Thanks James Taylor I was wondering where I got the seven from. I have looked at the DOD standard that disk wiping products talk about and it has no number in it (Orange book). Other US government documents talk about three levels of disk destruction, wiping, degaussing, and destruction. This may be where the various numbers are coming from. Another post talked about the US government saying 7 also so "it must be secure". I won't go by that since the same US government wants encryption levels kept down so they can break them. Do they want the same from disk wipes??? Yes a bit paranoid conspiracy stuff alright, I agree.
I think the concensis seems to be that a good overwrite of all sectors 2-3 times will make the disk pretty much safe for reuse if the data is not highly sensitive. If it is then burn the disk and buy a new one instead of reusing it. Also it seems clear that if it is possible to recover data that was overwritten 30 times it is not something that would have been done easily. It takes great effort, expensive equipment, and expertise. If your repair guy could get data then why was he looking and what did he get. I would agree it was scare mongering for a sale of some disk wiping software package they just happen to sell. Do they sell something like this??? Trevor Cushen Sysnet Ltd www.sysnet.ie Tel: +353 1 2983000 Fax: +353 1 2960499 -----Original Message----- From: James Taylor [mailto:james_n_taylor@;yahoo.com] Sent: 30 October 2002 04:50 To: [EMAIL PROTECTED] Subject: Re: Interesting One The CISSP Study Guide (ISBN 0-471-41356-9) states that: "Information on magnetic media is typically 'destroyed' by degaussing or overwriting. Formatting a disk once dones not completly destroy all data, the entire media must be overwritten or formatted seven times to conform to standards for object reuse". Also the above book states that "the Orange Book standard reccommends that magnetic media be formatted seven times before discard or reuse of media". So if the US gov't reccommends seven times, you can bet that they have technology that can read to a lower level than that! However 30 times seems a bit excessive and it must depend on the nature of the data being overwritten and what area's of the media have been completly destroyed. At that level I imagine it's something like guessing the picture from a 10000 piece jigsaw puzzle, with most of the pieces missing. Regards James --- Carol Stone <[EMAIL PROTECTED]> wrote: > I don't know much about this, but yesterday I read in one > of the later > chapters of Bruce Schneier's book, "Secrets and Lies," > (link to amazon > follows) that over-writing data on a disk does *not* > completely > obliterate it, it just makes it a lot more difficult to > recover with > each over-write. I believe he said just how many > re-writes were still > recoverable was a secret one of our governmental > organizations wasn't > about to give up. I'll look at my book later when I have > it in my > hands and see if I can't find part and post a pointer to > *his* > reference. > > -carol > > http://www.amazon.com/exec/obidos/tg/detail/- > /0471253111/qid=1035924654/sr=8-3/ref=sr_8_3/104-4454644-5987143? > v=glance&n=507846 > > > Greetings Folks, > > > > I had an interesting conversation today with someone > from FAST > > (Federation > > Against Software Theft) They pretend not to be a snitch > wing of the > BSA. > > Anyway, to get to the point, the guy that came to see > me said that > their > > forensics guys could read data off a hard drive that > had been written > > over > > up to thirty times. I find this very hard to believe > and told him I > > thought > > he was mistaken but the guy was adamant that it could > be done. My > > question > > is, does anyone have any views on this, or, can anyone > point me to a > > source > > of information where I can get the facts on exactly how > much data can > be > > retrieved off a hard drive and under what conditions > etc etc. > > > > Thanks > > > > Dave Adams > > > > > > > > This message (and any associated files) is intended > only for the > > use of the individual or entity to which it is > addressed and may > > contain information that is confidential, subject to > copyright or > > constitutes a trade secret. If you are not the intended > recipient > > you are hereby notified that any dissemination, copying > or > > distribution of this message, or files associated with > this message, > > is strictly prohibited. If you have received this > message in error, > > please notify us immediately by replying to the message > and deleting > > it from your computer. Messages sent to and from > > John Crowley (Maidstone) Ltd may be monitored. > > > > Internet communications cannot be guaranteed to be > secure or error- > free > > as information could be intercepted, corrupted, lost, > destroyed, > arrive > > late or incomplete, or contain viruses. Therefore, we > do not accept > > responsibility for any errors or omissions that are > present in this > > message, or any attachment, that have arisen as a > result of e-mail > > transmission. If verification is required, please > request a hard-copy > > version. Any views or opinions presented are solely > those of the > author > > and do not necessarily represent those of John Crowley > (Maidstone) > Ltd. > > > > > > -- > Real people for the virtual world. > http://www.elirion.net __________________________________________________ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ ************************************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this message in error please notify SYSNET Ltd., at telephone no: +353-1-2983000 or [EMAIL PROTECTED] **************************************************************************************
