[ale] Need an iso to wipe hard drives.
Jim Kinney
jim.kinney at gmail.com
Fri Apr 16 14:32:31 EDT 2010
I think I wouldn't spend time wiping a drive. I think I would just destroy
it. More fun and takes less time.
>From page 40 of the NIST guide:
The hard drive should then be subjected, in a suitable facility with
individuals wearing appropriate safety equipment, to physical force… (e.g.,
pounding with a hammer…) that will disfigure, bend, mangle, or otherwise
mutilate the hard drive so that it cannot be reinserted into a functioning
computer. Sufficient force should be used directly on top of the hard drive
unit to cause shock/damage to the disk surfaces. In addition, any connectors
that interface into the computer must be mangled, bent, or otherwise damaged
to
the point that the hard drive could not be reconnected without significant
rework.
DOD Memorandum, 8 July, 2001. Subject: Destruction of DoD Computer Hard
Drives Prior to
Disposal.
I'm thinking of the scene from "Office Space" where a certain printer was
removed to a remote field location and "retrained" to be scrap metal :-)
I also know of people that swear a 12 gauge slug will render a hard drive
utterly non-recoverable. Ditto on using a log splitter with a cross point
wedge.
Lastly, removing the platter from the drive case is pretty easy. Then
burnishing it with a torch will add nice colorations while totally
demagnetizing platter surface. Now those colored platters can strung from
fishing line and used as wind chimes. From scrap crap to art!
On Fri, Apr 16, 2010 at 2:12 PM, scott <scott at sboss.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> the wipe she used was the DBAN wipe tool using a single wipe.
>
> And I know others on a single pass wipe, have recovered their disks (not
> them personally but the guys in the white suits). Now once it went over 7
> passes (7 or more) then the chance of any data recovery went down to a
> number really really small that is very close to 0. I would call it zero
> but then someone will get a file and I would be a liar.
>
> Personally (at my home) I do a 7 pass on all disks unless it has PCI/HIPPA
> type data then I do 35 pass. I know the PCI/HIPPA rules due to work.
>
>
> On Apr 16, 2010, at 2:00 PM, Greg Freemyer wrote:
>
> > fyi: I whole heartedly agree, the mac wipe failure sounds like a
> > process failure, not a technology failure.
> >
> > As to: $1/MB ???????? for recovery
> >
> > You must not be telling the whole story. Or maybe you meant $1/GB.
> >
> > That most expensive I'm aware of is a raid array failure. That can be
> > $5K/drive or so, but that is still way below $1/MB.
> >
> > Or maybe you just needed a few relatively small files recovered. It
> > is still a lot of work to search the whole drive for a few fragments
> > and try to rebuild things.
> >
> > I could see us charging $1K or even $2K to recover a specific deleted
> > file that was a real challenge to rebuild. And if it was only 50 MB
> > or so, you might say that worked out to $20/MB, but that's not really
> > a fair to describe the price.
> >
> > Greg
> >
> > On Fri, Apr 16, 2010 at 12:44 PM, Jim Kinney <jim.kinney at gmail.com>
> wrote:
> >> sounds like the wipe tool on that Mac was crap and just did a delete.
> Drive
> >> recovery is $$$$$$$$$!!!!
> >> The last one I ran for a client was $1/MB.
> >>
> >> On Fri, Apr 16, 2010 at 12:24 PM, scott boss <scott at sboss.net> wrote:
> >>>
> >>> A friend of mines wife wiped her mac laptop HD. Not the govt 35pass
> >>> but a single pass wipe. He sent it off to one of those disk recovery
> >>> companies and he got 99% of the disk back and the HD was much larger
> >>> than 20g. She had over 20g of photos alone.
> >>>
> >>> Ymwv!!
> >>>
> >>> Sent from my mobile...
> >>>
> >>> On Apr 16, 2010, at 12:04, Brian Pitts <brian at polibyte.com> wrote:
> >>>
> >>>> On 04/16/2010 11:31 AM, Greg Freemyer wrote:
> >>>>>
> >>>>> NIST has a sanitation paper that says disk drives of 20GB or larger
> >>>>> capacity are not recoverable even via laboratory means after a single
> >>>>> wipe with zero's.
> >>>>>
> >>>>> So your just wasting cpu cycles using /dev/urandom. Just use
> >>>>> /dev/zero. And just do it once.
