Monday, October 13, 2008

Overwriting Hard Drive Data: The Great Wiping Controversy

Myself, Dave Kleiman and Shyaam Sundhar R.S. have a paper submitted
and accepted for ICISS08 (the Fourth International Conference on
Information Systems Security (2008)). The paper is titled,
"Overwriting Hard Drive Data: The Great Wiping Controversy".

The abstract follows:
"Abstract. Often we hear controversial opinions in digital forensics
on the required or desired number of passes to utilize for properly
overwriting, sometimes referred to as wiping or erasing, a modern hard
drive. The controversy has caused much misconception, with persons
commonly quoting that data can be recovered if it has only been
overwritten once or twice. Moreover, referencing that it actually
takes up to ten, and even as many as 35 (referred to as the Gutmann
scheme because of the 1996 Secure Deletion of Data from Magnetic and
Solid-State Memory published paper by Peter Gutmann) passes to
securely overwrite the previous data. One of the chief controversies
is that if a head positioning system is not exact enough, new data
written to a drive may not be written back to the precise location of
the original data. We demonstrate that the controversy surrounding
this topic is unfounded."

The paper is to presented in December this year and is being published
under the LNCS (Lecture notes in Computer Science) series from
Springer Verlag.

The answer is simple. Actually scientifically test the proposition
that data can be recovered using an electron microscope. We have done
this and the paper provides a definative report on both PRML drives
(such as where used by Dr. Gutmann) as well as the differences in
modern ePRML drives.

Regards,
Craig
--
Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...

No comments: