> > - I'm probably not understanding -- but writing 1's or 0's more than > once > > to a disk area seems, well, silly. Do 'passes' imply that each pass > is > > covering more 'area' or something? Whenever I do things like 0 a > disk > > using the dd command -- I assume the entire disk is being written to > and any > > subsequent dd commands are unnecessary and redundant.
Nope, not silly at all. The idea is that repeating the writes with different patterns of data blurs the magnetic image on the disk of the "original" data, making it progressively harder (but not impossible) to recover the data via laboratory means. The DSF INSPECT command is pretty effective for decommissioning disks, but it's not good enough if you have milspec erasure requirements. Melting is pretty much safe. Use of old disks as live-fire ordnance test targets is also popular (and much more fun). 8-) > > - If we do a DIRM PURGE user CLEAN -- is that sufficient to meet any > DoD > > rules, etc concerning securely wiping data? No. At minimum, DSF INSPECT, more common: destroy the platters completely. > Anyway, to your real question: there is allegedly/apparently latent > magnetism in a bit, such that it's at least *theoretically* possible > to recover data from a formatted drive. More than theoretical. It's not easy, but a good forensics lab can do it. > Has anyone ever actually done this? Not that I know of, but I haven't > really looked. Obviously they'd need physical access to the disks and > a fair bit of time. Yes. One *past* (I don't do that stuff any more) client of mine manufactured "instruments of policy" -- aka military weapons. One of their other contractors wiped an important pack several times and they had to send it to a secured forensics lab for recovery. 4 months and several million dollars later, they were able to read about 80% of the data. -- db
