PDA

View Full Version : Removing Residual data from Decommissioned Computers



CreightonBrown
19-05-2005, 01:55 PM
http://v7.creightonbrown.co.nz/docs/Removing%20Residual%20data%20from%20Decommissioned %20Computers.pdf

ATTENTION John McHaul or Person/s handling security of Data for Ministry of health and computers both on larger and smaller scales which are considered of due consideration.




Removing Residual data from Decommissioned Computers [12]

By Creighton Brown of Auckland, New Zealand Dated 2005.05.19
Creighton@creightonbrown.co.nz (Creighton@creightonbrown.co.nz)

Preface - Regarding assistance from refurbishment firms

One has to consider the biases concerned, ideally we would not live in a bias world but unfortunately we are implicated from our actions. As such I would state it seems psychologically likely than under normal circumstances individuals may not wish to partake in the facilitation of matters which may lead to a psychologically disadvantaging scenario, perhaps by other measures too such as economics or otherwise. Therefore I believe my contact to recommend to a refurbishment provider that standards should be established may be against their own financial wellbeing and as far as presently known are not require to meet any formalized standard and or formalized standard with accountability to achieve the appropriate ethicacy standard for the issue of data Remanence.

1. Recommendation/s – Exercise one of the following with reasonable judgment:

1.1 Contacting at least 2 independent experts, or more, who are deemed of an appropriate conduct, on this field that are deemed to have credible understanding of this issue and ask for a procedure list as to what should be the appropriate standard for the medium concerned and the sensitivity of the data it contains.

I am not an expert in this field, but I have heard this person mentioned as what, from brief reports, who may it seems be an appropriate person to contact:

Peter Gutmann
Department of Computer Science
University of Auckland
pgut001@cs.auckland.ac.nz (pgut001@cs.auckland.ac.nz)

1.2 Hire an computer expert high with documentation ability who may or may not have trained in Computer forensics to read the ‘Rainbow’ Series [ReferenceID8] of security books mentioned below to develop a standard applicable for new Zealand, with at least cross analysed twice by other appropriate experts with the correct standard of appropriate mediums and sensitivities.

1.3 Alternatively one may rely on information sources as below as a potential guide as a standard or information which may help develop and appropriate procedure or structure of whatever nature deemed appropriate for this issue and or issues surrounding it.

Considerations in development of policy or procedure guidelines:

1.4 To apply standards should be in such a fashion it is divisible into computable logic within seconds to find and seconds to few minutes to improve utilization of knowledge, where possible.
1.5 Exceptions to this may be in the introductory phases when familiarizing with the processes, implications or other aspects of what may be deemed an introductory or training period.

Recommended Mandatory Obligation:

1.6 To present information to other government or private structures as to this knowledge and the ethical matters around it for consideration. My primary suggestion would be to Implement the IT ministers or others who control IT Infrastructure and make the issues contained here within presented in a reasonable form of policy, or logic to the extent of achieving the appropriate measure to handle data Remanence in fashion which is conducive to the appropriate resolution determinable by you and or other parties who are elected for or facilitate the implementation or development of such policies.

1.7 Present training, such as the lower Data Remanence Internet introduction basics, to those who may be a partisan to reallocation of equipment as appropriate. Weighting may be placed on training or establishing more weight towards primarily implicating those who may have a greater consequential potential of gain or security enhancement or reduced security danger as those who should have more weight placed upon them as implicated. Reference ID11



2 Assessment

What is shown in references?

2.1.1 Data can become misplaced creating a potential security hazard of confidential information which may have varying degrees of concern to different parties from a individual/s or a group such as a governance system. Reference ID1

2.1.2 Reference ID4 indicates that software claiming to meet USA Department of defense standards may fail to do so. As such would advice to go with USA Department of Defense approved software.

2.2 Hard Disk Erasure

At some point it should be determined the level of security the unit housing the data contains then classified in an appropriate security level such as the following:

2.2.1 Low Security

References may indicate that that for hard disks it may be possible to use ReferenceID5 indicates that for clearing of data Degaussing with type 1 or type 2 degausers are recommended by the standard indicated, which complies to US Government recommendations and for sanitization that it is possible to use a data erasing tool, where the data on the medium is not deemed of ‘secret’ status. Reference 2, 3, 9&10 indicates a program approved by the US Department of Defense for erasure to what may a comparable and suitable standard of data erasure.

