computer forensics question
Kurt Granroth
plug-discuss at granroth.org
Sun Oct 9 14:22:09 MST 2005
On Oct 9, 2005, at 5:38 AM, Darrin Chandler wrote:
> Kenneth wrote:
>> If it absolutely has to be gone, I would never trust writing over
>> it (even
>> multiple times). I would disassemble it, take the platters out,
>> and sand all
>> the metal off :)
>
> I've read somewhere, a while ago, that someone had a procedure
> where they dissassembled the drive and used special equipment to
> read latent ghost images of previously written data. I don't have
> any references at all.
That's why the military has a two-pronged approach to drives that
once contained classified info:
Step 1: Erase the data securely (multiple overwriting, etc)
Step 2: Physically destroy the drive
I found this PDF:
http://www.nwo.usace.army.mil/html/im-c/rcrdsmgt/pdf/m25-1-80.pdf
It recommends using the DataEraser software to do the secure delete.
The appendix says that the recommended overwrite to satisfy DoD
requirement is a Triple Pass with 0x00.
After that is done, though, you must take the drive into a "suitable
facility with individuals wearing appropriate safety equipment" and
physically destroy it. They recommend using a sledgehammer or
drilling a series of 1/4 in holes through the platters.
I've heard stories that some branches of the military will take it a
step further and incinerate the pieces but I can't find any reference
to that so it might just be an urban legend.
KKurt
More information about the PLUG-discuss
mailing list