How do I sanitize a hard drive?

[David H. Lipman]

Watch out for the "back door draft" -- Maybe with your experience and knowledge you'll just
do IA for the JTF-GNO.

Dave



| Used to work at the company.
|
| I am in the Active Reserves. (was recalled recently)
|
| The earlier mention in this thread had to do with SBU/FOUO stuff; I
| mentioned degaussing was for classified systems. It is, and that is also
| DoD standard.
|
|
|
|
| | > Well that's different. The CIA does not fall under the DoD and thereby
| > has their own set of
| > regulations.
| >
| > However I am confused over the tense. Past or present. You stated "I
| > still work at in the
| > reserves" - which falls under the DoD.
| > Now you say "...was the CIA.".
| >
| > I guess at this juncture the point is moot.
| >
| > Dave
| >
| >
| >
| >
| > | > | My facility was the CIA, and we degaussed our machines.
| > |
| > | I did mention classified... Right?
| > |
| > |
| > |
| > |
| > |
| > | | > | > The Acting Under Secretary of Defense (AUSD) Linton Wells II put out a
| > | > memo ~6/2001 entitled
| > | > "Disposition of Unclassified DoD Computer Hard Drives"
| > | > This memorandum was the culmination based upon two other DoD
| > memorandum.
| > | > 1) "Destruction of DoD Computer Hard Drives Prior to Disposal" -
| > | > 1/8/2001
| > | > 2) "Disposition of Unclassified DoD Computer Hard Drives" -
| > 5/29/2001
| > | >
| > | > This memorandum lays out what is required for hard disks that contain
| > | > Sensitive But
| > | > Unclassified (SBU, Aka; US2 data).
| > | >
| > | > Attached is a JPEG extraction from this memo detailing what is
| > required by
| > | > software to
| > | > sanitize a hard disk.
| > | >
| > | > Classified and above hard disks are sent to the NSA at Fort George
| > Meade,
| > | > MD, for
| > | > destruction.
| > | >
| > | > Your "facility" should be sending media holding classified data to the
| > | > NSA.
| > | >
| > | > Dave
| > | >
| > | >
| > | >
| > | >
| > | > | > | > | Not if they're TS or compartmentalized. At least not at the
| > facility I
| > | > | still work at in the reserves...
| > | > |
| > | > |
| > | > |
| > | > | | > | > | > Steve Clark [MSFT] wrote:
| > | > | >
| > | > | >>
| > | > | >> Degaussing will "nuke" anything on the drive... This is what the
| > | > | >> government does on systems that they want to destroy that
| > processed
| > | > | >> classified data.
| > | > | >>
| > | > | >>
| > | > | >>
| > | > | > Actually, we only degauss or shred those hard drives that cannot
| > be
| > | > | > salvaged and reused, because of mechanical failure. For
| > servicable
| > | > hard
| > | > | > drives, we use software to write zeros and ones over the entire
| > | > surface
| > | > | > several times, and then format the drives and put them to
| > | > non-classified
| > | > | > use.
| > | > | >
| > | > | > --
| > | > | >
| > | > | > Bruce Chambers
| > | > | >
| > | > | > Help us help you:
| > | > | >
| > | > | >
| > | > | >
| > | > | > You can have peace. Or you can have freedom. Don't ever count on
| > | > having
| > | > | > both at once. - RAH
| > | > |
| > | > |
| > | >
| > | >
| > | >
| > | >
| > | >
| > |
| > |
| >
| >
|
|

 

[cquirke (MVP Win9x)]

there are a few DOD class apps that will wipe drives with many passes -
a search on google.com should provide links to many.

There's a standard DoD wipe protocol, but the DoD itself may no longer
rely on that for maximum safety; I suspect they'll incinerate instead.

It's theoretically possible to read disk at an analog level and then
deduce what has been overwritten. There are three dimensions to do
this in; linear offset, radial offset, and signal depth. Combining
those may allow a particular session to be "tuned in".

The resources to do this are beyond your average script kiddie, sure,
but if it's national budgets or multi-national resources, then worry.

---------- ----- ---- --- -- - - - -

On the 'net, *everyone* can hear you scream

 

[David H. Lipman]

See my reply to Steve earlier in this thread and the JPEG attachment.