2.2.2 Medium Security

In cases of more critical information it may be appropriate to use the appropriate degausser to further enhance the appropriate security for implicit data.

2.2.3 High Security

Destruction of device.

2.3 In All Cases

2.3.1 Appropriate Staff

Appropriately approved levels of facilitators and validators and supervisors of the data Remanence removal should be appropriately considered for their nature being conducive to the correct application of the task and not malformed, as such those with fraud or other convictions creating the potential to enhance the miss-performance of task/s should be appropriately considered for assignment outside of tasks where this is a concern.

2.3.2 Appropriate Accountability

Ideally verification would be performed of a correct importance weighting for the value of the data such as for low security verifying blank hard disks, medium security verifying magnetic tracks have been erased and data reformatting and for high security written documentation as to its destruction. In the cases of lower security systems, it may be the appropriate cost measure to have a auditing system which indicates auditing has been completed while maintain a more basic documentation standard in light of the lower security risk data Remanence potential hazard.


Other mediums refer ReferenceID5, or other documentation as reasonable.

2.4 What is concluded?
2.4.1 The can be commonly ignored in government or private sectors [ReferenceID1]
2.4.2 That is a real threat, that data which could become misplaced may be a potential problem which needs addressing.
2.4.3 That standards do exist, be it in America or other countries and in cases such as that outlined in America by Department of Defense there may be multiple methods to utilize as appropriate for the security the data represents e.g. low, medium high security
2.4.4 That a policy or procedure alone is not enough, it needs a system to administer it appropriately such as staff, supervisors and managers and there should be accountability placed on such a system with the reasonable amount of measure to the degree of security risk involved.

2.5 What proposition was reached?
The reference collated and material provided may provide some insight into this Security issue and education provided and administered to ensure this security issue is balanced in a reasonable fashion. In an ideal it would be appropriate to contact experts in this field, compile practical and theoretical knowledge as to develop a more robust plan to deal with this issue and develop procedures further at what is deemed the reasonable time for such recourse.



References

Following is some basic references. Follow.


Reference ID1

http://www.cerberussystems.com/INFOSEC/stds/csl10-92.htm

DISPOSITION OF SENSITIVE AUTOMATED INFORMATION

CSL BULLETIN
Advising users on computer systems technology
October 1992

Sanitization: Why Be Concerned?

In the past, reports have surfaced that federal agencies have disposed of surplus information technology (IT) equipment without taking appropriate measures to erase the information stored on the system's media. This can lead to the disclosure of sensitive information, embarrassment to the agency, costly investigations, and other consequences which could have been avoided.

Sharing of media within the government or between government and contractors also presents security issues. For example, IT equipment is sometimes transferred between offices without first removing sensitive files. Diskettes may be used to transfer documents or data files (e.g., for time and attendance reporting) between offices with little concern for the other information which may reside on the diskette.

Employees throw away old diskettes believing that "erasing" the files on the diskette has made the data unretrievable. In reality, however, "erasing" a file simply removes the "pointer" to that file. The pointer tells the computer where the file is physically stored on the disk. Without this pointer, the files will not appear on a directory listing of the diskette's files. This does not mean that the file was removed from the diskette. (Commonly available utility programs can often retrieve information that is presumed "deleted.") Fortunately, with foresight and appropriate planning, these situations can be avoided.


Reference ID2

http://www.10ts.com/hd-erase.htm


Is there a software method which is quite safe?
There are many methods, or standards. In US standard, the write head passes over each sector of Hard Drive 3 times. The first time with zeros, the second time with another value and the third with random characters. In German standard (in Germany data security is extremely considered), the write head passes 7 times.

There are other methods, like the famous Gutmann: with this method, the write head passes 35 times. This has been considered for years the safest (100%) method, but with modern hard drives this is just a (very) good one.


Reference ID3

http://iam.ucsc.edu/Document_Disposition/Disposal_Choices.htm (http://iam.ucsc.edu/Document_Disposition/Disposal_Choices.htm)


Disposal Chart for Computer Hard Disk Media

Formatting

Zero Formatting

"DOD" 3-9 Pass Erasure

35-pass Gutmann

Physical Destruction

Formatting a drive before disposal may initially seem to delete all data - however, a format just rewrites the disk allocation table information, and does not overwrite all sectors of the drive, meaning that files are still present and can be easily recovered. This method can compromise information and is not recommended for disposal of sensitive or PID storage.

