Data RemanenceOverviewIntroductionCausesMetadataCountermeasuresOverwritingOverwriting PatternsGutmann MethodDoD StandardsDegaussingEncryptionPhysical DestructionPhysical Destruction MethodsHead CrashingMagnets?Guard DogComplicationsInaccessible Media AreasAdvanced Storage SystemsOptical MediaData In RAMSlide 24OscilloscopesConclusionQuestionsReferencesBrandon OchsOverviewIntroductionCausesCountermeasuresComplicationsIntroductionData remanence is the residual representation of data that has been in some way nominally erased or removedCausesFiles may not be deleted immediatelyMost computers do not remove the contents of a file when deletedEnough metadata may be left behind to restore the fileMetadata“Data about data”Required of effective data managementCountermeasuresClearing requires a lot of effort to recoverPurging cannot possibly be recoveredOverwritingOverwrite the store device with new dataCan be implemented through softwareCan use different overwrite patternsTakes a lot of timeOverwriting PatternsWriting all zerosAlternating ones and zerosComplement or bitwise NOTSome areas of disk may not be accessibleGutmann MethodAlgorithm for erasing hard driveWrite a series of 35 patterns over regionPatterns specific to encoding mechanism ofdriveDoD StandardsOverwriting no longer acceptable methodDegaussing or Physical destructionDegaussingReduction or removal of a magnetic fieldMay purge the entire deviceRenders the hard disk inoperableEncryptionEncrypting can eliminate data remanenceData may be unrecoverablePhysical DestructionGuaranteed to eliminate data remanence if done properlyMost expensive of the techniquesSmall fragments may still contain dataPhysical Destruction MethodsPhysically breaking themedia apart, by grinding, shreddingIncineratingPhase transition (liquification or vaporization of a solid disk)Application of corrosive chemicals, such as acids, to recording surfacesFor magnetic media, raising its temperature above the Curie point (1400F for steel, 800F for most HDD alloys)Head CrashingBad ParkingManual power downModern disks have aretract mechanismMagnets?Consumer-grade magnets don’t cut itStrength of magnet requiredto completely destroy data would bend theplatter and casingGuard DogDeveloped by Georgia Tech Research Instituteuses a 125 pound magnet delivered via hand crankComplicationsInaccessible media areasAdvanced Storage SystemsOptical MediaData in RAMInaccessible Media AreasAreas may become inaccessibleBad sectors on hard drivesMake overwriting ineffectiveAdvanced Storage SystemsMake overwriting ineffectiveEspecially hard to overwrite single filesBuilt in revision controlMay be duplicate dataOptical MediaNon magneticWrite-once media cannot be overwrittenSafest to physically destroyThrow it in the microwave!Data In RAMMay retain data at room temperatureData remains longer at low temperaturesPartial data greatlyreduces search spaceOscilloscopesCan be used to look at hard drive sectorsWrite head is not 100% accuratePeaks and valleys become entrenchedover timeMedia not truly digitalConclusionData is not truly eliminated from media when erasedSafest way is to physically destroyOscilloscopes make overwriting unsafeEncryption is relatively strong, but is susceptible to recovering data in RAMQuestionsWhat is the difference between purging and clearing?What are two DoD acceptable methods for eliminating data?ReferencesPeter Gutmann (July 1996). "Secure Deletion of Data from Magnetic and Solid-State Memory". Retrieved on 2008-4-08.Sergei Skorobogatov (June 2002). "Low temperature data remanence in static RAM". University of Cambridge, Computer Laboratory.Media Destruction Guidance. NSA. Retrieved on
View Full Document
Unlocking...