tag:blogger.com,1999:blog-6052049473368530632.post6174116025051880168..comments2023-03-22T12:20:16.347+01:00Comments on CP's Information Security Blog: Shredding files [3/4]: Please shred the hard driveChristophe Pradier-Pfeifferhttp://www.blogger.com/profile/00522262644702918775noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-6052049473368530632.post-52638100154195063952009-04-09T00:51:00.000+02:002009-04-09T00:51:00.000+02:00If you balance the cost of running/hiring a highly...If you balance the cost of running/hiring a highly specialized lab and the potential gain from someone's personal drives, I would say that most of the people can do just fine with a random overwrite.<BR/><BR/>On the other hand, if you are an important company, the situation is completely changed and you do need a certified tool.ketheriushttp://lasueta.infonoreply@blogger.comtag:blogger.com,1999:blog-6052049473368530632.post-5094818337082963402009-04-07T10:33:00.000+02:002009-04-07T10:33:00.000+02:00BTW good god, it's so simple under Linux!BTW good god, it's so simple under Linux!Christophe Pradier-Pfeifferhttps://www.blogger.com/profile/00522262644702918775noreply@blogger.comtag:blogger.com,1999:blog-6052049473368530632.post-90830798017926739602009-04-07T10:31:00.000+02:002009-04-07T10:31:00.000+02:00It's good enough for most tools, yes. However it i...It's good enough for most tools, yes. However it is proved in lab that recovery is possible from a single random run. That's why the DoD has developed algorithms for this, such as U.S. DoD 5220.22-M. I discussed some of these questions with the team of the opensource tool <A HREF="http://inferno.sourceforge.net/" REL="nofollow">Inferno</A>, they know a lot about this.<BR/><BR/>There is also a urban legend about NASA destroying its old hard drives with a Jackhammer, but I have never worked in a place where they give such importance to data leakage... so far! It might still come ^^Christophe Pradier-Pfeifferhttps://www.blogger.com/profile/00522262644702918775noreply@blogger.comtag:blogger.com,1999:blog-6052049473368530632.post-59496529521207439672009-04-07T01:07:00.000+02:002009-04-07T01:07:00.000+02:00I do a "dd if=/dev/random of=/dev/hdd". It is good...I do a "dd if=/dev/random of=/dev/hdd". It is good enough protection and I could not recover data with any of the commercial forensics products.ketheriushttp://lasueta.infonoreply@blogger.com