DOCSLIB.ORG

An Evaluation of Data Erasing Tools

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Journal of Digital Forensics, Security and Law Volume 15 Number 1 Article 2 June 2020 An Evaluation Of Data Erasing Tools Andrew Jones University of Suffolk, [email protected] Isaac Afrifa University of Hertfordshire, [email protected] Follow this and additional works at: https://commons.erau.edu/jdfsl Part of the Computer Law Commons, and the Information Security Commons Recommended Citation Jones, Andrew and Afrifa, Isaac (2020) "An Evaluation Of Data Erasing Tools," Journal of Digital Forensics, Security and Law: Vol. 15 : No. 1 , Article 2. DOI: https://doi.org/10.15394/jdfsl.2020.1615 Available at: https://commons.erau.edu/jdfsl/vol15/iss1/2 This Article is brought to you for free and open access by the Journals at Scholarly Commons. It has been accepted for inclusion in Journal of Digital Forensics, Security and Law by an authorized administrator of (c)ADFSL Scholarly Commons. For more information, please contact [email protected]. Data Erasing Tools JDFSL V15N1 AN EVALUATION OF DATA ERASING TOOLS Isaac Afrifa1, Andrew Jones2 1 2Cyber Security Center, University of Hertfordshire 2Cyber Security CRC, Edith Cowan University [email protected] [email protected] ABSTRACT The permanent removal of data from media is a major area of concern mainly because of the misconception that once a file is deleted or storage media is formatted, it cannot be recovered. There has been the development of both commercial and freeware data erasing tools, which all claim complete file or disk erasure. This report analyzes the efficiency of a number of these tools in performing erasures on an electromechanical drive. It focuses on a selection of popular and modern erasing tools, taking into consideration their usability, claimed erasing standards, and whether they perform complete data erasure with the use of the Write Zero method. Keywords: Data wiping, Write Zero, Data Erasing Tools 1. INTRODUCTION In another fairly recent incident, the Mir- ror (2017) also reported a massive data loss threat that involved a USB stick, which was Data in the 21st century has become an found in the streets of London, containing epitome of controversy due to the count- highly confidential information belonging to less occurrences of crimes associated with Heathrow Airport. The drive consisted of 76 data breaches and data loss. Most physi- unencrypted folders, which included precise cal drives that are used to store either cor- routes Her Majesty the Queen uses in the air- porate or personal data usually end up be- port, maps showing the tunnel networks and ing sold when they are no longer required, escape shafts linked to the Heathrow Express, stolen, or lost. Examples include a report by and many more. These pieces of information, Historycoalition.org (2009), that the US in the wrong hands, can be used in malicious National Archives and Records Administra- attacks. tion (NARA) reported the loss of an external hard drive from the NARA College Park fa- A significant question that is related to cility in Maryland. This hard drive contained data removal is, “Can data be completely copies of sensitive personal information such erased if no longer required?” The perception as names and social security numbers of indi- that non-technical individuals tend to have is viduals who may have worked or visited the that once a file is deleted from the recycle bin White House during Clinton’s Presidency. or a drive is formatted, and the data cannot c 2020 JDFSL Page 1 JDFSL V15N1 Data Erasing Tools be recovered. However, when the Recycle items are lost every second (Drolet, 2019). bin or Trash folder is emptied, the operating Corporate organizations are spending mil- system only removes pointers to the deleted lions of pounds to avoid data breaches and data. The information remains on the hard losses. The general public also had their fair disk until another file overwrites it. With the share of data loss due to the general lack of formatting of drives, if the ‘quick’ format is knowledge in relation to media sanitization. used, data is not removed as formatting only It is therefore essential to address the prob- reinitializes the file system of the drive, as lem of data erasure and help identify the best explained by Rothke (2009). Even with new and most easily accessible tools for media overwrites, some of the data might still be sanitization associated with storage devices recovered. This misconception has led to nu- notably hard drives, as they are considered as merous data breaches and loss of confidential one of the most commonly used primary stor- information to identity thieves and hackers. age devices to store confidential and sensitive The aim of this research was to examine information (Valli and Jones, 2005). some of the most popular and easily acces- sible data erasing tools and evaluate their 1.2 Project Phases efficiency based on their performance and The project started in February 2019 