The relevant question one should ask is: how costly will it be (time, money) to recover data? If you have, for example, a modern tape and just zero it (write eofs at the beginning), nearly every drive in the world will report blank tape errors if you try to go past BOT, even if the tape store past there is physically untouched. What's needed to decide how exposed erased data is would be instead how much it might cost (and how many questions might be asked) to get someone with special gear to attempt recovery? Possibly also it could make sense to ask how many sites that could recover the data exist. Merely writing zeroes (or anything else) once onto a disk sector means the drive will as a general matter read what was written, not what used to be there, regardless of the analogue magnetic state underlying. To judge whether that's enough to block an adversary, I need some idea how much it'll cost to get the data back, and whether all recovery shops might ask embarrassing questions about how someone came to have this disk, or make police reports or the like. I don't believe I've seen any such information in this forum. -----Original Message----- From: Jared Johnson [mailto:jaredsjazz@xxxxxxxxx] Sent: Wednesday, July 20, 2005 7:49 PM To: focus-ms@xxxxxxxxxxxxxxxxx Cc: bugtraq@xxxxxxxxxxxxxxxxx Subject: Peter Gutmann data deletion theaory? All, Do you all agree with Peter Gutman's conclusion on his theory that data can never really be erased, as noted in his quote below: "Data overwritten once or twice may be recovered by subtracting what is expected to be read from a storage location from what is actually read. Data which is overwritten an arbitrarily large number of times can still be recovered provided that the new data isn't written to the same location as the original data (for magnetic media), or that the recovery attempt is carried out fairly soon after the new data was written (for RAM). For this reason it is effectively impossible to sanitise storage locations by simple overwriting them, no matter how many overwrite passes are made or what data patterns are written. However by using the relatively simple methods presented in this paper the task of an attacker can be made significantly more difficult, if not prohibitively expensive." It seems that the perhaps the only real way to rid your Hard Drives of data is to burn them. I'd love to hear some thoughts on this from security and data experts out there. ********************************************************************** This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you **********************************************************************