Zero Formatting simply writes a zero to every sector on the disk, overwriting all data. However, due to the way a hard disk works, the sectors containing data are still magnetized, and all files can still be recovered. This method should not be used for PID, or disks that will be reused/resold, but may be used for low-security applications on drives slated for later disposal/destruction.

Multipass secure-erase programs will write a number of passes of pseudorandom data over files, making them harder to recover - most programs use 3, 7, or 9 passes that they claim are government standards - they are, but for RAM chips, not hard drives. Even after these erase passes, someone using disk forensic techniques may be able to extract data from them. Because of this, disks erased using this technique may be vulnerable to recovery of some PID, and are therefore not recommended except as a last resort.

Peter Gutmann created an algorithm that overwrites data with 35 different patterns, designed to cause the most magnetic fluctuation over a disk sector, removing the residual magnetism that represents the data, making data erased with this method nearly impossible to recover. This method is recommended for erasure of hard drives that will be reused or resold, but it takes a long time when erasing large drives. Also note that the NSA and other agencies with forensic experts and scanning-tunneling electron microscopes may still be able to extract data, although the algorithm is proof against mainstream efforts.

The only method for hard drive disposal recommended by the Department of Defense is complete physical destruction - either melting down the hard drive to raw metal, or shredding of the drive into very small pieces. These methods completely destroy the hard drive media and all data contained on it. This is the recommended method for disposal of hard drives that will not be resold or reused.





Reference ID4

http://www.networkworld.com/newsletters/sec/2004/0126sec1.html?fsrc=rss-security



One of the best surveys of the issue of data remanence is a white paper written by DarkStone Data. The author(s) point out that many commercial products blithely reference “DoD standards” but, as they write, “Be very cautious of what software vendors claim their software does, particularly when it concerns security software. Whether you require more than three overwrite passes or not isn’t the point here. The fact is that these vendors have taken this standard out of context.” The author(s) continue with an explanation that the recommendation for three overwrites fails to mention that the Defense Department requires degaussing as well as overwrites to comply with its standards:








Reference ID5

http://www.dss.mil/search-dir/isec/chapter1.htm

1-100. Purpose.

This Manual is issued in accordance with the National Industrial Security Program (NISP). The Manual prescribes requirements, restrictions, and other safeguards that are necessary to prevent unauthorized disclosure of classified information and to control authorized disclosure of classified information released by U.S. Government Executive Branch Departments and Agencies to their contractors. The Manual also prescribes requirements, restrictions, and other safeguards that are necessary to protect special classes of classified information, including Restricted Data, Formerly Restricted Data, intelligence sources and methods information, Sensitive Compartmented Information, and Special Access Program information. These procedures are applicable to licensees, grantees, and certificate holders to the extent legally and practically possible within the constraints of applicable law and the Code of Federal Regulations.

http://www.dss.mil/search-dir/isec/chapter8.htm




Clearing and Sanitization Matrix



Media

Clear

Sanitize







Magnetic Tape1





Type I

a or b

A, b, or m

Type II

a or b

B or m

Type III

a or b

M







Magnetic Disk





Bernoullis

a, b, or c

M

Floppies

a, b, or c

M

Non-Removable Rigid Disk

c

A, b, d, or m

Removable Rigid Disk

a, b, or c

A, b, d, or m







Optical Disk





Read Many, Write Many

c

M

Read Only



M, n

Write Once, Read Many (Worm)



M, n







Memory





Dynamic Random Access memory (DRAM

c or g

C, g, or m

Electronically Alterable PROM (EAPROM)

i

j or m

Electronically Erasabel PROM (EEPROM)

i

H or m

Erasable Programmable (ROM (EPROM)

k

l, then c, or m

Flash EPROM (FEPROM)

i

C then i, or m

Programmable ROM (PROM)

c

M

Magnetic Bubble Memory

c

A, b, c, or m

Magnetic Core Memory

c

A, b, e, or m

Magnetic Plated Wire

c

C and f, or m

Magnetic Resistive Memory

c

M

Nonvolatile RAM (NOVRAM)

c or g

C, g, or m

Read Only Memory ROM



M

Static Random Access Memory (SRAM)

c or g

C and f, g, or m







Equipment





Cahtode Ray Tube (CRT)

g

Q







Printers





Impact

g

p then g

Laser

g

o then g





Clearing and Sanitization Matrix

a. Degauss with a Type I degausser

b. Degauss with a Type II degausser.

