Jump to content

Recommended Wiping tool/method for hdd


Recommended Posts

1 hour ago, pointertovoid said:

On the other hand, "someone" (which means a secret service or a defence agency) questioned me few years ago over several channels, one of them linked with the French secret services, exactly about how to make disposed magnetic hard disk impossible to read, so at least the interrogation is very real if not the possibility.

Just to understand, what do you mean you were questioned or interrogated?

(of course if you are allowed to publish any detail)

jaclaz

P.S.: Just in case:

http://all.net/ForensicsPapers/2012-12-07-OverwrittenMagneticRecovery.pdf
 

Edited by jaclaz
Link to comment
Share on other sites

  • 2 weeks later...

It wasn't my job and I was questioned over several fully unofficial channels, so I can and do speak about it.

The query was about destroying hard disk drives because the owners feared the data could be recovered after erasure. Why they didn't want a multi-pass erasure, I don't know. The query was around 2010, definitely after 2004 and before 2012, but the scrapped disks can perfectly have been older than perpendicular recording - weapons for instance use old hardware often. And given the general degree of paranoia of the people who indirectly asked me how to destroy the Hdd (I strongly suppose the French secret services), it doesn't need a workable method of data recovery: they would destroy the disks just on the remote suspicion of a possibility.

This latest linked document supports your claim that perpendicular recording makes one-pass erasure safe.

Though, not all technology is known. For instance, tunnel effect microscopes can detect the spin of individual atoms. The latest Pdf's argument was about magnetization force, but tunnel microscopes would read locations where the write head didn't pass exactly over the data to overwrite it.

Link to comment
Share on other sites

On 1/16/2017 at 11:16 PM, dencorso said:

Nonsense! One single pass writing zeroes throughout the HDD is all that is needed. All the rest is dust in the wind. :yes:

On 1/17/2017 at 7:04 PM, pointertovoid said:

Thank you for your well-argumented and documented opinion!

Against facts, there is no argument. And the 2nd law of Thermodynamics describes such a fact.
Moreover, with all due respect to you, the best arguments are lost on you: jaclaz provided you with references galore... did he convince you? No. Why should I think I'd fare any better? So I decided not to even try, but gave you my opinion, nonetheless. No offense intended, though.
Beside my opinion, however, as per your request, I provided you a precious link to a file named killdisk2.zip, which contains the active@killdisk v. 4.1 without an installer (later versions are provided only in installer form). Inside that file you'll find an Extende DOS version, a real-mode version and a Win32 version of the free killdisk. The windows version kd_win.exe runs on any PE from Bart PE to the PE from Win 8.1 (I didn't try to use with any from Win 10), and runs on normal Windows from 2k to 7 for sure, and probably on newer versions, too. It can perform a single-pass full-disk zeroing. It saves its configuration in a file on the same folder it's started from, without writing anything to the registry. And I find active@'s license very poetic. If one believes a one-pass full-disk zeroing is enough, one can do it for free. If, instead, one wants or needs to comply to the DoD standards for safe erasure or any other yet more byzantine schemes, one can do it, too, but needs the paid-for version to do that. There are later versions of the Win32 program and linux versions of those later versions, too, and they are available in the current active@ download page. The licensing policy remains the same.

Link to comment
Share on other sites

Maybe it is an issue with "false pairs", but being questioned or interrogated here means something different, particularly if done by a secret service or a defence agency.

Someone (supposedly retainers of extremely secret or private data and possibly connected to the French secret services) asked you an opinion or suggestion on how to securely erase some disk drives.

For some reason they were afraid that data could be recovered AND didn't want to make use of any of the (documented) international, if not standards, "recommendations" such as the DoD one they could ask NOT anyone among their IT security experts AND THEN they asked this question to you, unofficially, since you don't have any particularly related qualification, education or experience.

Now I see.

Just for the record, even set aside perpendicular recording in 2006 the NIST already published a document about the proved effectiveness of a single pass on anything manufactured after around 2001 or 15 Gb in size:

http://web.archive.org/web/20120901055431/http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_with-errata.pdf

Quote

...
Studies have shown that most of today’s media can be effectively cleared by one overwrite.

...