> >>>>
> >>>> The link you shared to a discussion of that paper a while back is
> >>>> dead.
> >>>> Do you know of any more sources? I'd really like to have something to
> >>>> wave at the "you must wipe it 27 times" people.
> >>>>
> >>>>> Also, ext2/3 reserves x% of the drive for root, so if your doing the
> >>>>> above as a normal user, your missing that x%. I think x% is 5%,
> >>>>> but I
> >>>>> don't recall for sure. And 5% of 1TB is 50GB, so it is a big deal.
> >>>>
> >>>> At Free IT Athens, we run sfill and sswap from the secure-delete suite
> >>>> of tools as a post-install action to securely erase all unused space
> >>>> on
> >>>> a system being refurbished. sfill sipes the disk space and inode
> >>>> space,
> >>>> and sswap takes care of the swap partition.
> >>>>
> >>>> --
> >>>> All the best,
> >>>> Brian Pitts
> >>>> _______________________________________________
> >>>> Ale mailing list
> >>>> Ale at ale.org
> >>>> http://mail.ale.org/mailman/listinfo/ale
> >>>> See JOBS, ANNOUNCE and SCHOOLS lists at
> >>>> http://mail.ale.org/mailman/listinfo
> >>> _______________________________________________
> >>> Ale mailing list
> >>> Ale at ale.org
> >>> http://mail.ale.org/mailman/listinfo/ale
> >>> See JOBS, ANNOUNCE and SCHOOLS lists at
> >>> http://mail.ale.org/mailman/listinfo
> >>
> >>
> >>
> >> --
> >> --
> >> James P. Kinney III
> >> Actively in pursuit of Life, Liberty and Happiness
> >>
> >>
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> http://mail.ale.org/mailman/listinfo/ale
> >> See JOBS, ANNOUNCE and SCHOOLS lists at
> >> http://mail.ale.org/mailman/listinfo
> >>
> >>
> >
> >
> >
> > --
> > Greg Freemyer
> > Head of EDD Tape Extraction and Processing team
> > Litigation Triage Solutions Specialist
> > http://www.linkedin.com/in/gregfreemyer
> > CNN/TruTV Aired Forensic Imaging Demo -
> >
> http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/
> >
> > The Norcross Group
> > The Intersection of Evidence & Technology
> > http://www.norcrossgroup.com
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.12 (Darwin)
>
> iQIcBAEBCgAGBQJLyKh7AAoJEF51inK7SsNsnhIP/1a7jCIDJBhxqkOcKjzVASML
> RkKTn0OCMr/P6XJgeRWUJ75oBc6be5AbgAJ3BT7nsa6nevYe1tbM6mKc/wDkgUEC
> dGAf1Q+yfZASaJs4r9PoKPzpTolqxPN89DEn2pBFYfvNuYmtcGDp5X62epx4GycX
> OUnlykxvferJaKy9VvMeFsE8lx66qDk1uU8Y2GltaTTWrU1OmwDxALgXu6H/rc+J
> NVGWm9fj9GCxZeu4/y/r+a/7fGbOjWcXOk3yLNi6gZKtjt6oSexEITHQwftaYFrw
> W4Uwu68VoomPwVnvqQV+u9PM/47rbam+6rDjtHc/TmTnyYzHHPiaaj/VBpjNNg/9
> 8LnVHFm3bDM+M1LilpOA4LvyOFX8XBmqs/aTmvZv1aZVc8IvX/80aL7wX8M0/Vmh
> udXp5zNa1xwerJmOg7ogl47IN4RwaVLc3UWkcoMID2AhdvCgg35FLRnVXcuI3WHV
> vyoBXoHOqbx9M/7HrF5RtYkB6bYYK1Lsuep8ujuS3wCxMoe5JjZB7fpiTiFcSD8m
> 8O31fxKbCfwzc3ZATQF+N0tBu5nw6BvlHUkybdaU3wpn8ikTlTNd4mG/bPdEHztN
> dYxhyJck5AbeQnAG2iYX6mqGWD5g7JdQJqRNIYbZN40GMJ1CGPQerW5dSb/WMiIa
> MkU485uRdqSiHXJb1lDY
> =/RZh
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
--
James P. Kinney III
Actively in pursuit of Life, Liberty and Happiness
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100416/f7e1c4e8/attachment.html
More information about the Ale
mailing list