For the most part, the core ideas remain the same. It's really about common sense if you want to protect data...just like it was in the olden days. ;-)<br><br>In the days of floppies and tape, which I grundgingly admit that I do have more than a passing memory of, it was easy enough to destroy the media. Magnets and fire were good, and did the job pretty good as long as you were thorough. Of course a big magnet was usually pretty good for a casual cleaning.
<br><br>Now, with the abundance of much more resilient media, data destruction becomes more tedious and difficult. I do tend to find this highly ironic, especially when considering how if you don't have it backed up, it's gone by sneezing too close; but if you want to get rid of it, you almost need nuclear weapons to do it.
<br><br>I've seen demonstrations, read the works of, and talked to researchers involved in recoving all sorts of fun data at levels that really makes a person paranoid. Especially in the arena of law enforcement and counter-terrorism.
<br><br>As I kind of said in my first post however, it comes down to risk assessment. You have to use a method that lines up with the level of risk you face. If you skimp on prevention, you run the risk of exposing confidential data, which could result in privacy lawsuits, loss of contracts for business partners, embarassment for the organization, or loss of intellectual property protections. If you go over board, you are expending more resources than the data is worth and therefore operating at a functional loss, which of course is bad for business. In the real world, something is better than nothing - just look at all the various stories that come out each year about companies and government agencies doing stupid things with confidential files and computers that allow people to see the "protected" data. The recent hulla-balloo about improperly redacted pdfs come to mind.
<br><br>brad<br><br><div><span class="gmail_quote">On 7/20/06, <b class="gmail_sendername">Mark Robson</b> <<a href="mailto:markrobson@yahoo.com">markrobson@yahoo.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><div>I admire your focus on the physics, Brad. I have no experience in current hardware, but back in the days of magnetic tape, it was useful to have some very large magnets. Probably couldn't re-use the drive, though.
</div></div><div><span class="q"> <div> </div> <div><br><br><b><i>Brad Bartram <<a href="mailto:brad.bartram@gmail.com" title="mailto:brad.bartram@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
brad.bartram@gmail.com</a>></i></b> wrote:</div></span></div><div><span class="e" id="q_10c8c481682d0a75_2"> <blockquote style="border-left: 2px solid rgb(16, 16, 255); padding-left: 5px; margin-left: 5px;">As with everything, it comes down to a cost / benefit analysis. What is the maximum amount that data is worth in comparison to the price it would cost to recover? Is it worth enough to have a specific data recovery company, or well equipped independent take a serious interest in it? Is it somthing that the government would be interested in tracking down as part of an anti-terrorism investigation where the budget goes beyond what we have as mere mortals?
<br><br>The ultimate question comes down to the disposition of
the drive once you're done. If you are trying to reuse the drive after securely removing the data, then appropriate measures of data destruction should be taken. Example, if the systems will be redeployed internally within the same organization and at the same level of confidentiality, then use whatever methods you are most comfortable. If the systems are to be wiped and redeployed to a level of lesser trust, then use a stronger wipe. If the system is going to be taken completely out of service, then depending on the data whether it be customer information or trade secrets or whatever, you have to decide whether to wipe the drive and hope for the best or destroy the drive safely.
<br><br>The only way to be certain that the data on a hard drive is truly wiped is to disassemble the drive, chisel the coating from the platters, remove the controller from the drive, and burn the case, platters, platter dust, and controllers in seperate
incinerators. But then that just gets a little paranoid. Then again, never underestimate the abilities of well funded organizations to recover data, even when you think it's destroyed. <br><br>brad<br><br> <div><span class="gmail_quote">
On 7/20/06, <b class="gmail_sendername">Darin Perusich</b> <<a href="mailto:Darin.Perusich@cognigencorp.com" title="mailto:Darin.Perusich@cognigencorp.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
Darin.Perusich@cognigencorp.com</a>> wrote:</span> <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">i believe it depends on the type of wiping method you use. if you use
<br>the Canadian RCPM and American DoD standard methods the data is pertty<br>much irrecoverable.<br><br>eric wrote:<br>> Can Sleuth Kit recover data after using one or many of the methods DBAN <br>> has to offer?<br>
><br><br>--<br>Darin Perusich<br>Unix Systems Administrator<br>Cognigen Corporation<br>395 Youngs Rd.<br>Williamsville, NY 14221<br><a href="mailto:darinper@cognigencorp.com" title="mailto:darinper@cognigencorp.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
darinper@cognigencorp.com </a><br>_______________________________________________<br>nflug mailing list<br><a href="mailto:nflug@nflug.org" title="mailto:nflug@nflug.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
nflug@nflug.org</a><br><a href="http://www.nflug.org/mailman/listinfo/nflug" title="http://www.nflug.org/mailman/listinfo/nflug" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.nflug.org/mailman/listinfo/nflug
</a><br></blockquote></div><br>_______________________________________________<br>nflug mailing list<br><a href="mailto:nflug@nflug.org" title="mailto:nflug@nflug.org" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
nflug@nflug.org</a><br><a href="http://www.nflug.org/mailman/listinfo/nflug" title="http://www.nflug.org/mailman/listinfo/nflug" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.nflug.org/mailman/listinfo/nflug
</a><br></blockquote><br><br><br></span></div><div><span class="sg"><div>
<p>Mark Robson</p></div></span></div><div><span class="ad"><p>
</p><hr size="1">Do you Yahoo!?<br> Everyone is raving about the <a href="http://us.rd.yahoo.com/evt=42297/*http://advision.webevents.yahoo.com/handraisers" title="http://us.rd.yahoo.com/evt=42297/*http://advision.webevents.yahoo.com/handraisers" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
all-new Yahoo! Mail Beta.</a>
<p></p></span></div><br>_______________________________________________<br>nflug mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:nflug@nflug.org">nflug@nflug.org</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.nflug.org/mailman/listinfo/nflug" target="_blank">
http://www.nflug.org/mailman/listinfo/nflug</a><br><br><br></blockquote></div><br>