Thread: DoD Harddrive Secure Erase Wipe
View Single Post
  #2  
Old April 18th 08, 02:46 PM posted to comp.arch.storage
Ryk Edelstein
external usenet poster
  
Posts: 1
Default DoD Harddrive Secure Erase Wipe

Felony?? That would be a stretch. Depending on the industry you are in,
it could violate specific laws, or industry dictated privacy
objectives, but not a felony.

The DoD is no longer the Cognizant Security Authority (CSA) for the US
Government. This responsibility has been replaced by the National
Association of Science and Technology (NIST). For proper guidance in
data decommissioning reference their special publication 800-88.
Available for free as a PDF from their web site. Just Google 'NIST
800-88' and you will find it. DoD 5220M is a retired spec, regardless
of what the data overwrite software and hardware vendors want you to
believe. Likewise, overwrite technologies that initiate the overwrite
proces using the drive data interface (an external process) can NOT
effectively remove all traces of user data, recoverable with laboratory
effort.

Due to the nature of current hard drive storage technology, overwrite
technology is no longer considered an effective means to protect
sensitive data.

Please don't just take my word for this, you can easily find academic
proof of this from the University of California's Center for Magnetic
Recording Research in their published works available on line, by
searching for papers by 'Matthew Geiger' at Carnegie Mellon, or in the
Government of Canada publication titled ' Clearing and declassifying
Electronic data storage devices', or the US DoD DSS Letter 'ISL
2007-01'.

If you want to purge data you have 2 choices, use a destructive
technology such as Degaussing, or use a non-destructive approach using
Secure Erase, which is already embedded in your hard drive as part of
the ATA spec. If you want to purge SCSI, your only choice is physical
destruction. Short of that, the only other choice is to clear data by
overwriting. Unlike ATA, when using overwrite technology to process
SCSI devices the external application has better ability to address all
writable sectors on a drive.

If you are looking for best practice, and have a need to decommission
drives often, you might want to consider an appliance based solution
that offers a single point of destruction for all ATA, IDE, Laptop,
SATA, PATA, SCSI and Fiberchannel devices. If you search DeadOnDemand
you will find such an appliance that addresses these needs.


WebDawg;804621 Wrote:
I have a few questions and I have been googling for a while.

You mentioned that it is a felony to erase a hard disk wrong. Can you
explain further? Where did you get this information from?

Also you mentioned approved software? Does the DOD actually have a
list?

For instance if I were to create a program that states it complies to
the standards how is anyone to know that it doesnt?

Software like KillDisk, DBAN, and others all have the DOD option. How
am I to know that they work?

I have also found out that even software like killdisk sometimes cannot
erase a hard drive correctly because of the limitations in the bios due
to areas on the hard disk that the computer cannot access itself.

If this is true then is is not a felony to even use certified
software(by who?) to erase a hard disk?

Thank You For Your Time And Patience,

WebDawg

+----------------------------------------------------------------------
|This was sent by via Backup Central.
|Forward SPAM to .
+----------------------------------------------------------------------




--
Ryk Edelstein