I usually don't say much here. With all the senior expertise here, there is little I can add. I really liked this story. This is the BEST way I ever heard, to eliminate all trace data from a magnetic device.
Hahaha, congratulations on your ingenuity and resourcefulness. I just wonder if an IT auditor would accept this method! Thank you for sharing. Roger -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Pommier, Rex Sent: Tuesday, January 21, 2014 7:55 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Disposal of storage devices/med Radoslaw, About 10 years ago I was given the task to migrate off an RVA onto a different disk subsystem. Not really knowing how to erase the disks without use of a sledgehammer, I initialized all the volumes to logically erase them, then uploaded a bunch of songs to the array. I then proceeded to copy these songs multiple times across the array volumes until the RVA screamed that the back end storage was full. I then deleted it all and did it over again. I figured writing several thousand copies of Barry Manilow songs against the array would drive anybody crazy who would try to recover anything useful off the disk. I suppose the RIAA could have come against me for illegally copying music. :-) Rex -----Original Message----- W dniu 2014-01-20 22:44, Paul Gilmartin pisze: > On 2014-01-20, at 13:35, R.S. wrote: >> And what about n-times overwrite policies? What number is proper? Does one need to overwrite disk content once, twice, 3 times, 7 times or 21 times? What's the magic number? And what is the reason for the number? >> > For example from: > > http://www.fsl.cs.sunysb.edu/docs/secdel/ > > 2.3 Overwrite Data Many Times > Years ago it was shown that there is a chance that even after the data is overwritten, it can potentially be recovered [15]. Many experts believe that unless one can overwrite the data numerous times, that it is not worth to overwrite it even once [9]. Nothing could be further from the truth. Even the government's own NIST and NISPOM standards for secure deletion of top-secret files call for overwriting no more than three-times [8, 23]; and, for most users, a single overwrite will suffice and greatly enhance security. In particular, one overwrite will make any software-based data recovery impossible. Thus, hackers who gain privileged access to the system will not be able to recover files deleted from its hard disks. To date, no commercial services are available to recover data that was overwritten even just once [24]. > > (See original for citations ca. 2005 and earlier.) > > My suspicion is that it was empirical. Someone working with > RAID/virtual disks which don't really overwrite in place observed that > data were still recoverable from original, non-overwritten sectors. > But a sufficient number of overwrites would suffice to overwrite the > real backing store. 1. I did mean DISK overwirte. Not some emulated gismo, especially not dasd arrays like Iceberg/RVA. That's completely different story and - important - it's still not applicable to number of writes. The problem in such arrays is to really overwrite the disks, no matter how many times. It's important to overwirte al least once, but every disk area, each copy. It's more like caution to delete dataset *and* its copies and backups. (Disclaimer: spare sectors on HDD is yet another story.) 2. Fun story: some company used special software to overwrite PC HDDs. The number of writes was set to 5. Reason: default was 3, "but we want more security". 3. Regarding possibility rto read *valuable* information overwritten once: Such theoretical possibility assumes one use good microscope and watches single magnetic domain. There is no hidden HDD command like "read deleted info". And now: what is easier: decrypt encrypted content of play with 100000000000000000-element puzzle of domains? -- Radoslaw Skorupka Lodz, Poland The information contained in this message is confidential, protected from disclosure and may be legally privileged. If the reader of this message is not the intended recipient or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, distribution, copying, or any action taken or action omitted in reliance on it, is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
