Disk data remanence: Part 1

Security Strategies This newsletter is sponsored by Netcordia Ensuring Network Compliance Download this whitepaper to see how Netcordia helps companies manage and enforce network compliance. Click here to get your free copy of "Ensuring Network Compliance - an Opportunity to Optimize the Network" Network World's Security Strategies Newsletter, 08/02/07 Disk data remanence: Part 1 By M. E. Kabay This is the first of two articles looking at disk-drive sanitization. Discarded disk drives with fully readable information have repeatedly been found for sale by computer resellers, at auctions, at used-equipment exchanges, on eBay (you might enjoy an animation of Chumbawamba’s song of that name on YouTube) and even at flea markets and yard sales. One of the most important formal studies of the problem was published in the January/February issue of _IEEE Security & Privacy_ by Garfinkel & Shelat. Renowned computer science professor Dr. Simson L. Garfinkel has a long history of contributions to information assurance. He is currently Associate Professor at the Naval Postgraduate School in Monterey, Calif., and a fellow at the Center for Research on Computation and Society at Harvard University. Dr. Abhi Shelat is a researcher in computer science at the IBM Zurich Research Lab and is particularly active in cryptography research. The authors reported on the many failed attempts to destroy data on (“sanitize”) disk drives, including: erasure (leaves data almost entirely intact), overwriting (good enough or even perfect but not always properly applied), physical destruction (evidently renders what’s left of the drive unusable), and degaussing (using strong magnetic fields to distort the magnetic domains into unreadability). Network World Security Buyer's Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyer's Guide now. With regard to ordinary file-system formatting, the authors said that “most operating system format commands only write a minimal disk file system; they do not rewrite the entire disk. To illustrate this assertion, we took a 10-Gbyte hard disk and filled every block with a known pattern. We then initialized a disk partition using the Windows 98 FDISK command and formatted the disk with the format command. After each step, we examined the disk to determine the number of blocks that had been written. . . . Users might find these numbers discouraging: despite warnings from the operating system to the contrary, the format command overwrites barely more than 0.1% of the disk’s data. Nevertheless, the command takes more than eight minutes to do its job on the 10-Gbyte disk—giving the impression that the computer is actually overwriting the data. In fact, the computer is attempting to read all of the drive’s data so it can build a bad-block table. The only blocks that are actually written during the format process are those that correspond to the boot blocks, the root directory, the file allocation table, and a few test sectors scattered throughout the drive’s surface.” The most significant aspect of their work was their field research. From November 2000 through August 2002, they bought 158 used disk drives from many types of sources and studied the data they found on the drives. Using special analytical tools, the scientists found a total of 75GB of readable data. The full report goes into a great deal of detail, but the essential information for purposes of this brief article is from their last paragraph: “With several months of work and relatively little financial expenditure, we were able to retrieve thousands of credit card numbers and extraordinarily personal information on many individuals. We believe that the lack of media reports about this problem is simply because, at this point, few people are looking to repurposed hard drives for confidential material. If sanitization practices are not significantly improved, it’s only a matter of time before the confidential information on repurposed hard drives is exploited by individuals and organizations that would do us harm.” In my next article, I’ll introduce an interesting product that I just learned about recently that may help overcome the problem of disk data remanence using an organized and documented method.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. IBM saves $250M with Linux-run mainframes 2. Nortel lands huge $300M VoIP win 3. Cisco muffles Linksys death knell 4. NAC alternatives hit the mark 5. Grid pays handsome dividends for HR firm 6. AT&T, IBM among winners of $50B federal deal 7. Online gamers' dirty little secrets exposed 8. IBM supercomputer more powerful than before 9. Hogwarts IT director quits 10. Apple iPhone battery complaints mounting MOST-READ REVIEW: NAC alternatives hit the mark

Contact the author: M. E. Kabay, Ph.D., CISSP-ISSMP, is Associate Professor of Information Assurance and CTO of the School of Graduate Studies at Norwich University in Northfield, Vt. Mich can be reached by e-mail and his Web site. This newsletter is sponsored by Netcordia Ensuring Network Compliance Download this whitepaper to see how Netcordia helps companies manage and enforce network compliance. Click here to get your free copy of "Ensuring Network Compliance - an Opportunity to Optimize the Network" ARCHIVE Archive of the Security Strategies Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007