Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Destruction How to Erase your Hard Drive’s so that there is no data leakage from your company and so that your company and officers won’t be held.

Similar presentations


Presentation on theme: "Data Destruction How to Erase your Hard Drive’s so that there is no data leakage from your company and so that your company and officers won’t be held."— Presentation transcript:

1 Data Destruction How to Erase your Hard Drive’s so that there is no data leakage from your company and so that your company and officers won’t be held financially responsible. By: Lloyd Albin 3/9/2010

2 How this all got started. Needing to get rid of more than 3 truck loads of computers (major computer pack rat). Known Methods: – Re-Formatting – Re-Partitioning – Overwriting multiple times – Degaussing – Opening and breaking the platters – Cooking in oven

3 DoD Sanitization Methods MethodSecurity LevelDescription ClearLow – Reused in House Moderate – Reuse In House Software Overwrite PurgeLow – Reused out of House Moderate – Reuse out of House High – Reuse in House Degaussing or using firmware Secure Erase DestroyModerate – Reuse No High – Reuse No or Reuse out of House Disintegration, Pulverization, Melting, Incineration (Hard media like hard drives, memory sticks, etc.) Shredding (Flexible media like Floppy Disc’s) Reduced to nominal edge dimensions of 5mm and surface area of 25mm

4 Clearing Standards MethodTimes of OverwriteLab US DoD M3 (0x00, 0xFF, Random)Low US DoD M (ECE)7 (0x00, 0xFF, Ran, 0x00, 0xFF, Ran, V-Rand)Medium German VSITR7 (0x00, 0xFF, 0x00, 0xFF, 0x00, 0xFF, 0xAA)Low Russian GOST p (0x00, Random)Low Canadian OPS-II7 (0x00, 0xFF, 0x00, 0xFF, 0x00, 0xFF, Rand)Medium HMG IS5 Baseline1 (0x00)Low HMG IS5 Enhanced3 (0x00, 0xFF, Random)Low US Army AR (Random, 0x00, 0xFF)Low US Airforce (0xFF, 0x00, Random)Low Navso p RL (Navy)3 (0x01, 0x27FFFFFF, Random)Low Navso P MFM (Navy)3 (0x00, 0x7FFFFFFF, Random)Low NCSC-TG-0253 (0x00, 0xFF, Random)Low Bruce Schneier7 (0xFF, 0x00, 5 Random)Medium Roy Pfitzner33 (33 Random)V-High Peter Gutmann35 (4 Random, 26 specials, 5 Random)V-High

5 Cleaning Software – Block Erase Darik’s Boot and Nuke Eraser Active KillDisk File Shredder Paragon Disk Wiper Professional

6 Purging Standards MethodTimes of OverwriteLab Secure Erase (ATA-6)1 (Binary zeros or binary ones) Secure erase does a single on-track erasure of the data on the disk drive, after technical testing at CMRR showed that multiple on-track overwrite passes gave no additional erasure. High Enhanced Secure Erase (ATA-6 Optional) 1 (4 byte Vendor Pattern)High Sanitize Device (ATA-8 Optional) Settable + Encryption Key Change AES 128-bit (256-bit not possible due to US Export laws) V-High Degaussing Wand – Low Power – Class I (Not effective on current hard drives.) Less than 350 Oe coercivity Degaussing Wand – High Power – Class II (Must open up hard drive and use directly on the platters) Oe coercivity V-High Degaussing – Very High Power – Class III (No known device) Over 750 Oe coercivity

7 Purging Software – Secure Erase CCMR Secure Erase (HDDErase) rase.shtml rase.shtml Hddparm

8 What does Secure Erase do? Security Set Password (F1h) Security Freeze Lock (F5h) Security Erase Prepare (F3h) Security Erase Unit (F4h) Security Unlock (F2h) Security Disable Password (F6h)

9 What does Sanitize Device do? Sanitize Freeze Lock Ext (20h) Sanitize Prepare (FFh) * Sanitize Status Ext (0h) Crypto Scramble Ext (11h) Block Erase Ext (12h) Overwrite Ext (14h)

10 Crushing and Shredding

11 844 grams of Thermite Destruction

12 References Peter Gutmann NIST ATAATAPI_Command_Set_-_2_ACS-2.pdf -ATAATAPI_Command_Set_-_2_ACS-2.pdf 1-T13_Sanitize_Command_Proposal_Overview.pdf 1-T13_Sanitize_Command_Proposal_Overview.pdf Overwriting Hard Drive Data: The Great Wiping Controversy mentus/5400.6%20(Wyatt)/ e.pdf mentus/5400.6%20(Wyatt)/ e.pdf single-overwrite-will-do-it html single-overwrite-will-do-it html


Download ppt "Data Destruction How to Erase your Hard Drive’s so that there is no data leakage from your company and so that your company and officers won’t be held."

Similar presentations


Ads by Google