and ability to completely erase drives with the was carried out in 5 phases: Write Zero wiping method. The reasons for carrying out this study were that it had been • Literature review. This phase includes some time since a comparative study was car- an investigation of past and recent pa- ried out, and in the intervening period, new pers that relate to erasing of data on tools have become available and existing tools storage media devices, the known data have been updated. In view of this, standard erasing standards, and other notable top- experiments were conducted on an electrome- ics associated with data erasing; chanical hard disk using 8 data erasing tools, namely, Hard Wipe, Eraser, Macrorit Data • Research of Erasing Tools. This phase Wiper, Active KillDisk, Disk Wipe, Puran involves the study and investigation into Wipe Disk, Remo Drive Wipe, and Super free versions of data erasing tools that File Shredder. Solid state drives were not have the Write Zero method as one of the included in this research because, with the supported erasing standards. As a result, wear leveling algorithms that are in use and 8 tools were acquired and installed; the current state of the art, there is no scien- tifically proven method that can be used to • Creation of dataset for evaluation. This ascertain that all sectors of the storage me- phase consisted of the acquisition of dia have been accessed and overwritten. This different file types that were used as issue will be examined in future research. datasets for the research; 1.1 Motivation • Experimentation and Analysis. This With the surge in data related crimes, orga- phase involved the testing of all the nizations and individuals are investing heav- selected erasing tools and also exam- ily in keeping data safe and secure from un- ines their wiped disk images to enable wanted parties. Studies show that almost 5 the analysis of the results and included, million data items are reported missing or where relevant, an attempt to recover stolen worldwide every day, which implies 58 deleted data; Page 2 c 2020 JDFSL Data Erasing Tools JDFSL V15N1 • Conclusion and Recommendations. In paper printouts, and Electronic or Soft Copy, this phase, the results of the analysis and which include hard drives, Random Access evaluation of the selected erasing tools Memory (RAM), Compact and Floppy Disks are documented. Recommendations of etc. The document further explained the dif- the top performing tools are also made ferent types of sanitization. It grouped sani- during this phase of the project. tization into four types, namely, Discarding, Clearing, Purging, and Destroying. Discard- ing involves getting rid of media without any 2. RELATED WORK sanitization method. The digital forensics area has witnessed a Discarding has consequences as reported plethora of contributions confirming and dis- in a news article by BBC (2019), where the proving major data concepts, and data era- medical records of patients, which had sen- sure is not an exception. Data storage has sitive information such as bank and contact immensely improved from the days of mag- details were found in an abandoned nursing netic tapes and floppy disks to the more cur- home in Hampshire. The second type of rent forms of storage devices such as flash sanitization, Clearing, entails high levels of drives, electromechanical hard drives, Solid- data destruction, which include overwriting State Drives (SSDs), and cloud storage. Most using hardware or software tools. Purging forms of storage, at the end of their lifecycles, is similar to Clearing and includes methods are sold, donated, or destroyed. such as Secure Erase and Degaussing. Lastly, Sahri et al. (2018) argued how fragile soft- destroying as the name implies involves physi- ware and hardware involved in data storage cally destroying media by shredding, melting, could be and estimated the lifespan to be disintegration etc. about five years. Other reports on the life Countless data wiping techniques, in the expectancy of data storage devices were pro- form of software or hardware, have been vided by (Brook, 2017), which highlighted adopted to aid in data erasure from storage that the lifespan of such devices depends on media devices. Companies and individuals a number of factors, including usage rates, tend to purchase or freely download eras- environmental factors, and manufacturing. ing tools to remove data on storage devices. In addition, (Brook, 2017) provided an esti- Sansurooah et al. (2013) revealed that the mated life expectancy for hard disks to be licensing of such data erasing tools, whether 3 to 5 years and flash storage devices to be freely available or commercial based, does not 5 to 10 years, depending on the number of reflect on their data wiping efficiency and fur- write cycles, meaning the more you delete ther recommended some free and commercial and write new data on the devices, the faster tools for secure data removal.
Recommended publications
  • Networker Jukebox Control Command Nsrjb

