On Thu, 3 Jan 2008 20:35:11 -0500, "Douglas A. Tutty" <[EMAIL PROTECTED]> said: > On Thu, Jan 03, 2008 at 04:08:08PM -0800, Marco S Hyman wrote: > > > As for disk destruction... I don't know nor pretend to know what can > > and can not be recovered. Take a look at > > > > https://www.dss.mil/portal/ShowBinary/BEA%20Repository/new_dss_internet/isp/odaa/documents/clear_n_san_matrix_06282007_rev_11122007.pdf > > > > The DSS (Defense Security Service, part of the DoD) calls what you have > > done "clearing" the disk. It does not "sanitize" the disk. To sanitize > > you need to either degauss or destroy the disk. > > > > The NIST article that (I think) started this thread says that it (the > document) applies to commercial-grade privacy but not to > government-grade classified material. In other words, there's an > implied difference between the ability of a commercial data recovery > company and a major government. > > So, you have to look at who your adversary is and the value of the data. > If the value is less than the drive, then clear the disk and sell it. > If you are keeping the disk in-house but just re-allocating it, then > clear the disk and re-use it. However, if the agency you wish to not be > able to read the disk has the backing of a major government: > > 1: distroy the disk > 2: distroy the computer (the document actually says this re RAM > chips) > 3: re-evaluate the whole concept of using a computer at all, > expecially if the hardware is at risk of being "stolen" (seized, > confiscated, etc). > > If the data on the drive has always been in encrypted form, then you > have to evaluate the strength of the encryption vs. the strength of the > adversary.
People keep quoting what governments can do. This is nothing but hearsay. Please point out one single source, one actual documented source not what some friend of a friend said they saw some guy do, that actually shows someone recovered data from a completely overwritten disk. If there is proof of this I would honestly like to be proven wrong. I have had a casual interest in this for several years (and no, not for any illicit purpose, just casual curiosity) and I have yet to come across any proof it is possible. Not formatting or damage(even fire) or deletion, complete overwriting. I am aware of what commercial data recovery companies can do and as far as I have been able to ascertain this is not within there realm or *anyones* realm.