c. Overwrite all addressable locations with a single character.

d. Overwrite all addressable locations with a character, its complement, then a random character and verify. THIS METHOD IS NOT APPROVED FOR SANITIZING MEDIA THAT CONTAINS TOP SECRET INFORMATION.

e. Overwrite all addressable locations with a character, its complement, then a random character.

f. Each overwrite must reside in memory for a period longer than the classified data resided.

g. Remove all power to include battery power.

h. Overwrite all locations with a random pattern, all locations with binary zeros, all locations with binary ones.

i. Perform a full chip erase as per manufacturer's data sheets.

j. Perform i above, then c above, a total of three times.

k. Perform an ultraviolet erase according to manufacturer's recommendation.

l. Perform k above, but increase time by a factor of three.

m. Destroy - Disintegrate, incinerate, pulverize, shred, or melt.

n. Destruction required only if classified information is contained.

o. Run five pages of unclassified text (font test acceptable).

p. Ribbons must be destroyed. Platens must be cleaned.

q. Inspect and/or test screen surface for evidence of burned-in information. If present, the cathode ray tube must be destroyed.




Reference ID6



http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html (http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html)





9. Conclusion

Data overwritten once or twice may be recovered by subtracting what is expected to be read from a storage location from what is actually read. Data which is overwritten an arbitrarily large number of times can still be recovered provided that the new data isn't written to the same location as the original data (for magnetic media), or that the recovery attempt is carried out fairly soon after the new data was written (for RAM). For this reason it is effectively impossible to sanitise storage locations by simple overwriting them, no matter how many overwrite passes are made or what data patterns are written. However by using the relatively simple methods presented in this paper the task of an attacker can be made significantly more difficult, if not prohibitively expensive.



Epilogue

In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now.

Looking at this from the other point of view, with the ever-increasing data density on disk platters and a corresponding reduction in feature size and use of exotic techniques to record data on the medium, it's unlikely that anything can be recovered from any recent drive except perhaps one or two levels via basic error-cancelling techniques. In particular the the drives in use at the time that this paper was originally written have mostly fallen out of use, so the methods that applied specifically to the older, lower-density technology don't apply any more.








Reference ID7



http://crypto-systems.com/datarem.html (http://crypto-systems.com/datarem.html)



5.2.1 MAGNETIC TAPES

Although overwriting can be used for clearing this media, the method is time consuming and generally never used. Also, inter-record gaps may preclude proper clearing. A better method for clearing Type 1,11, and Ill tapes is degaussing with a Type l or Type II degausser. This procedure is considered acceptable for clearing, but not purging, all types of tapes.

Degaussing with an appropriate degausser is the only method the DoD accepts for purging this media. Specifically, a Type I degausser can purge only Type tapes, and Type II degaussers can purge Types l and Il tapes. No degausser presently exists that is capable of purging Type III tapes in accordance with NSA/CSS Specification L1 4-4-A.



5.2.2 MAGNETIC HARD DISKS

The DoD has approved both overwriting and degaussing as methods to clear or purge this media. See Section 4, "Risk Considerations," and DoD 5200.28-M for additional information. Degaussed disks will generally require restoration of factory installed timing tracks. Type I degaussers and approved hand-held magnets can purge this media up to a coercivity level of 1100 oersteds. If hand-held magnets are used, then the magnet must be placed in almost direct contact with the disk, separated by only a tissue to prevent scratching the disk. Sometimes it is possible to insert the magnet between the platters without disassembling them. As a practical matter, if the drive must be disassembled, it is usually easier to destroy the platters than to degauss and then reinstall them.

Recently completed research has indicated that degaussing is an effective method to purge rigid disk media. Large cavity degaussing equipment can be used to erase the data from sealed disk packs and Winchester style hard disk drives while the platters remain in the drive. Care must be exercised to ensure that the disk drive is not encasqd in a material that conducts a magnetic field. Research has shown that aluminum housings on Winchester disk drives attenuate the degaussing field by only about 2 db. Operational guidance is now being developed for the DoD.



