Tuesday, December 9, 2008

Overwriting Hard Drive Data: The Great Wiping Controversy

The paper that Dave Kleiman, Shyaam Sundhar and myself published on the use of an electron microscope with respect to data recovery is now available.


This is also being presented by myself at ICISS 2008.

The abstract follows.

Dr Craig Wright GSE-Compliance, GSE-Malware

Overwriting Hard Drive Data: The Great Wiping Controversy
Book Series Lecture Notes in Computer Science
Publisher Springer Berlin / Heidelberg
ISSN 0302-9743 (Print) 1611-3349 (Online)
Volume Volume 5352/2008
Book Information Systems Security
DOI 10.1007/978-3-540-89862-7
Copyright 2008
ISBN 978-3-540-89861-0
DOI 10.1007/978-3-540-89862-7_21
Pages 243-257
Subject Collection Computer Science
SpringerLink Date Thursday, December 04, 2008

Often we hear controversial opinions in digital forensics on the required or desired number of passes to utilize for properly overwriting, sometimes referred to as wiping or erasing, a modern hard drive. The controversy has caused much misconception, with persons commonly quoting that data can be recovered if it has only been overwritten once or twice. Moreover, referencing that it actually takes up to ten, and even as many as 35 (referred to as the Gutmann scheme because of the 1996 Secure Deletion of Data from Magnetic and Solid-State Memory published paper by Peter Gutmann) passes to securely overwrite the previous data. One of the chief controversies is that if a head positioning system is not exact enough, new data written to a drive may not be written back to the precise location of the original data. We demonstrate that the controversy surrounding this topic is unfounded.

Keywords Digital Forensics - Data Wipe - Secure Wipe - Format

No comments: