full-disclosure-uk January 2010 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Disk wiping -- An alte

Re: [Full-disclosure] Disk wiping -- An alternate approach?

From: E. Prom <e3prom_at_nospam>
Date: Tue Jan 26 2010 - 03:26:08 GMT
To: full-disclosure <full-disclosure@lists.grok.org.uk>

2010/1/26 Rohit Patnaik <quanticle@gmail.com>:
> A few phrases and "surprising" patterns are a lot more suspicious than a
> hard drive full of zeroes, especially if there's evidence that other data
> has been overwritten or erased. If you present a hard drive full of zeroes
> or random numbers, there's nothing to charge you with. If most of your data
> is random gibberish but there are a few telling phrases here and there, then
> there might be enough for the prosecution to bring charges, even if they
> aren't able to get a conviction.
> [snip]

The point is that they never get a hard-drive full of zeroes or random numbers, but a hard-drive that have pieces of other data under the zeroes or random numbers. That's why programs like "wipe" fills more than 20 times the hard-drive with data. But filling 20 times a whole disk can be very, very long, expecially if it's a 2TB USB drive. A "quick" wipe filling a drive only 4 times, is often enouth, but...

If the police or spies look for determined words or sentences (presumed not encryptered), at an unknown point on an unknown layer of the disk, it will be much easier for them to find it if the rest was random data (or video or whatever) than if it was random text that can have a meaning when looking with a program, but not in front of a Court.

I don't find Bipin's idea so bad, but I'm not sure it adds significant security.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/