology has changed 
substantially since then.

The main areas where criminals get caught with bad stuff on their drives by 
forensics people is from 1) not knowing where the data is being written to 
(browser cache, swap file, etc) 2) not doing any overwrite of the data as a 
part of deletion, and 3) not taking into consideration such items as file 
slack.

Drives that do caching and file systems that do journaling also may be a 
factor. That being said, 3 wipes are "good enough for government work". DoD 
5220.22-M chapter 8 subsection 306 in the Cleaing and Sanitization Matrix 
shows under the Magentic Disk section that to properly sanitize a 
non-removable rigid drive, that the choices of degaussing, destruction of the 
drive, or a 3 pass wipe are acceptible methods for disk sanitation. Note that 
the 3 pass wipe method is NOT acceptable for drives that contained Top Secret 
information - so unless the drive contained Top Secret material, you're 
covered.

It should be noted that this issue has been done to death on bugtraq several 
times.

-- 
# Simple Nomad, C²ISSP  --  thegnome@xxxxxxxx        #
# C1B1 E749 25DF 867C 36D4  1E14 247A A4BD 6838 F11D #
# http://www.nmrc.org/~thegnome/                     #

Attachment: pgpTUQEfNUp4L.pgp
Description: PGP signature