> > Once information on a digital media has been overwritten, it cannot be > > recreated/restored in any lab. All this talk about electron microscopes > > and overwriting in multiple passes is just a load of crap derived from > > an old DoD standard. It has no practical meaning. One overwrite is > > enough. Please let this ugly rumour die :)
Peter Gutman presented a paper on the technique of using electron microscopes to recover data from overwritten disks nearly 10 years ago at a USENIX Security Symposium. Peter did the research on this while at IBM's Watson Laboratory. Yes, it's very expensive (in terms of time) and you need sophisticated equipment but it is well within the reach of any technical university or well financed organisation. Like all security decisions how you wipe your data depends on how valuable it is. For most stuff one pass is probably enough but OTOH doing a five or seven pass with random data is not a large incremental cost so why not do it properly. The biggest cost in the exercise is the time it takes to boot the machine up on a CD with the right tools and start them running. Do you really care if it takes one or five hours to do the wipe. (OK there will be times when you do care and in that case you opt for speed unless there is something extraordinarily sensitive on the disk...) Russell [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
