Date: Fri, 29 Oct 2010 12:10:18 +0100 (BST) From: Robert Watson <rwatson@FreeBSD.org> To: Bruce Cran <bruce@cran.org.uk> Cc: Doug Barton <dougb@freebsd.org>, d@delphij.net, =?ISO-8859-15?Q?Ulrich_Sp=F6rlein?= <uqs@spoerlein.net>, Garrett Cooper <gcooper@FreeBSD.org>, src-committers@freebsd.org, Bruce Evans <brde@optusnet.com.au>, svn-src-head@freebsd.org, Alexander Best <arundel@freebsd.org>, Gary Jennejohn <gljennjohn@googlemail.com>, svn-src-all@freebsd.org, Dag-Erling Smorgrav <des@freebsd.org> Subject: Re: svn commit: r214431 - head/bin/rm Message-ID: <alpine.BSF.2.00.1010291202540.49596@fledge.watson.org> In-Reply-To: <20101029120017.00003c98@unknown> References: <20101027212601.GA78062@freebsd.org> <4CC899C3.7040107@FreeBSD.org> <20101027214822.GA82697@freebsd.org> <4CC8A89D.5070909@delphij.net> <20101028152418.A916@besplex.bde.org> <20101028095538.24147119@ernst.jennejohn.org> <alpine.BSF.2.00.1010281845030.58253@fledge.watson.org> <20101028182219.GA36559@freebsd.org> <alpine.BSF.2.00.1010282006510.84180@fledge.watson.org> <AANLkTi=-QEDFzis0L15mnSgFVaJkmy%2Bc3MyEsXZSsArf@mail.gmail.com> <20101028204849.GE46314@acme.spoerlein.net> <AANLkTimBMJK2knB7_9Ssbg44xk_Fd7fEfo9phkhhGX8D@mail.gmail.com> <20101029120017.00003c98@unknown>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 29 Oct 2010, Bruce Cran wrote: > On Thu, 28 Oct 2010 14:11:14 -0700 Garrett Cooper <gcooper@FreeBSD.org> > wrote: > >> Unfortunately it's implied superficially by the 3 pass tort; but as most >> people who understand magnetic disks know, unless you completely obliterate >> a disk, wipe over it with random data enough times, whatever, the content >> is still on the disk and retrievable via various methods... I agree that >> this advice should be placed near the flag itself so that people completely >> understand the implications of the feature. > > I believe the only method 10-15 years ago would have been a scanning > electron microscope, but that probably isn't possible with today's disks. > Simply writing zeros once is enough to obliterate all the data (except for > any remapped sectors). Especially given modern magnetic disk densities. However, the problem with flash memory is quite interesting -- because of device wear-leveling. People who really care about forensic extraction of flash disks bypass the normal interface in order to (a) follow best practices on not powering on devices and (b) bypass the wear-levelling abstraction, revealing the underlying disk blocks and wear-levelling meta-data. As a result, they often have access to large numbers of believed-deleted and even believed-overwritten blocks (although how much depends on the algorithm, fill ratio, usage patterns, etc). Robert
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1010291202540.49596>