    Networker Jukebox Control Command Nsrjb

    Maintenance Procedures NSRJB ( 8 ) NAME nsrjb − NetWorker jukebox control command SYNOPSIS nsrjb [ −C ][−j name ][−s server ][−v ][−f device ][−S slots | −T Ta gs | volume names ] nsrjb −L [ −j name ][−s server ][−gimnqvG ][−Y | −N ][−R | −B ][−b pool ][−f device | −J hostname ][−e forev er ][−c capacity ][−o mode ][−S slots | −T tags | volume names ] nsrjb −l [ −j name ][−s server ][−nvqrG ][−R [ −b pool ]][−f device | −J hostname ][−S slot | −T tags | volume names ] nsrjb −u [ −j name ][−s server ][−qv ][−f device ][−S slot | −T tags | volume names ] nsrjb −I [ −j name ][−s server ][−Evpq ][−I | −f device ][−S slots | −T tags | volume_names ] nsrjb −p [ −j name ][−s server ][−vq ][−f device ][−S slot | −T tag | volume name ] nsrjb −o mode [ −j name ][−s server ][−Y ][−S slots | −T tags | volume names ] nsrjb −H [ −j name ][−s server ][−EHvp ] nsrjb −h [ −j name ][−s server ][−v ] nsrjb −U uses [ −j name ][−s server ][−S slots | −T tags ] nsrjb −V [ −j name ][−s server ] nsrjb −d [ −j name ][−s server ][−v ][−N ][−Y ][−P ports ][−S slots ][−T tags ][volume names ] nsrjb −w [ −j name ][−s server ][−v ][−N ][−Y ][−P ports ][−S slots | −T tags | volume names ] nsrjb −a [ −j name ][−s server ][−vd ][−T tags |[−T tags ] volume names ] nsrjb −x [ −j name ][−s server ][−vwX ][−T tags | −S slots ] nsrjb −F [ −j name ][−s server ][−v ] −f device DESCRIPTION The nsrjb program manages resources in two broad classes of jukeboxes, remotely managed jukeboxes and locally managed jukeboxes. Remotely managed jukeboxes are controlled through an external agent.
  • Youwipe Assurance Test Report by KÜRT .Pdf

    Youwipe Assurance Test Report by KÜRT .Pdf

    HDD DATA ERASURE ASSURANCE REPORT TR/yw/20-10-22 KÜRT had been asked to process a detailed analysis of YouWipe edition v4.1.93.2010221419-945f40cc data erasure tool capabilities on hard disk drives with data recovery tools. 1. ASSIGNMENT In response to YouWipe engagement KÜRT Data Recovery Lab have performed the test of the erasure capabilities of YouWipe tool on the following HDD devices: 1. Model : Seagate Barracuda ST1000DM003 Serial number: Z1D6GVFS 2. Model: Western Digital WD20EZRX-00D8PB0 Serial number: WCC4M5LSR3A0 2. ACTIVITIES KÜRT test was performed in accordance with data recovery current technological standards and included the procedures considered necessary in the circumstances to obtain a reasonable basis for rendering the last opinion. 3. TEST LEVELS Examination can include different Test Levels in the context of a desired defense against a certain Risk Level (ADISA) or Effort Level (NIST). 1. Test Level 1: NIST Clear, ADISA Risk level 1 (Low) 2. Test Level 2: NIST Purge, ADISA Risk Level 2 (Medium) KÜRT Data Recovery performed the tests on Test Level 1 and Test Level 2. 4. EXAMINATION PROCESS The examination was performed during the period 5 - 21. October 2020 and included the following steps: 1. A special - KÜRT specific - data pattern was written on the HDD’s, filling the full available capacity of the HDD’s. 2. Using YouWipe v4.1.93 software with “EXT HMG Infosec High” HDD Erasure Method, the HDD’s were wiped following the instructions given with YouWipe software. 3. The HDD’s were analyzed on low level (sector by sector) with several KÜRT Data Recovery software tools.
  • NIST 800-88 VS Dod 5220.22-M What Is the Best Method?

    NIST 800-88 VS Dod 5220.22-M What Is the Best Method?