Reference ID8

http://www.geocities.com/SiliconValley/2072/bit22.txt (http://www.geocities.com/SiliconValley/2072/bit22.txt) Rainbow Books:The so-called "Rainbow Books" are a collection of documents published by theNational Security Agency (NSA) and the U.S. Department of Defense (DoD) oncomputer security. Of these books, the most important is the DoD's OrangeBook, on standards for security systems in computers. (All the other booksbasically expound on this one.) The following are the colors and titles ofthese Rainbow Books: Aqua: Understanding Security ModelingBlue: Product Evaluation QuestionaireBright Blue: Trusted Product EvaluationBright Orange: Understanding Security TestingBrown: Understanding Trusted FacilitiesBurgundy: Understanding Design DocumentationDark Lavender: Understanding Trusted DistrobutionDark Red: Interpretations Of EnvironmentsGray: Selecting Access Control ListGreen: D.O.D. Password Management (DoD)Green: Understanding Data Remanence (NSA)Hot Peach: Writing Security FeaturesLavender: Data Base Management InterpretationLight Blue: Understanding Identification And Authentication In Trusted SystemsLight Pink: Understanding Covert Channels Neon Orange: Understanding Discretionary AccessOrange 1: D.O.D. Trusted Computer SystemsOrange 2: Understanding ConfigurationsPink: Rating Maintenence PhasePurple: Formal Verification SystemsPurple 1: Guide To System ProcurementPurple 2: Guide To System ProcurementPurple 3: Guide To System ProcurementPurple 4: Guide To System ProcurementRed: Interpretation Of EvaluationTan: Understanding Audit In Trusted SystemsTeal Green: Glossary Of Computer TermsTurquiose: Understanding Information Security Venice Blue: Computer Security Sub-SystemsViolet: Controlled Access Protection Yellow: Computer Security RequirementsYellow 2: Computer Security RequirementsYellow 3: Understanding Trusted RecoveryYellow-Green: Writing Trusted Facility Manuals

Reference ID9



http://cybertrain.labworks.org/cgi-bin/sanitization/pachelbel?ENTER_LESSON&unclassified_environment (http://cybertrain.labworks.org/cgi-bin/sanitization/pachelbel?ENTER_LESSON&unclassified_environment)

‘Sanitizer D has also been approved for use by the Department of Defense (DoD) and is compliant with DoD 5220.22-M (http://www.dtic.mil/whs/directives/corres/pub1.html), Standard for Overwrite Protection’




Reference ID10
‘DOD Recommended’ Software

http://www.infraworks.com/sanitizer.php (http://www.infraworks.com/sanitizer.php)




Reference ID11
‘Basic Internet Guide Recommended Training’
http://cybertrain.labworks.org/ (http://cybertrain.labworks.org/)




Reference ID12
http://www.infosec.uga.edu/glossary.php?question=nq (http://www.infosec.uga.edu/glossary.php?question=nq)

Remanence - Residual information remaining on data storage media after clearing.

ReferenceGroupID1

Other References:

http://en.wikipedia.org/wiki/Data_remanence (http://en.wikipedia.org/wiki/Data_remanence)

http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-025.2.html (http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-025.2.html)

http://www.secinf.net/rainbow_series/NCSCTG025_Green_book_.html (http://www.secinf.net/rainbow_series/NCSCTG025_Green_book_.html)

http://www.fas.org/irp/doddir/navy/5239_26.htm (http://www.fas.org/irp/doddir/navy/5239_26.htm)

http://www.killdisk.com/dod.htm (http://www.killdisk.com/dod.htm)

http://cryptome.org/afssi5020.htm (http://cryptome.org/afssi5020.htm)

NCSC Rainbow Series

http://www.palowireless.com/wireless/security_rainbow.asp (http://www.palowireless.com/wireless/security_rainbow.asp) [Not solely wireless]

http://www.cnss.gov/Assets/pdf/cnssi_4014.pdf (http://www.cnss.gov/Assets/pdf/cnssi_4014.pdf)



Primary Google Searches used:

http://www.google.co.nz/search?hl=en&q=erase+%22dod+standard%22+passes&meta (http://www.google.co.nz/search?hl=en&q=erase+%22dod+standard%22+passes&meta)=

http://www.google.co.nz/search?q=%22data+remanence%22&hl=en&lr=&start=40&sa=N (http://www.google.co.nz/search?q=%22data+remanence%22&hl=en&lr=&start=40&sa=N)

CreightonBrown
19-05-2005, 01:56 PM
Would recommend PDF version, it is more intact/readible

Metla
19-05-2005, 02:08 PM
Heh?

