svn commit: r214431 - head/bin/rm
rwatson at FreeBSD.org
Fri Oct 29 11:10:19 UTC 2010
On Fri, 29 Oct 2010, Bruce Cran wrote:
> On Thu, 28 Oct 2010 14:11:14 -0700 Garrett Cooper <gcooper at FreeBSD.org>
>> Unfortunately it's implied superficially by the 3 pass tort; but as most
>> people who understand magnetic disks know, unless you completely obliterate
>> a disk, wipe over it with random data enough times, whatever, the content
>> is still on the disk and retrievable via various methods... I agree that
>> this advice should be placed near the flag itself so that people completely
>> understand the implications of the feature.
> I believe the only method 10-15 years ago would have been a scanning
> electron microscope, but that probably isn't possible with today's disks.
> Simply writing zeros once is enough to obliterate all the data (except for
> any remapped sectors).
Especially given modern magnetic disk densities. However, the problem with
flash memory is quite interesting -- because of device wear-leveling. People
who really care about forensic extraction of flash disks bypass the normal
interface in order to (a) follow best practices on not powering on devices and
(b) bypass the wear-levelling abstraction, revealing the underlying disk
blocks and wear-levelling meta-data. As a result, they often have access to
large numbers of believed-deleted and even believed-overwritten blocks
(although how much depends on the algorithm, fill ratio, usage patterns, etc).
More information about the svn-src-head