    ® NIST 800-88 VS DoD 5220.22-M What Is The Best Method? OVERVIEW The DoD 5220.22-M has long been an industry standard when it comes to data sanitization, but drive technology has changed drastically since the standard was last changed in 2006. The more modern NIST 800.88 US government standard has taken the role as the primary erasure pattern for government, military and enterprise. Due to the necessary changes that arrived with SSD and newer drive technologies, Sipi Asset Recovery highly recommends using the current NIST 800.88 for sanitizing all drive types. THE ORIGIN OF DOD 3-PASS WIPE STANDARD The idea that multiple wipe passes are necessary to render ad ta irrecoverable originates in part with a 1996 study published by Peter Gutmann who suggested that data should be wiped up to 35 times. He proposed that data could be recovered using magnetic force microscopy (MFM) and scanning tunneling microscopy (STM) techniques. Gutmann’s study was widely cited and lead to the adoption of the DoD 3-pass wipe as a standard. The Department of Defense 5220.22-M requires 3 overwrites passes (0’s, 1’s, Random) with a 100% verification pass. This standard was last updated in 2006 and in consideration of the pace of advancement in technology this criteria is significantly out of date. Modern hard drives over the last 10-15 years have advanced in technology to the point where the MFM and STM techniques have become obsolete. Specifically, part of Gutmann’s claim was that the head positioning system in hard drives was not precise enough to overwrite new data on top of the exact position of the old data, thus creating the possibility that the old data would remain intact.
  • Command Control Interface Command Reference

    Command Control Interface Command Reference

    Command Control Interface Command Reference Hitachi Virtual Storage Platform G1000 Hitachi Unified Storage VM Hitachi Virtual Storage Platform Hitachi Universal Storage Platform V/VM FASTFIND LINKS Contents Product Version Getting Help MK-90RD7009-19 © 2010-2014 Hitachi, Ltd. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, or stored in a database or retrieval system for any purpose without the express written permission of Hitachi, Ltd. Hitachi, Ltd., reserves the right to make changes to this document at any time without notice and assumes no responsibility for its use. This document contains the most current information available at the time of publication. When new or revised information becomes available, this entire document will be updated and distributed to all registered users. Some of the features described in this document might not be currently available. Refer to the most recent product announcement for information about feature and product availability, or contact Hitachi Data Systems Corporation at https://portal.hds.com. Notice: Hitachi, Ltd., products and services can be ordered only under the terms and conditions of the applicable Hitachi Data Systems Corporation agreements. The use of Hitachi, Ltd., products is governed by the terms of your agreements with Hitachi Data Systems Corporation. Notice on Export Controls. The technical data and technology inherent in this Document may be subject to U.S. export control laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries.
  • U.S. EPA, Pesticide Product Label, COMMAND 4E HERBICIDE, 09/02

    U.S. EPA, Pesticide Product Label, COMMAND 4E HERBICIDE, 09/02

    Don carlson, Ph.D. FMC corporation Agricultural Chemical Group 1735 Market street Philadelphia, PA 1910 3 Dear Dr. Carlson: Subject: Camand 4 EC Herbi,lde EPA Reg. No. 279-30~1 RE: Amended Labeling (tillage/nQ-tillage directions) Your Submission Dated August 13, 1992 ~he labeling refprred to above, submitted in connection with registration under the Federal Insecticide, Fungicide, and Rodenticide Act, as amended, is acceptable. A stamped copy is enclosed for your records. Sincerely yours, Robert J. Taylor Product I'anager (25) Fungicide-Herbicide Branch Registration Division (H7505C) CONCURRENCES SYMBOL;: l/7.)~.$P" ............... ... .................. ................. ................. ................................................... ::N£AM~, '%f:1; .... ........................................................................................................................ OFFICIAL FILE COPY _ i2 a a all a an a. .a $A 4SQS4 4t P ) ) Code 1139 Net Contents Command®4 E Herbicide For Agricultural or Commercial Use Only NOT FOR SALE OR USE IN CAUFORNIA EPA Reg. No. 279-3071 EPA Est. 279- Active Ingredient: By Wt. Clomazone: 2-(2-Chlorophenyl)methyl-4. 4-dimethyl-3-isoxazolidinone •...........••••..... 44.4% Inert Ingredients: .........•..............•......... 55.6% 100.0% Contains 4 pounds 01 active ingredient per gallon U.S. Patent No. 4.405,357 KEEP OUT OF REACH OF CHILDREN CAUTION FIRST AID " In SyH: Flush with plenty 0/ water. Get medical attention as AtlL.C OF CONTENTS 'Ossible. ' aI inlormations an pages 1-4 belore referring 10 specific ; swallowed: Drink prompUy large quatltities 01 crop use. alcohol. Do nol ind~'C8 vomiting. cau a physician, " Inh8led: Remove to fresh air. " Page lion. prelerably mouth·to-mouth.·. possible. ~~.::::::::::::::::::::::::::::::::::::::::::::: 1 Precautionary Statements ............................ ... 1 " on akin: Wash Skin Diredions lor Use ....................................... 1 allention. ~ and ~ ...............•.......•.......•... 2 For Emergency f!prayer CIeanuo ......................................
  • Bitraser File Eraser Fact Sheet