Purging information is a media sanitization process that protects the confidentiality of 
information against a laboratory attack.  For some media, clearing media would not suffice 
for purging.   However, for ATA disk drives manufactured after 2001 (over 15 GB) the 
terms clearing and purging have converged.
...

of course it is entirely possible that that was a clever move by the US intelligence to trick all the world (including their own agencies) to adopt excessively lax standards in order to be able to retrieve information not fully overwritten and thus recoverable (by them).

jaclaz
 

Link to comment
Share on other sites

  • 1 month later...
On 17/01/2017 at 11:03 PM, dencorso said:

Against facts, there is no argument. And the 2nd law of Thermodynamics describes such a fact.
Moreover, with all due respect to you, the best arguments are lost on you: jaclaz provided you with references galore... did he convince you? No.

Now that sounds like a pseudo-science argument: "The 2nd law of Thermodynamics describes such a fact." Beware I'm a physicist and I'm easy with thermodynamics, as more people here may be. And citing that law didn't impress me Quite the opposite.

Jaclaz has provided articles that did not tell what he claims. In fact, the author of the original paper still recommends presently two multi-pass erase software.

Sorry but, after two pages of arguments and references, your one-line strong statement isn't convincing.

Link to comment
Share on other sites

On 18/01/2017 at 1:23 PM, jaclaz said:

[...] since you don't have any particularly related qualification, education or experience. [...]
 

What lets you suppose and even write that? I'm an expert for electromagnetism and hold two MsC for electrical engineering, including microelectronics.

Link to comment
Share on other sites

On 18/01/2017 at 1:23 PM, jaclaz said:

[...] Just for the record, even set aside perpendicular recording in 2006 the NIST already published a document about the proved effectiveness of a single pass on anything manufactured after around 2001 or 15 Gb in size:

http://web.archive.org/web/20120901055431/http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_with-errata.pdf

I take good note of Nist's statement, paragraph 2.3 on page 6:

"Basically the change in track density and the related changes in the storage medium have created a situation where the acts of clearing and purging the media have converged.  That is, for ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack."

Though, this document is from 2006. Did they have spin-sensitive tunnel effect microscopes back then?
https://en.wikipedia.org/wiki/Spin_polarized_scanning_tunneling_microscopy
the first referenced article dates from 2009. Such a microscope lets observe the magnetic polarization of single atoms, for instance at locations where the write head put the sensitive data, and that the erase pass didn't overfly accurately enough.

Link to comment
Share on other sites

Yeah, sure, but do the math.

How many atoms are needed to make a 1?

And how many to to make a 0?

And how many 0's and 1's are needed to make a single character?

And what if you can read with whatever means is not an actual 0 or 1 but rather a probable 0 or a probable 1?

jaclaz
 

Link to comment
Share on other sites

On 1/17/2017 at 8:03 PM, dencorso said:

Against facts, there is no argument. And the 2nd law of Thermodynamics describes such a fact.

14 hours ago, pointertovoid said:

Now that sounds like a pseudo-science argument

Suppose you have a big jigsaw-puzzle, completely solved, supported by a hard-cardboard resting on four upright bricks.
Then you go to it and kick the cardboard so that the jigsaw-puzzle is fully separated and sent flying everywhere.
Yet, after gathering all the pieces and spending a considerable amount of time and effort it's possible to get the full jigsaw-puzzle solved again.
The reason that's difficult to do is the 2nd law of Thermodynamics (it's entropy decreases as the jigsaw-puzzle is being solved).
The reason it's actually possible to do it at all is that, since it's a game created to be solved, all its pairs of pieces can be arraged in a single unique way, because of the way they cut (in other words: they preserve connectivity info, even when disordered).
However, when one writes 0s over all places in a storage medium, not a single trace of the previous info remains, because the "brush" used to write the zeroes is the same as that of the "brush" used previously to write the info. So nothing remains and no connectivity is preserved. It's gone.

14 hours ago, pointertovoid said:

[...] at locations where the write head put the sensitive data, and that the erase pass didn't overfly accurately enough.

Even if you happen to recover a bunch of 1s and 0s in this way, how long would it take to get back one single byte of info, and at what cost? And how many bits do you think might actually be salvageable, in this ultra-expensive way?

