Verification of clearing or purging of storage med...

ericgeater · ‎08-17-2023

This particular thread shed some light on the subject of data removal from storage media, and as I am currently evaluating software removal (with simple tools like Disk Wipe and sdelete from SysInternals), the whole thread is interesting to me.

But I'm also curious to know what software tools y'all might recommend to verify that a drive was successfully cleared, purged, or encrypted. At present, I'm evaluating DiskView (another SysInternals freebie), but felt like I'd ask if ya'll have a preferred method of clear/purge validation.

Thanks!

eric

-----------
A claim is as good as its veracity.

Caute_cautim · ‎08-18-2023

HI All

NIST 800-

One technique: https://www.bitraser.com/ppc/data-eraser-software.php?gad=1&gclid=CjwKCAjwivemBhBhEiwAJxNWN-6ghwcG4j...

NIST 800-88

https://www.youwipe.com/

https://www.youwipe.com/certificates/

Regards

Caute_Cautim

Caute_cautim · ‎08-18-2023

Translated this becomes:

To bring an element of optimism and encouragement to your wishes, you can say "Happy Birthday! May All Your Dreams Come True", which Happy Birthday means "Happy Birthday! May all your dreams come true". This expression captures your desire for your aspirations to come true.

Looks like spam to me? Anyone else concur?

Regards

Caute_Cautim

Steve-Wilme · ‎08-18-2023

Maybe it's a suggestion on what your should overwrite your data with. A bit unconventional, but I'm sure you could give it a try.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS

Early_Adopter · ‎08-18-2023

No way!

How could you be so cynical?

They are wishing me happy in several months time!

Early_Adopter · ‎08-18-2023

Massive big shredder.

It’s the only way to be sure, if you can’t take off and nuke the site from orbit…

JoePete · ‎08-18-2023

"Happy Birthday! May All Your Dreams Come True"

... must be a reference to yesterday's birth of the ISC2 ... or are we just going by "2" now?

@ericgeater I don't have a specific recommendation. For awhile, it was a 4-lbs sledge hammer (safety glasses are an essential). My guess is any advertised product will re-format and zero out the media. If you're really paranoid, do it multiple times. If I have access to the media, I'm still physically destroying it. When you look at the declining cost of storage, you're probably not re-using it anyway.

The larger issue, however, may be where is the data. In this day and age, it can be in many places and cached on many devices. This gets to SOC reports and SLAs. But there are some policy and training issues at work here. One thing I try to impress on people is write locally and then move your document to your cloud environment. The premise that we classify first and then create may make sense from a security standpoint but very few people actually work that way. We create, then we classify. It can takes months in some cases for someone to identify or recognize that a sensitive nugget of information entered a document.

ericgeater · ‎08-18-2023

Thanks to everyone who responded, incluido esa persona que me deseaba un feliz cumpleaños... a pesar de ni siquera era mi cumpleaños. Gracias a usted!

Clearing and purging are easy, but ensuring that clearing and purging have occurred is the goal. I think I may employ BitLocker with truly random keys as the next step after clearing and purging... then move on to reuse (when warranted) or physical destruction.

And physical destruction is the end game anyway, but clearing-purging-encryption is the insurance.

(Reportaré el mensaje)

-----------
A claim is as good as its veracity.

denbesten · ‎08-18-2023

Explosives are fun :-).

With respect to "sanitization" if the drive had been earlier bitlocker-ed I might swap it to a new machine (to disassociate it from the private key in the TPM) and then reformat and re-bitlocker so I am confident that it has a new bitlocker key.

However, if not previously encrypted, I now feel that capacities have gotten so large that wiping is too-expensive (time-wise), leaving physical destruction as my preferred avenue. An interesting thought. Cut the drive in half; discard one half today and the other half in 6 months.

denbesten · ‎08-18-2023

@JoePete wrote:
My guess is any advertised product will re-format and zero out the media. If you're really paranoid, do it multiple times.

Adding to this, if "formatting" takes only a few moments, only the first portion of a hard drive was overwritten, making it "look empty", but not actually overwriting all the data. Secret files are still there and can often be recovered with specialized tools. Proper "overwriting" takes hours/days.

One thing I try to impress on people is write locally and then move your document to your cloud environment.

This is a very good point. Our efforts to prevent accidental loss do make intentional destruction more difficult. Destroying media is all well-and-good if the goal is media destruction. But if the goal is data-destruction, don't for get the backup, archive and sync locations.

Verification of clearing or purging of storage media