Dave




| >In article <[email protected]>, fangio-
|
| >there are a few DOD class apps that will wipe drives with many passes -
| >a search on google.com should provide links to many.
|
| There's a standard DoD wipe protocol, but the DoD itself may no longer
| rely on that for maximum safety; I suspect they'll incinerate instead.
|
| It's theoretically possible to read disk at an analog level and then
| deduce what has been overwritten. There are three dimensions to do
| this in; linear offset, radial offset, and signal depth. Combining
| those may allow a particular session to be "tuned in".
|
| The resources to do this are beyond your average script kiddie, sure,
| but if it's national budgets or multi-national resources, then worry.
|
|
|
| >---------- ----- ---- --- -- - - - -
| On the 'net, *everyone* can hear you scream
| >---------- ----- ---- --- -- - - - -

 

[Steve Clark [MSFT]]

Nope, I was OC OCONUS for the company. I'm a NA for the Corps now in the
Reserves. (MOS 7529)

Watch out for the "back door draft" -- Maybe with your experience and
knowledge you'll just
do IA for the JTF-GNO.

Dave



| Used to work at the company.
|
| I am in the Active Reserves. (was recalled recently)
|
| The earlier mention in this thread had to do with SBU/FOUO stuff; I
| mentioned degaussing was for classified systems. It is, and that is
also
| DoD standard.
|
|
|
|
| | > Well that's different. The CIA does not fall under the DoD and
thereby
| > has their own set of
| > regulations.
| >
| > However I am confused over the tense. Past or present. You stated "I
| > still work at in the
| > reserves" - which falls under the DoD.
| > Now you say "...was the CIA.".
| >
| > I guess at this juncture the point is moot.
| >
| > Dave
| >
| >
| >
| >
| > | > | My facility was the CIA, and we degaussed our machines.
| > |
| > | I did mention classified... Right?
| > |
| > |
| > |
| > |
| > |
| > | | > | > The Acting Under Secretary of Defense (AUSD) Linton Wells II put
out a
| > | > memo ~6/2001 entitled
| > | > "Disposition of Unclassified DoD Computer Hard Drives"
| > | > This memorandum was the culmination based upon two other DoD
| > memorandum.
| > | > 1) "Destruction of DoD Computer Hard Drives Prior to
Disposal" -
| > | > 1/8/2001
| > | > 2) "Disposition of Unclassified DoD Computer Hard Drives" -
| > 5/29/2001
| > | >
| > | > This memorandum lays out what is required for hard disks that
contain
| > | > Sensitive But
| > | > Unclassified (SBU, Aka; US2 data).
| > | >
| > | > Attached is a JPEG extraction from this memo detailing what is
| > required by
| > | > software to
| > | > sanitize a hard disk.
| > | >
| > | > Classified and above hard disks are sent to the NSA at Fort George
| > Meade,
| > | > MD, for
| > | > destruction.
| > | >
| > | > Your "facility" should be sending media holding classified data to
the
| > | > NSA.
| > | >
| > | > Dave
| > | >
| > | >
| > | >
| > | >
| > | > | > | > | Not if they're TS or compartmentalized. At least not at the
| > facility I
| > | > | still work at in the reserves...
| > | > |
| > | > |
| > | > |
| > | > | | > | > | > Steve Clark [MSFT] wrote:
| > | > | >
| > | > | >>
| > | > | >> Degaussing will "nuke" anything on the drive... This is what
the
| > | > | >> government does on systems that they want to destroy that
| > processed
| > | > | >> classified data.
| > | > | >>
| > | > | >>
| > | > | >>
| > | > | > Actually, we only degauss or shred those hard drives that
cannot
| > be
| > | > | > salvaged and reused, because of mechanical failure. For
| > servicable
| > | > hard
| > | > | > drives, we use software to write zeros and ones over the
entire
| > | > surface
| > | > | > several times, and then format the drives and put them to
| > | > non-classified
| > | > | > use.
| > | > | >
| > | > | > --
| > | > | >
| > | > | > Bruce Chambers
| > | > | >
| > | > | > Help us help you:
| > | > | >
| > | > | >
| > | > | >
| > | > | > You can have peace. Or you can have freedom. Don't ever count
on
| > | > having
| > | > | > both at once. - RAH
| > | > |
| > | > |
| > | >
| > | >
| > | >
| > | >
| > | >
| > |
| > |
| >
| >
|
|