    Bitraser File Eraser Fact Sheet

    BITRASER FILE ERASER WORLD'S MOST RELIABLE DATA ERASURE SOFTWARE SIMPLE. SECURE. File Erasure Software Erases Files, Folders & Partitions from PC, Mac, Server IDEAL FOR INDIVIDUAL, HOME USER & ENTERPRISE Reliable Privacy Safeguarding Software To Erase Sensitive & Confidential Data Beyond Recovery BitRaser File Eraser is a privacy safeguarding software that permanently erases files, folders, partitions, Internet history etc. stored on laptop,desktop, server beyond the scope of data recovery. The software meets daily data sanitization requirements of organizations and individuals by erasing data securely. The software allows you to schedule erasure process & maintain detailed log reports of all files deleted for meeting statutory & regulatory compliance needs for data security & privacy – SOX, GLB, HIPAA, ISO27001,EU-GDPR, PCI-DSS. SOFTWARE WITH EXCELLENT CAPABILITIES SECURE FILE & FOLDER ERASURE HIGH SPEED ERASURE Securely erases sensitive files from PC, laptop, Performs high speed simultaneous erasure of mac and server beyond recovery thereby multiple files in the most efficient way. maintaining privacy. ERASES PARTITIONS EMAIL & BROWSER HISTORY ERASURE Ability to safely erase entire logical drives or Wipes emails & browser history and archives partitions without harming applications & residing in any drive/ media / server without operating system files. leaving any traces. REMOVES COOKIES, BROWSER HISTORY CERTIFIED ERASURE & APPLICATION TRACES A certificate is generated to meet statutory and Erase cookies & Internet browser history that regulatory compliances. track your behavior pattern along with most recently used application traces. BITRASER ADVANTAGE Safeguards Unlimited Easy to use Retain Safe & Cost Your Privacy Erasure in a Year Interface OS Files Reliable Effective BITRASER, AN INNOVATION BY STELLAR, THE GLOBAL DATA CARE EXPERTS TRUSTED BY MILLIONS, SINCE 1993.
  • Weed Control Guide for Ohio, Indiana and Illinois

    Weed Control Guide for Ohio, Indiana and Illinois

    Pub# WS16 / Bulletin 789 / IL15 OHIO STATE UNIVERSITY EXTENSION Tables Table 1. Weed Response to “Burndown” Herbicides .............................................................................................19 Table 2. Application Intervals for Early Preplant Herbicides ............................................................................... 20 Table 3. Weed Response to Preplant/Preemergence Herbicides in Corn—Grasses ....................................30 WEED Table 4. Weed Response to Preplant/Preemergence Herbicides in Corn—Broadleaf Weeds ....................31 Table 5. Weed Response to Postemergence Herbicides in Corn—Grasses ...................................................32 Table 6. Weed Response to Postemergence Herbicides in Corn—Broadleaf Weeds ..................................33 2015 CONTROL Table 7. Grazing and Forage (Silage, Hay, etc.) Intervals for Herbicide-Treated Corn ................................. 66 OHIO, INDIANA Table 8. Rainfast Intervals, Spray Additives, and Maximum Crop Size for Postemergence Corn Herbicides .........................................................................................................................................................68 AND ILLINOIS Table 9. Herbicides Labeled for Use on Field Corn, Seed Corn, Popcorn, and Sweet Corn ..................... 69 GUIDE Table 10. Herbicide and Soil Insecticide Use Precautions ......................................................................................71 Table 11. Weed Response to Herbicides in Popcorn and Sweet Corn—Grasses
  • Cheatsheet V2.4.Pdf

