LISTSERV - HP3000-L Archives

HP3000-L Archives

May 2007, Week 3

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L May 2007, Week 3

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Deleting data from a HP 3000 disk drives
From:	Pete Eggers <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Thu, 17 May 2007 03:13:17 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (102 lines)

On 5/17/07, Stan Sieler <[log in to unmask]> wrote:
> Re:
>
> > Option "c" is only for clearing, not sanitizing.
>
> Not true, according to NIST Special Publication 800-88 "Guidelines
> For Media Sanitization":
>
>    Clearing information is a level of media sanitization

I think that only confuses the issue.  If you are worrying about DoD
standards and have reason to, you had better know the difference.

>
> Now, some people (including the above document) distinguish between
> "clearing" and "purging":
>
>    Purging information is a media sanitization process that protects the
>    confidentiality of information against a laboratory attack. For some
>    media, clearing media would not suffice for purging. However, for ATA disk
>    drives manufactured after 2001 (over 15 GB) the terms clearing and purging
>    have converged.

Unless your ATA disk has a firmware secure wipe function, this makes
no sense at all.  If anything, people are less aware that chunks of
sensitive data maybe lurking on a well used drive that are out of
sight of everything but the drives firmware, or some low budget spy.

And for the high budget spy, what difference is there in the magnetic
media that eliminates magnetic ghosting in the data?

>
> But, such distinction does not mean that "clearing" isn't a method of
> sanitizaing.
>
> > Option "d" does sanitize, but not for the higher levels of security.
>
> "d" is still a method of sanitizing ... it just isn't an acceptable level
> for some needs.

Hmmm, isn't that what I just said?

>
> > Even your "ridiculously toughest" does not erase/clear/sanitize any
> > sparred tracks/sectors, or does it?
>
> nope...no access to that from MPE or HP-UX :(

Well actually, if you know what you are doing, you can issue firmware
commands to the drives themselves.  Drives tend to support different
function sets even from the same manufacturer, let alone different
manufacturers.  And then there is the problem of getting documentation
on drive firmware, errors in the documentation, and being able to get
the function calls right without trashing too many drives.  This of
course is compounded my the variety of firmware that exists between
manufacturers and drive models themselves.  Time consuming and costly
in drives alone, unless you have ways of low level formatting drives
that you killed! ;-)

Anyone that has $5,000 to $10,000 dollars can get an independent lab
to do an easy data extraction off an "accidentally" erased disk.  If
the lab notices that there is obvious government or medical
information on the disk, they will want credentials authorizing your
access to it, otherwise there is going to be someone from homeland
security, the FBI, or local law enforcement calling on you.  For
around $50,000 to $100,000, you can get some black market, off shore,
or maybe a foreign government's lab to do at least as good a job, and
probably better with pricier equipment.  For a $1,000,000 or so, you
can get your disk interrogated by near state-of-the-art equipment.  It
really boils down to what your data is worth to people you don't want
to have it, and to a large extent, who those people are.  Foreign
governments with excess lab capacity, the bar is much lower for
probing your drive(s).  Industrial espionage, I believe is mostly
foreign or at least off-shore.  Of course, transporting numbers of
used disk drives out of the country is not likely to go unnoticed.
But, all you need here is an ultra sensitive disk platter reader in a
clean enclosure where the disk drive can be disassembled and the
platters read at very high analog sensitivity with an A/D converter
producing a 32bit (or greater) integers for each 0/1 bit location.
This file could then be sent anywhere in the world for analysis to
peel off previous data "ghosts".  I don't have any firsthand
experience with this equipment, and the top-of-the-line are
undoubtably built for NSA as top secret equipment, but you know it has
to be small and lightweight and probably uses something like a
firewire link to hook up to a workstation.  From there to a
super-computer with a customized numerical analysis program, and
voila!

Of course at some point, the S/N ratio of the magnetic media creates a
threshold where additional sensitivity of the reader is useless, but
up to that point, you'd be amazed at how many generations of writes
can be teased out of the data.  The better the quality of the drive,
the more (deeper) generations of data can be teased out, generally
speaking.  This will only continue to get better.  Well, until mass
storage is actually kept in a truly binary form and not analog as it
is with magnetic media.

Peter M. Eggers, CISSP

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU