[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OT - Wipers

To: silug-discuss@silug.org
Subject: Re: OT - Wipers
From: "Robert G. (Doc) Savage" <dsavage@peaknet.net>
Date: Thu, 25 Aug 2005 21:01:04 -0500
In-Reply-To: <001701c5a931$320f43c0$6401a8c0@3a5ah6vqcd>
Organization: Southern Illinois Linux Users Group
References: <2355b4d105082320554f25cef8@mail.gmail.com> <2355b4d10508232055170c23b@mail.gmail.com> <E3933B47-65B6-4E47-BE2D-7620A9438285@alum.calberkeley.org> <200508240933.00055.ngustavson@emacinc.com> <001701c5a931$320f43c0$6401a8c0@3a5ah6vqcd>
Reply-To: silug-discuss@silug.org
Sender: silug-discuss-owner@silug.org

On Wed, 2005-08-24 at 23:55 -0500, JohnH wrote:
> I have a Windows program called BC Wipe. It is suposed to wipe the files (or 
> HD) to government standards.
> First could this statment true and second, is there a Linux type wiper?
> Also, exactly how does a wiper work? 

At the physical level it's one thing to overwrite a "track" with new
vanilla data. The important thing from a forensics standpoint is your
definition of a track. In reality a r/w head is positioned by a servo
which does a fairly good, but not necessarily perfect, job of writing
the new data pattern over the old. Think of a tractor trying to plow
exactly over an earlier furrow. There's a little variance to either side
caused by temperature, gravity, phases of the moon, and good ol' karma.

Flanking that r/w head are two small "trimmer" heads which write white
noise on either side of the written track. Their job is to make it
easier for the r/w head to detect good from bad during the next read
path. Think of it as looking out onto a fairway and seeing it bound by a
high grass rough on both sides.

In real life, the trouble with this model is that data written by a r/w
head tends to spill over into the rough on both sides. Those trimmer
heads don't always remove everything that spills over to the left and
right, especially when the centerline wanders due to temperature changes
from one pass to the next.

It is sometimes possible, using exotic sensor techniques like laser
scattering, to read the vestigial remains that exist like leftovers
beyond the snubber tracks. If the laser beams are focussed onto track
centerlines rather than their shoulders, you can recover data from badly
damaged disks like those from PCs found in the World Trade Center rubble
that belonged to Cantor Fitzgerald.

If only one re-write pass has been made over an existing "track",
chances are fairly good that a substantial portion of the previous data
can be read from the shoulder areas using laser scattering. The basic
idea behind DoD 5220 "wiping" is to repeat the overwrite process enough
times to reduce any vestiges of the original data to levels that cannot
be detected by laser scattering.

If, and only if, your "BC Wipe" utility is explicitly certified to be
DoD 5220 compliant can it be used to reliably erase a disk containing
classified national security information. Otherwise the only generally
accepted wiping tool is a sledgehammer.

--Doc

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

Follow-Ups:
- Re: OT - Wipers
  - From: "JohnH" <pctech@htc.net>

References:
- Google Talk!
  - From: Daniel <dascamel@gmail.com>
- Re: Google Talk!
  - From: Robert Citek <rwcitek@alum.calberkeley.org>
- Re: Google Talk!
  - From: NZG <ngustavson@emacinc.com>
- OT - Wipers
  - From: "JohnH" <pctech@htc.net>

Prev by Date: Re: OT - Wipers
Next by Date: Re: OT - Wipers
Prev by thread: Re: OT - Wipers
Next by thread: Re: OT - Wipers
Index(es):
- Date
- Thread