    Cheatsheet V2.4.Pdf

    ! ! 2.4!Edition! Cross!reference!processes!with!various!lists:! Scan!a!block!of!code!in!process!or!kernel!memory! psxview! for!imported!APIs:! ! impscan!! Show!processes!in!parent/child!tree:! !!!!Hp/HHpid=PID!!!!!!!!!Process!ID!! pstree! !!!!Hb/HHbase=BASE!!!Base!address!to!scan! & !!!!Hs/HHsize=SIZE!!!!!!!Size!to!scan!from!start!of!base! Process&Information& ! ! Logs&/&Histories& Specify!–o/HHoffset=OFFSET!or!Hp/HHpid=1,2,3!! ! ! Recover!event!logs!(XP/2003):! Display!DLLs:! evtlogs!! ! ! dlllist! !!!!HS/HHsaveHevt!!!!!!!!!!!!!!!!!!!!Save!raw!event!logs! Development!build!and!wiki:! ! !!!!HD/HHdumpHdir=PATH!!!Write!to!this!directory! github.com/volatilityfoundation!! Show!command!line!arguments:! ! ! cmdline! Recover!command!history:! Download!a!stable!release:! ! cmdscan!and!consoles!! volatilityfoundation.org!! Display!details!on!VAD!allocations:! ! ! vadinfo![HHaddr]! Recover!IE!cache/Internet!history:! Read!the!book:! ! iehistory!! artofmemoryforensics.com! Dump!allocations!to!individual!files:! ! ! vaddump!HHdumpHdir=PATH![HHbase]! Show!running!services:! Development!Team!Blog:! ! svcscan!! http://volatilityHlabs.blogspot.com!! Dump!all!valid!pages!to!a!single!file:! !!!!Hv/HHverbose!!!!Show!ServiceDll!from!registry! ! memdump!HHdumpHdir=PATH! ! (Official)!Training!Contact:! ! Networking&Information& Display!open!handles:! [email protected]!! ! handles!! ! Active!info!(XP/2003):! !!!!Ht/HHobjectHtype=TYPE!!!Mutant,!File,!Key,!etc…! Follow:!@volatility! connections!and!sockets!! !!!!Hs/HHsilent!!!!!!!!!!!!!!!!!!!!!!!!!!!Hide!unnamed!handles!
  • [D:]Path[...] Data Files

    [D:]Path[...] Data Files

    Command Syntax Comments APPEND APPEND ; Displays or sets the search path for APPEND [d:]path[;][d:]path[...] data files. DOS will search the specified APPEND [/X:on|off][/path:on|off] [/E] path(s) if the file is not found in the current path. ASSIGN ASSIGN x=y [...] /sta Redirects disk drive requests to a different drive. ATTRIB ATTRIB [d:][path]filename [/S] Sets or displays the read-only, archive, ATTRIB [+R|-R] [+A|-A] [+S|-S] [+H|-H] [d:][path]filename [/S] system, and hidden attributes of a file or directory. BACKUP BACKUP d:[path][filename] d:[/S][/M][/A][/F:(size)] [/P][/D:date] [/T:time] Makes a backup copy of one or more [/L:[path]filename] files. (In DOS Version 6, this program is stored on the DOS supplemental disk.) BREAK BREAK =on|off Used from the DOS prompt or in a batch file or in the CONFIG.SYS file to set (or display) whether or not DOS should check for a Ctrl + Break key combination. BUFFERS BUFFERS=(number),(read-ahead number) Used in the CONFIG.SYS file to set the number of disk buffers (number) that will be available for use during data input. Also used to set a value for the number of sectors to be read in advance (read-ahead) during data input operations. CALL CALL [d:][path]batchfilename [options] Calls another batch file and then returns to current batch file to continue. CHCP CHCP (codepage) Displays the current code page or changes the code page that DOS will use. CHDIR CHDIR (CD) [d:]path Displays working (current) directory CHDIR (CD)[..] and/or changes to a different directory.
  • Counter-Forensic Privacy Tools a Forensic Evaluation

