Despite all that you do to remove/clean the drives, if the data is truly
sensitive, then someone will walk out the door with that same data on a
laptop, and then forget the laptop at a Starbucks. 8-)
Raymond Shahan
Information Systems
REPUBLIC TITLE OF TEXAS, INC.
2701 W Plano Parkway
Plano, TX 75075
direct 214.556.0202
main 972.578.8611
fax 972.424.5621
www.republictitle.com
[log in to unmask]
Life is not a journey to the grave with the
intention of arriving safely in a pretty and
well preserved body, but rather to skid in
broadside, thoroughly used up, totally worn out,
and loudly proclaiming:
-- WOW!!! What a Ride!!!
-----Original Message-----
From: HP-3000 Systems Discussion [mailto:[log in to unmask]] On
Behalf Of Pete Eggers
Sent: Wednesday, May 16, 2007 10:51 AM
To: [log in to unmask]
Subject: Re: [HP3000-L] Deleting data from a HP 3000 disk drives
If you can degauss a disk, it will be virtually unusable. The cost of
having the disk restored to a working condition far exceeds its value.
And then, if your data is valuable enough, someone with access to a
lab could still possibly recover some, if not all of the disk.
Scratching the volume, as indicated before is no better than purging
the files. Any one with a Linux machine can store a bit-for-bit image
(not including spared, or other hidden tracks, but again you need a
lab) to a file on their disks. Then you can simply scan the image for
interesting information starting with simply the "strings" program,
progressing to a formatting disk utility like a disk editor, to custom
written programs.
Over-writing the files with gibberish (hopefully white noise) once,
only prevents the casual hacker from reading it. When you go beyond
reading 0s and 1s off the disk, and start reading the disk as an
analog recording of varying levels of magnetic fields, a single pass
will not hide any of the underlying data. With the right equipment,
each bit is not a single 0 or 1, but a 16, 32, or maybe even a 64 bit
value, that with the right software will produce a fairly accurate
history of the 1s and 0s that were deposited there, going back some
number of writes.
It comes down to, "How valuable is the data contained to parties that
you (your company) do not wish to have that information?", and also to
be considered, "How much trouble would you be in, if someone were to
extract information off the disks?". Think "due care" and "due
diligence". People go to jail in this day and age for cutting
corners, and letting out confidential information.
What is the value of the disks on the open market (minus all data, of
course)?
How much is your time worth?
What are the consquences of leaking the information contained on the
disks?
Nothing is better, faster, or cheaper at protecting the sensitive data
on the disks than a sledgehammer.
Peter M. Eggers, CISSP (Certified Information Systems Security
Professional)
On 5/16/07, Craig Lalley <[log in to unmask]> wrote:
> Chuck Trites <[log in to unmask]> wrote: If you scratch them
with Volutil, won't that make them basically ureadable ?
>
> Chuck
>
>
> SCRATCHVOL only wipes the file lable table from the front of the
disc.
>
> But if you did a
>
> VSCLOSE
> SCRACHVOL
> shuffle the disks around in the enclosure
> NEWVOL TEST,MASTER
> and add all the volumes back
>
> Then create some really be junk files filled with 1/0's or
gibberish.
>
> It would be virtually impossible to retrieve the old data, or at
least not cost effective.
>
> -Craig
>
>
>
> ---------------------------------
> Get the Yahoo! toolbar and be alerted to new email wherever you're
surfing.
>
> * To join/leave the list, search archives, change list settings, *
> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
>
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
