Secure Data Removal

[Arno Wagner]

Do you have a reliable source that indicates that someone today can
read a disk platter in anything else than the original disk?

There is some indication that as soon as the platter mounting
is opened it is extremely hard to re-center the disks enough to
read them. Still, that would be in the very-expensive-but-feasible
range, I think. On the other hand this type of recovery task
must be rare, so not commercially interesting at all.

Arno

 

[Folkert Rienstra]

There is some indication that as soon as the platter mounting
is opened

So Arnie Redrobe, how exactly does one open "a platter mounting"?

 

[David Lesher]

<http://www.computer.org/security/v1n1/garfinkel.htm>

 

[Arno Wagner]

<http://www.computer.org/security/v1n1/garfinkel.htm>

Yes, that one is pretty cool. I guess most are due to people that
believe dragginf files to the trash and then emtying the trash does
actually delete anything.

Arno

 

[J. Clarke]

Do you have a reliable source that indicates that someone today can
read a disk platter in anything else than the original disk?

Uh, why would this not be possible? There's nothing magic in one drive that
makes the parts unusable in another. It might be difficult, it might be
too expensive for any but the most critical data, but it's not impossible.

If the CIA came upon a disk drive that had been disassembled but not erased
or damaged that they knew with certainty had on it Osama bin Laden's
whereabouts for the next year, do you honestly think that the US Government
could not recover that data?

 

[J. Clarke]

That is an unconfirmed myth with modern drives. 15 years ago this was
possible. Last year the german computer magazine c't tried to get
data recoverd after a single overwrite on a HDD. All better knowen
data recovery outfits clamied that they did not have this capability,
which means that such recovery is either impossible or very expensive
(think millions).

The trouble with c't's approach is that they did not ask government
forensics agencies. We know what commercial outfits can do at reasonable
cost, we don't know what governments can do if they badly want the data.

 

[J. Clarke]

And, if a disk manager was used?

Then it gets wiped too.

 

[Arno Wagner]

Arno Wagner wrote:

The trouble with c't's approach is that they did not ask government
forensics agencies. We know what commercial outfits can do at reasonable
cost, we don't know what governments can do if they badly want the data.

True. But there is an other side to it: For a government to "badly"
want the data, it has to be massively important to national security.
Ordinary law enforcement will not qualify. Anything high-volume does
not qualify. Individuel recoveries will be quite expensive.

There is also the second angle that once this capability is publicly
known, it looses a significant part of its value since people will
delete more securely. That means it will be done sparingly, not many
people will know about this capability and results will not be used in
court.

Example: Harsh as it sounds, if somebody raped a kid to death and has
an overwritten video of this on disk, the government will likely
not want the data badly enough to even try such a recovery. (Still
I hope that in these cases the police will do fine with other
evidence and usually it does.)

If, on the other hand, evidence of terrorist activity is on that
disk in overwritten form and the right government gets hold of
that disk and suspects what was on it, they might be able to recover
from an overwrite. But they would want to not admit having been
able to do that, because then the terrorists will go for physical
destruction and this intelligence source will be gone.

In a country that respects human rights and due process of law that
makes even minor terrorists (e.g. small time supporters) reasonably
safe with a single overwrite. In other countries anything can happen
to you, but "they" would likely just do that to you anyways even if
they did not get the evidence from your disk. The real risk in such
countries is that others might be implicated by the overwritten
data. Again not a problem unless you are a member of a criminal
or terrorist organisation or the like.

Which exact countries respect dues process and human rights is left as
an excercise to the reader.

Arno

 

[Arno Wagner]

Svend Olaf Mikkelsen wrote:

Uh, why would this not be possible? There's nothing magic in one drive that
makes the parts unusable in another. It might be difficult, it might be
too expensive for any but the most critical data, but it's not impossible.

The platters have to be centerd precisely. This seems to be extremely
difficult or impossible once the screws holding them have been loosened.

If the CIA came upon a disk drive that had been disassembled but not erased
or damaged that they knew with certainty had on it Osama bin Laden's
whereabouts for the next year, do you honestly think that the US Government
could not recover that data?

That case would qualify for a multi-million investment, possibly using
magnetic microscopy on the platters. Could still take months and might
make creation of special equipment necessary.

On the other hand, it seems that Bush and Osama make a good team.
Osama even supported the Bush-Campaign. And Bush makes sure Osama has
lots of funding and new recruits. So why would these two harm each
other? Of course a show of effort is needed for PR. But do you really
think the US is incapable of finding this guy if they really, really,
really wanted to?

Arno

 

[Al Dykes]

True. But there is an other side to it: For a government to "badly"
want the data, it has to be massively important to national security.
Ordinary law enforcement will not qualify. Anything high-volume does
not qualify. Individuel recoveries will be quite expensive.

For national security purposes getting just one block (512 bytes) off
a disk will be valuable if it has a name, a phone number, or something
that looks like an account code for an unidentified bank, since these
bits may dovetail wil other facts to make an investigation move
forward or connect the suspect to someone else, or as a crib to crack
a backlog of encrypted messages.

In the civilian or business world, such fragments of information would
probably not be very useful.

 

[Svend Olaf Mikkelsen]

Then it gets wiped too.

Too? Why do you think the data would be wiped? I did not check
recently, but last time I checked the data would not be wiped, as far
as I remember.

 

[J. Clarke]

Too? Why do you think the data would be wiped? I did not check
recently, but last time I checked the data would not be wiped, as far
as I remember.

Well, let's see, making 35 passes of random data counts in most peoples'
books as "wiping the data", and Linux ignores "disk managers", being fully
capable of dealing with just about any disk without them, so any
linux-based utility (such as dban) will simply treat the disk manager as
yet more crap to wipe.

In any case, there there are utilities available from the drive
manufacturers that will instruct the firmware in their drives to start at
the first physical sector and write the entire disk full of zeros--that
firmware does not concern itself with anything that has been done to the
drive above the firmware level, and so treats "disk managers" and the like
the same way it treats any other data. After doing that, then one can run
another utility that will write random data over those zeros--at that point
any disk manager or the like is moot.