Remove harddrive.

Destroy via industrial press.

Liquify by furnace.

if the data is worth keeping out of peoples hands then its worth more then the price of an old crappy harddrive.Destroy and dispose....

CreightonBrown
19-05-2005, 02:13 PM
Heh?

Remove harddrive.

Destroy via industrial press.

Liquify by furnace.

if the data is worth keeping out of peoples hands then its worth more then the price of an old crappy harddrive.Destroy and dispose....

There is standards outlined / procedures for maybe different levels of importance of information. New Zealand may be able to make such itself but the cost may be inhibitive so assumably relying on already developed standards seems the appropriate measure.

It seems the DoD and various references may indicate varying levels of security procedures in relation to risk e.g. Medium/Heavy Erase, Degause or destroy.

This has also been forwarded to the IT Minister and Associated IT minister. It is not for me to make standards, but it is quite plausable that an appropriate measure should be used, and it appears some have been developed by what may be experts and perhaps more educated than an average Computer Technician or Store owners knowledge and as such it should be allowed they may have developed such standards to a more appropriate nature.

Metla
19-05-2005, 02:21 PM
I have done a little bit of work for government offices in my local area, when I have removed hard drives for them they are either put into storage or sent to a firm that specializes in destroying them....


Still, Lets not let the real world interfere....

CreightonBrown
19-05-2005, 02:23 PM
Estimated times for uncoding to Gutmann method in Dariks Boot and Nuke [Try googling]
+-----------------------------------------------------+
Uncoding - Reduction of Residual data to advisable standard for low to medium security information
+-----------------------------------------------------+
04GB 04 Hours
08GB 08 Hours
20GB 13 Hours
40GB 20 Hours
80GB 40 Hours

This is not totally equivocal of all Drive/Computer speeds, but a ballpark to work with.

There is other options available

vinref
19-05-2005, 02:34 PM
How long does it take to dismantle a HD casing and remove the platters and destroy them?

Would drilling through the HD and platter with a high strength drill-bit be enough to make any data irrecoverable?

Would immersing a HD in a suspension of magnetised iron filings kill all data?

I don't know the answers to the above, but I am interested.

Metla
19-05-2005, 02:40 PM
Granted I have zero idea how the firms that destroy harddrives actually do it,but the reason I mentioned an industrial press above is because one could pop open a HD in under 2 seconds, then turn the internals into mush with another few presses, All up you would be looking at under a minute to render it funked up...

Then drop the bits into a furnace, you would never see them again, they would drip out the bottom as scrag.....

vinref
19-05-2005, 02:44 PM
Granted I have zero idea how the firms that destroy harddrives actually do it,but the reason I mentioned an industrial press above is because one could pop open a HD in under 2 seconds, then turn the internals into mush with another few presses, All up you would be looking at under a minute to render it funked up...

Then drop the bits into a furnace, you would never see them again, they would drip out the bottom as scrag.....

Sounds like you could kill quite a few HDs to everyone's satisfaction in the time to read and make sense of Creighton's letter...

wintertide
19-05-2005, 02:45 PM
Using a real strong monitor degausser works... only if the HDD is on though, wrecks the heads and the platters though... ;)

CreightonBrown
19-05-2005, 03:04 PM
Ideally there would be quantifications of procedures of:

Say for HDD:
Erasure
Degausing
Destruction

and they would spread both of security gain, income, expense, time or other ramification as appropriate.

I, or others, would probably in an ideal sense would have more logic in this regard. Although it could vary by the methods implied so may have to be quanified with some variational likelyhood or more test material which would be an appropriate ideal to achieve.

CreightonBrown
19-05-2005, 03:05 PM
Sounds like you could kill quite a few HDs to everyone's satisfaction in the time to read and make sense of Creighton's letter...

