[ale] Need an iso to wipe hard drives.

scott scott at sboss.net
Fri Apr 16 14:12:04 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

the wipe she used was the DBAN wipe tool using a single wipe.

And I know others on a single pass wipe, have recovered their disks (not them personally but the guys in the white suits).  Now once it went over 7 passes (7 or more) then the chance of any data recovery went down to a number really really small that is very close to 0.  I would call it zero but then someone will get a file and I would be a liar.

Personally (at my home) I do a 7 pass on all disks unless it has PCI/HIPPA type data then I do 35 pass. I know the PCI/HIPPA rules due to work.


On Apr 16, 2010, at 2:00 PM, Greg Freemyer wrote:

> fyi: I whole heartedly agree, the mac wipe failure sounds like a
> process failure, not a technology failure.
> 
> As to:  $1/MB ????????  for recovery
> 
> You must not be telling the whole story.  Or maybe you meant $1/GB.
> 
> That most expensive I'm aware of is a raid array failure.  That can be
> $5K/drive or so, but that is still way below $1/MB.
> 
> Or maybe you just needed a few relatively small files recovered.  It
> is still a lot of work to search the whole drive for a few fragments
> and try to rebuild things.
> 
> I could see us charging $1K or even $2K to recover a specific deleted
> file that was a real challenge to rebuild.  And if it was only 50 MB
> or so, you might say that worked out to $20/MB, but that's not really
> a fair to describe the price.
> 
> Greg
> 
> On Fri, Apr 16, 2010 at 12:44 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
>> sounds like the wipe tool on that Mac was crap and just did a delete. Drive
>> recovery is $$$$$$$$$!!!!
>> The last one I ran for a client was $1/MB.
>> 
>> On Fri, Apr 16, 2010 at 12:24 PM, scott boss <scott at sboss.net> wrote:
>>> 
>>> A friend of mines wife wiped her mac laptop HD.  Not the govt 35pass
>>> but a single pass wipe.  He sent it off to one of those disk recovery
>>> companies and he got 99% of the disk back and the HD was much larger
>>> than 20g.  She had over 20g of photos alone.
>>> 
>>> Ymwv!!
>>> 
>>> Sent from my mobile...
>>> 
>>> On Apr 16, 2010, at 12:04, Brian Pitts <brian at polibyte.com> wrote:
>>> 
>>>> On 04/16/2010 11:31 AM, Greg Freemyer wrote:
>>>>> 
>>>>> NIST has a sanitation paper that says disk drives of 20GB or larger
>>>>> capacity are not recoverable even via laboratory means after a single
>>>>> wipe with zero's.
>>>>> 
>>>>> So your just wasting cpu cycles using /dev/urandom.  Just use
>>>>> /dev/zero.  And just do it once.
>>>> 
>>>> The link you shared to a discussion of that paper a while back is
>>>> dead.
>>>> Do you know of any more sources? I'd really like to have something to
>>>> wave at the "you must wipe it 27 times" people.
>>>> 
>>>>> Also, ext2/3 reserves x% of the drive for root, so if your doing the
>>>>> above as a normal user, your missing that x%.  I think x% is 5%,
>>>>> but I
>>>>> don't recall for sure.  And 5% of 1TB is 50GB, so it is a big deal.
>>>> 
>>>> At Free IT Athens, we run sfill and sswap from the secure-delete suite
>>>> of tools as a post-install action to securely erase all unused space
>>>> on
>>>> a system being refurbished. sfill sipes the disk space and inode
>>>> space,
>>>> and sswap takes care of the swap partition.
>>>> 
>>>> --
>>>> All the best,
>>>> Brian Pitts
>>>> _______________________________________________
>>>> Ale mailing list
>>>> Ale at ale.org
>>>> http://mail.ale.org/mailman/listinfo/ale
>>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>>> http://mail.ale.org/mailman/listinfo
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>> 
>> 
>> 
>> --
>> --
>> James P. Kinney III
>> Actively in pursuit of Life, Liberty and Happiness
>> 
>> 
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>> 
>> 
> 
> 
> 
> -- 
> Greg Freemyer
> Head of EDD Tape Extraction and Processing team
> Litigation Triage Solutions Specialist
> http://www.linkedin.com/in/gregfreemyer
> CNN/TruTV Aired Forensic Imaging Demo -
>   http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/
> 
> The Norcross Group
> The Intersection of Evidence & Technology
> http://www.norcrossgroup.com
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)

iQIcBAEBCgAGBQJLyKh7AAoJEF51inK7SsNsnhIP/1a7jCIDJBhxqkOcKjzVASML
RkKTn0OCMr/P6XJgeRWUJ75oBc6be5AbgAJ3BT7nsa6nevYe1tbM6mKc/wDkgUEC
dGAf1Q+yfZASaJs4r9PoKPzpTolqxPN89DEn2pBFYfvNuYmtcGDp5X62epx4GycX
OUnlykxvferJaKy9VvMeFsE8lx66qDk1uU8Y2GltaTTWrU1OmwDxALgXu6H/rc+J
NVGWm9fj9GCxZeu4/y/r+a/7fGbOjWcXOk3yLNi6gZKtjt6oSexEITHQwftaYFrw
W4Uwu68VoomPwVnvqQV+u9PM/47rbam+6rDjtHc/TmTnyYzHHPiaaj/VBpjNNg/9
8LnVHFm3bDM+M1LilpOA4LvyOFX8XBmqs/aTmvZv1aZVc8IvX/80aL7wX8M0/Vmh
udXp5zNa1xwerJmOg7ogl47IN4RwaVLc3UWkcoMID2AhdvCgg35FLRnVXcuI3WHV
vyoBXoHOqbx9M/7HrF5RtYkB6bYYK1Lsuep8ujuS3wCxMoe5JjZB7fpiTiFcSD8m
8O31fxKbCfwzc3ZATQF+N0tBu5nw6BvlHUkybdaU3wpn8ikTlTNd4mG/bPdEHztN
dYxhyJck5AbeQnAG2iYX6mqGWD5g7JdQJqRNIYbZN40GMJ1CGPQerW5dSb/WMiIa
MkU485uRdqSiHXJb1lDY
=/RZh
-----END PGP SIGNATURE-----



More information about the Ale mailing list