    Counter-Forensic Privacy Tools a Forensic Evaluation

    Counter-Forensic Privacy Tools A Forensic Evaluation Matthew Geiger, Lorrie Faith Cranor June 2005 CMU-ISRI-05-119 Institute for Software Research, International, Carnegie Mellon University School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213-3890 Abstract Modern operating systems and the applications that run on them generate copious amounts of data about their users’ activity. Users are increasingly aware of their privacy exposure from these records and from digital artifacts that linger after files are “deleted” on computers they use. Efforts to redress this privacy exposure have spawned a range of counter-forensic privacy tools – software designed to irretrievably eliminate records of computer system usage and other sensitive data. In this paper, we use forensic tools and techniques to evaluate the effectiveness of six counter-forensic software packages. The results highlight some significant shortfalls in the implementation and approach of these tools, leading to privacy concerns about the exposure of sensitive data. The findings also raise questions about the level of privacy protection that is realistic to expect from these tools, and others that take a similar approach. TABLE OF CONTENTS Introduction ........................................................................................3 Background.........................................................................................5 Testing Methodology.............................................................................7 Privacy tool testing...............................................................................9
  • Data Erasure on Magnetic Storage

    Data Erasure on Magnetic Storage

    “HENRI COANDA” GERMANY “GENERAL M.R. STEFANIK” AIR FORCE ACADEMY ARMED FORCES ACADEMY ROMANIA SLOVAK REPUBLIC INTERNATIONAL CONFERENCE of SCIENTIFIC PAPER AFASES 2011 Brasov, 26-28 May 2011 DATA ERASURE ON MAGNETIC STORAGE Mihăiţă IVAŞCU Metra, Bucharest, Romania Abstract: User data is left is left on the hard drives removed from computers and storage systems, creating a data security vulnerability that many users are unaware of. This is mostly due the fact that normal “delete” or “format” commands leave data intact on a user computer. The cardinal rule of computer storage design has been to protect user data at all costs. Disk drives supply primary mass storage for computer systems designed to prevent accidental erasure of data. Techniques such as “recycle” folders and “unerase” commands are common ways that operating systems try to prevent accidental sanitization of user data. Deletion of file pointers is standard to speeds data writing, because actual overwriting of file data is far slower. These measures taken to protect and speed access to user data can make that data vulnerable to recovery by unauthorized persons. There is an urgent need for a capability to reliably erase data and prevent access to data from retired computer hard disk drives for security and privacy reasons. Data sanitization needs arise differently depending upon user application. The current work presents standards for data erasure, most important methods of data sanitization of hard disk drives and presents how a customized method of data erasure can be implemented. Keywords: recycle, data sanitization, recovery, security vulnerability 1. INTRODUCTION 2. COMPLETE ERASURE OF USER DATA When a computer is lost or disposed of, active and discarded data typically remains 2.1 Known methods of “deleting” data.
  • Command Control Interface Command Reference Error Codes

    Command Control Interface Command Reference Error Codes

    Command Control Interface 01-43-03-01 Command Reference This document describes and provides instructions for using the Command Control Interface (CCI) software to configure and perform operations on the Hitachi RAID storage systems. Hitachi Virtual Storage Platform G series and F series Hitachi Virtual Storage Platform Hitachi Unified Storage VM Hitachi Universal Platform V/VM MK-90RD7009-33 October 2017 © 2010, 2017 Hitachi, Ltd. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, or stored in a database or retrieval system for commercial purposes without the express written permission of Hitachi, Ltd., or Hitachi Vantara Corporation (collectively, “Hitachi”). Licensee may make copies of the Materials provided that any such copy is: (i) created as an essential step in utilization of the Software as licensed and is used in no other manner; or (ii) used for archival purposes. Licensee may not make any other copies of the Materials. "Materials" mean text, data, photographs, graphics, audio, video and documents. Hitachi reserves the right to make changes to this Material at any time without notice and assumes no responsibility for its use. The Materials contain the most current information available at the time of publication. Some of the features described in the Materials might not be currently available. Refer to the most recent product announcement for information about feature and product availability, or contact Hitachi Vantara Corporation at https://support.HitachiVantara.com/ en_us/contact-us.html. Notice: Hitachi products and services can be ordered only under the terms and conditions of the applicable Hitachi agreements.