If this has to be done not once but atleast thousands of times one may want to undertake an appropriate degree of assessment and concern for it, which is what I assumed I tried to do.

CreightonBrown
19-05-2005, 03:13 PM
I have done a little bit of work for government offices in my local area, when I have removed hard drives for them they are either put into storage or sent to a firm that specializes in destroying them....


Still, Lets not let the real world interfere....

'Real world' experience has raised my concern over what was being done in a firm I was employed for, in a trial phase, which was to recomission computers to t he public. I became concerned with the issues, and as such tried to present this information to government to protect individuals and the conglomeration of those who may be affected e.g. society, government.

bartsdadhomer
19-05-2005, 03:19 PM
Preface - Regarding assistance from refurbishment firms

One has to consider the biases concerned, ideally we would not live in a bias world but unfortunately we are implicated from our actions. As such I would state it seems psychologically likely than under normal circumstances individuals may not wish to partake in the facilitation of matters which may lead to a psychologically disadvantaging scenario, perhaps by other measures too such as economics or otherwise. Therefore I believe my contact to recommend to a refurbishment provider that standards should be established may be against their own financial wellbeing and as far as presently known are not require to meet any formalized standard and or formalized standard with accountability to achieve the appropriate ethicacy standard for the issue of data Remanence.

This guy is sitting too far from the blackboard
What a crock of s**t
I have SC, UE, an Advanced Trade certificate, and 3 internationally recognised IT degrees
And I don't know what he just said, he's obviously on a higher plane than me!
Or has access to a better class of drug than I do.

But apart from that, whats the point of posting all this drivel at all?
I think I'm missing something (so they tell me)

vinref
19-05-2005, 03:20 PM
Why would you want to overwrite and degauss a disk and then physically destroy it, when you can simply just physically destroy it?

You would only overwrite the HD if you were planning to re-sell it as a blank. If your security-conscious clients found out about this, you won't have the contract very long.

If you were planning to re-sell them, you could build an overwriting server to do just that. A few motherboards lined up all with HD ribbon connectors that can connect multiple-HDs, and running a formatting and zero-writing program. Leave it overnight or a couple of days and presto!...

CreightonBrown
19-05-2005, 03:25 PM
I have expressed the ideas as i wanted to communicate them.

I assume no one here seems to be suitably trained to add further to correct professional data security knowledge gain to further enhance this topic for me.

If they did have the appropriate training of data removal to an expert level I would welcome contact from them if they could add this topic further.

For now it seems I have communicated the ideas as best as suitable for the time being and I will be unsubcribing from this thread.

Metla
19-05-2005, 03:30 PM
LMAO.

bartsdadhomer
19-05-2005, 03:36 PM
LMAO.
ditto.....

vinref
19-05-2005, 03:37 PM
Take it easy Creighton. Some of us do take the topic seriously. And yes I did read the whole of your letter.

And I was interested in the Gutmann method a while back, but I quickly realised that if you were that conscious about security, don't bother with any overwriting tricks - just destroy the disk. It says just as much in the article/letter you posted.

Murray P
19-05-2005, 03:49 PM
Formatting, writing zero's, degaussing (unless you feed the national grid into it), etc, all leave recoverable data on a magnet disc.

Smash and burn baby is the only way to go.

What is medium or low security data from such as the MOD, for eg, who audits it, who pays for the audit, eg: What data was on the machine before it's current low-medium security status, who has access to the machine during it's life and what was their security status during that time?

No hardrive is worth that kind of effort even for low security machines, it's even doubtfull if it's worth taking it out of the machine, except if you burn the whole thing you run foul of environmental laws and reg's.

Smash and burn the buggers.

On second thoughts, the most sensitive information on Govt computers is probably pornographic emails. Give them all to the s**t slinger in Parliament, that should keep his trap shut for a few years in more way than one :eek:

Chilling_Silence
19-05-2005, 04:02 PM
while [ 1 ]; do cat /dev/urandom > /dev/hda; echo "Pass complete"; done

Leave it for a while, when you come back and see its done 7 passes, then you can take out your LiveCD and assume the HDD should be secure enough for the US DoD to have a go at.

