Brandon Ochs DATA REMANENCE Overview Introduction Causes Countermeasures
Brandon Ochs DATA REMANENCE
Overview Introduction Causes Countermeasures Complications
Introduction Data remanence is the residual representation of data that has been in some way nominally erased or removed
Causes Files may not be deleted immediately Most computers do not remove the contents of a file when deleted Enough metadata may be left behind to restore the file
Metadata “Data about data” Required of effective data management
Countermeasures Clearing requires a lot of effort to recover Purging cannot possibly be recovered
Overwriting Overwrite the store device with new data Can be implemented through software Can use different overwrite patterns Takes a lot of time
Overwriting Patterns Writing all zeros Alternating ones and zeros Complement or bitwise NOT Some areas of disk may not be accessible
Gutmann Method Algorithm for erasing hard drive Write a series of 35 patterns over region Patterns specific to encoding mechanism of drive
Do. D Standards Overwriting no longer acceptable method Degaussing or Physical destruction
Degaussing Reduction or removal of a magnetic field May purge the entire device Renders the hard disk inoperable
Encryption Encrypting can eliminate data remanence Data may be unrecoverable
Physical Destruction Guaranteed to eliminate data remanence if done properly Most expensive of the techniques Small fragments may still contain data
Physical Destruction Methods Physically breaking the media apart, by grinding, shredding Incinerating Phase transition (liquification or vaporization of a solid disk) Application of corrosive chemicals, such as acids, to recording surfaces For magnetic media, raising its temperature above the Curie point (1400 F for steel, 800 F for most HDD alloys)
Head Crashing Bad Parking Manual power down Modern disks have a retract mechanism
Magnets? Consumer-grade magnets don’t cut it Strength of magnet required to completely destroy data would bend the platter and casing
Guard Dog Developed by Georgia Tech Research Institute uses a 125 pound magnet delivered via hand crank
Complications Inaccessible media areas Advanced Storage Systems Optical Media Data in RAM
Inaccessible Media Areas may become inaccessible Bad sectors on hard drives Make overwriting ineffective
Advanced Storage Systems Make overwriting ineffective Especially hard to overwrite single files Built in revision control May be duplicate data
Optical Media Non magnetic Write-once media cannot be overwritten Safest to physically destroy Throw it in the microwave!
Data In RAM May retain data at room temperature Data remains longer at low temperatures Partial data greatly reduces search space
Oscilloscopes Can be used to look at hard drive sectors Write head is not 100% accurate Peaks and valleys become entrenched over time Media not truly digital
Conclusion Data is not truly eliminated from media when erased Safest way is to physically destroy Oscilloscopes make overwriting unsafe Encryption is relatively strong, but is susceptible to recovering data in RAM
Questions What is the difference between purging and clearing? What are two Do. D acceptable methods for eliminating data?
References Peter Gutmann (July 1996). "Secure Deletion of Data from Magnetic and Solid-State Memory". Retrieved on 2008 -4 -08. Sergei Skorobogatov (June 2002). "Low temperature data remanence in static RAM". University of Cambridge, Computer Laboratory. Media Destruction Guidance. NSA. Retrieved on 2008 -4 -08.
- Slides: 28