[clug] PC Forensics / Fun

Alex Satrapa grail at goldweb.com.au
Fri Mar 30 04:21:41 GMT 2007

On 29/03/2007, at 23:46 , Randall Crook wrote:

> On Thu, 2007-03-29 at 23:11 +1000, Sam Couter wrote:
>> If you think it's useful to do more [than writing zeros]
>> and you're not doing most of the
>> following, you're being irrationally paranoid  ...

> ROFL.... you forgot one Sam....
> Never ever ever plug your PC into a network.

But then you'll never actually get anything done. If you think  
there's a need to do more than write zeroes over the entire drive,  
but the data isn't that important that you aren't already housing the  
computers in locked, tempest shielded rooms with armed guards, you  
are being overly paranoid. Just restating what Sam said, in case  
hearing it from someone else makes it suddenly more reasonable :P

If the data isn't that important that it's not worth physical  
security measures being in place to guard the data while it's in use,  
then the data isn't important enough to warrant more than writing  
zeroes over the platters to protect the data when it's been discarded.

Go and read an article about modern hard disk encoding systems - and  
there is one out there which specifically mentions this - you only  
need to write *something* over the top in order to reduce what's left  
on the drive to meaningless drivel. Most importantly note that drives  
using MFM (where you need to be careful about writing over specific  
patterns a number of times to reduce magnetic domain leakage or some  
such) are very, very old. Modern drives use much finer tracks, much  
narrower magnetic domains, and white-man's-magic encoding schemes to  
write and read data to the platter. As such even scanning microscopes  
cannot reconstruct data that has been overwritten even once.

If your data is that important that you shouldn't even plug the PC  
into a network, then the only safe way to dispose of the computer is  
to burn it or store it in the same secure room as the rest of the  
outdated computers that it replaced, and the new computer that  
replaced it ("SAFSTOR" is one codeword used for this scheme).


More information about the linux mailing list