Murray P
19-05-2005, 04:05 PM
while [ 1 ]; do cat /dev/urandom > /dev/hda; echo "Pass complete"; done

Leave it for a while, when you come back and see its done 7 passes, then you can take out your LiveCD and assume the HDD should be secure enough for the US DoD to have a go at.

Hey Chill, is that the same US DoD that has the really really secure servers and have been distributing secure censored PDF's of late :lol:

Chilling_Silence
19-05-2005, 04:17 PM
If I told you, I'd have to kill you.....

Billy T
19-05-2005, 05:00 PM
Exactly who is trying to teach whom how to suck eggs here?

The world is divided into two classes of data users:

1) Those who have something to hide, and therefore don't need our (or any other amateur) advice on data erasure because the only way their decommissioned HDDs will ever see the light of day will be when they are reincarnated and reborn as a cloud of heifer dust.

And

2) Those who don't give a toss whether anybody reads their obsolete data (the majority).

Unless you were commissioned to write that massive epistle Creighton, I fear that the obtuse and convoluted language you have used will simply see it deep-sixed by a minor official five minutes after receipt. They already have their own experts to advise them, and they probably don't listen to them either.

Cut your losses and quit before you hit the wall.

Cheers

Billy 8-{)

Graham L
19-05-2005, 06:03 PM
Oh dear. Why should anyone bother with recovering "secret" files from recycled computers? It seems to be much easier to steal laptops with un-erased disks from the secret organisations.

C-B: In general, the fewer syllables the better. If you have sent this to a minister, you should remember that many of them are like Idi Amin: able to comprehend words of one letter.

It is a good idea to link words together in such a way as to produce understable "sentences". (Excuse the technical term).

As for content ... when I see something like "... inter-record gaps may preclude proper clearing" I'm afraid I have to wonder if anything else in this document has any worth. Magnetic tapes are something I know quite a lot about.

whetu
19-05-2005, 11:08 PM
A lot of IT companies have the attitude that the next owner is going to just format and reinstall anyway, so they think they're covered. The laptop I picked up from Turners auctions came packed full of all kinds of interesting looking corporate documentation, and some even more interesting personal data too. And it was formerly owned by an employee of a competitor of the company I work for. It wasnt a challenge either, a run of the offline nt password editor and I was in.

His manager was pretty embarrassed when I gave him a call to explain the situation and to organise for the guy to pick up the DVD of data I had burnt off for them. Last I heard, that company had decided to impliment a data destruction policy similar to ours, which is not too far off what I say below.

And Turners is auctioning off dozens of decommissioned servers and workstations regularly. With the right tools (eg UBCD, and some money) you're sitting on a data goldmine.

Unless you're super paranoid that the NSA are coming to get you, a pass or several with Autoclave or Dariks Boot n Nuke should be plenty. (You can find both of these on the ultimatebootcd, see my sig)

If you cant trust that, use heavy tools, weapons, explosives and small woodland creatures on the hdd. Justify it to onlookers as professional stress relief. Then give the remains of the HDD to the IT department of one of our military services. Apparently they drill, hammer, shoot and then MELT the hard drives. Apparently just melting a hard drive to liquid metal isnt as fun. ;)

Tony
19-05-2005, 11:27 PM
Is this guy for real? I have never read such a load of unintelligible gibberish! I just hope that no one has actually paid for it to be produced. I am not qualified to comment on the requirements for and methods of data destruction, but I think this document by itself if stored on a HDD would be enough to cause it to collapse under the weight of its incomprehensibility. :confused: :confused:

plod
19-05-2005, 11:59 PM
angle grinder or check the link out (http://leoville.tv/radio/pmwiki.php/ShowNotes/Show139#toc9) it will give a few options.
On a side note has anyone come across ceramic platters in harddrives before?

TonyF
20-05-2005, 12:05 AM
I have got C-B on my Ignore list, after some v odd earlier posts. Having seen the quote earlier, and the response of Tony above, it stays so. Strange stuff ....
TonyF

quarry
20-05-2005, 12:34 AM
I would say humour this guy, cos he sounds pretty lonely & F1 is probably the only human (virtual) contact he has, apart fom his job (if he's got one).

For my clients old HDs, I just dismantle it into pieces, give it to my nephew to smash away & bif the bits separately at different weeks... end of story - no scientific bs...