Link to comment
Share on other sites

29 minutes ago, dencorso said:

Suppose you have a big jigsaw-puzzle, completely solved, supported by a hard-cardboard resting on four upright bricks.
Then you go to it and kick the cardboard so that the jigsaw-puzzle is fully separated and sent flying everywhere.
Yet, after gathering all the pieces and spending a considerable amount of time and effort it's possible to get the full jigsaw-puzzle solved again.

As a matter of fact if you simply have an ultra high sensitive accelerometer and global positioning system attached to the ankle of the foot you use to kick it AND the kicking and the flying of the pieces is filmed by no less than 36 high speed high resolution cameras suitably placed, you can greatly reduce the amount of time and effort needed. :unsure:

Not only, if you originally solved the puzzle without wearing gloves, a mega-para-magneto-chemical-atomic-diffration-ultra-micro-super-DNAlyzer can scan and analyze each and every piece of the puzzle and by attributing to it the exact time you last touched it can order them pieces in the same sequence you originally put them together (another way to greatly simplify the task), each scan takes roughly 13 days, but if you massively parallelize the task it can be completely in a few months. ;)

Let's make another example. :dubbio:

Let's say that you shred a (text) paper document in an ordinary paper shredder.

The document is now reduced in "tagliatelle" stripes, each as long as the paper was (for the sake of the example let's say A4, 297 mm) and - say - 3 mm wide.

You have an implicit orientation given by the length (there are only two positions the stripe can be, and you can recognize whether a stripe is upside down by the orientation of the - partial - characters you can find in it) and with a lot of tries you can match the left border of one stripe with the right border of another one, it's just a matter of patience.

Now, let's imagine that you pass each and every stripe crossways through the same shredder.

The result is approximately 297*210/3/3=6930 3 mm x 3 mm squares of paper.

Re-composing them starts to be challenging.

Now imagine that instead of being 3 mm x 3 mm the squares are 30 atoms x 30 atoms in size ...

... it may still be possible, but it will likely take waaay more time, and with the risk that once you have recovered the paper document it turns out to be a photocopy of one of the famous Metterling Lists:
http://www.nytimes.com/2007/11/18/books/review/1st-chapter-insanity-defense.html

jaclaz


 

Link to comment
Share on other sites

Yep, and it is also to be considered how in intelligence, spying, etc., timing is very relevant, maybe these techniques would be more suitable to historians, archaeologists and the like. :unsure:

jaclaz
 

Link to comment
Share on other sites

OK. The argument with the second law doesn't apply and was pseudo-science. The second law has nothing to do with puzzles, and everything to do with entropy, internal energy, temperature, enthalpy and the likes. You know, the integral of dQ/T.

Now, the time needed. The attacker doesn't need to read every atom. Once he has found where the information was imperfectly erased on the whole track, that is, a bit outwards or a bit inwards, he needs to read a bunch of atoms per bit only at that imperfectly erased circle. The speed of a tunnel effect microscope can be over 10,000 atoms per second; it would seem logical that spin-sensitive STEM is about as fast, but I don't have the figures.

The scale at a Hdd isn't what you describe. If the contiguous read is 150MB/s at 3.5" and 7200rpm, bits are some 20nm long including sync and redundancy, which still makes 100 atoms long, and tracks for 500GB platters are 180nm apart or 1000 atoms. Even if not every atom was oriented (this happens at a bigger scale with several Weiss domains) and some uncertainty remains, reading 100 atoms at one proper radius suffice to get the information free of noise.

Nothing of a puzzle here. A badly (=single-pass zeros) erased HDD still contains the sector sync, the redundancy, the information bits recoverable by the spin-sensitive STEM. Once the attacker has read the sectors, he can reconstitute also the folders and files, still well-ordered.

Reading a complete 500GB platters is still slow, but we don't have to image individual atoms here, rather groups of 100, and this must be faster. The reading machine being anyway specialized to rotate the platter instead of translating, it can also have many read tips. And since the partition table, partition header and file system is readable, the attacker can read only the files he wants.

The spin-sensitive STEM is just the answer to smaller bits and perpendicular recording. All the rest is identical to information recovery on a damaged HDD or a damaged partition and is banal.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...