According to Pfitzner R., 2003, at least 33 overwrite passes with pseudo-random data are required to irrecoverably destroy the contents of a hard disk.
There are several different overwriting patterns, proposed by various intelligence, the military and government organisations. It is unlikely that a government publishes a method that will protect you from its law enforcement and intelligence agencies at the date of publication. E.g. the DoD 5220.22-M pattern (3 passes) is not approved for sanitizing media that contains secret or top-secret information by the DoD itself.
Renowned security expert Peter Gutmann explains:
"The ... problem with official data destruction standards is that the information in them may be partially inaccurate in an attempt to fool opposing intelligence agencies (which is probably why a great many guidelines on sanitizing media are classified)." (Gutmann P, 1996) .
The original NISPOM (National Industrial Security Program Operating Manual = DoD 5220.22 M) was first published in 1995. When you look at Chapter 8 section 306, you can see the "Clearing and Sanitization Matrix" which prescribes the well-known 3-pass pattern for hard drives. So far, so good. Since then NISPOM has been changed twice: in July 1997 and February 2001. After the 2001 change, the recommended 3-pass pattern vanished. The updated NISPOM now only contains a general description (8.301) of what Clearing(a) and Sanitization( mean.
Goodbye to the following?
US DoD 5220.22-M (8-306./E) (3 passes)
US DoD 5220.22-M (8-306./E,C and E) (7 passes)
This might indicate that the progress in hard disk technology with increasing densities causes considerable problems to those trying to recover deleted information. Maybe progress in computer forensics is much slower than required to fill the gap.
In 2003, Dipl-Ing. Roy Pfitzner, a German IT security expert, wrote an explosive paper about the secure removal of data:
Pfitzner, R.: Sicheres L?schen von Dateien ? Standards, L?schtools, Empfehlungen.
Der Landesbeauftragte f?r den Datenschutz und f?r das Recht auf Akteneinsicht Brandenburg, Internes Arbeitspapier, 2003.
This translates to:
Pfitzner, R.: Secure Deletion of Files - Standards, Erasure Tools, Recommendations.
The Federal Commissioner for Privacy Protection and the Right for access records Brandenburg, internal working paper, 2003.
As far as I know, Mr Pfitzner then worked for the Commissioner for Privacy Protection of the federal state Brandenburg. In 2003 (or 2004), he asked to be transferrred to a superior rank within the Department of Strategic Planning and Innovation in the Department of the Interior of the Federal State Brandenburg. (The Spiegel news report said that he also worked for Interior when he wrote the paper.)
Until today, his paper is classified and thus not available to the general public. Fortunately there are 2 documents that give us at least some information from his paper.
The first document is a report by German news magazine Der Spiegel in December 2003 (52/2003). According to the journalists, Pfitzner said that data could be retrieved even if it was overwritten 20 times and that one would have to overwrite more than 30 times with random data to achieve a security level that would defy the capabilities of
law enforcement and intelligence agencies.
The second document is an orientation guide on secure data removal:
Grundlagen, Werkzeuge und Empfehlungen aus Sicht des Datenschutzes
Translation:
Orientation guide "Secure Sanitization of magnetic data storage media"
Basics, Tools and Recommendations for Data Privacy Purposes
It has been published in October 2004 by the working committee "Technical and Organizational Issues in Privacy Protection" of the Conference of Commissioners for Privacy Protection of the federal states of Germany and the national Commissioner.
This orientation guide is a review of methods for the secure deletion of data from hard disks and other media. Most of the information is based on Pfitzner's classified paper (it's cited).
According to the guide, the classified Pfitzner paper says:
- 33 overwrite passes with random data are sufficient such that with a probability of 0,99 every magnetic domain gets re-orientated at least twice -> Very High security level
- 7 overwrite passes with random data are sufficient such that with a probability of 0,99 every magnetic domain gets re-orientated at least once -> Medium security level.
However rumours abound the most passes that U.S government can recover data wiped with up to 14 passes! That being said, Britain's national standard for overwriting files is 38!!!!
PS. The Gutmann method is unnecessary since MLM method of writing data to magnetic media is now obsolete, BUT some still prefer it!!
Additional Wiping Methods
in CCleaner Suggestions
Posted
According to Pfitzner R., 2003, at least 33 overwrite passes with pseudo-random data are required to irrecoverably destroy the contents of a hard disk.
There are several different overwriting patterns, proposed by various intelligence, the military and government organisations. It is unlikely that a government publishes a method that will protect you from its law enforcement and intelligence agencies at the date of publication. E.g. the DoD 5220.22-M pattern (3 passes) is not approved for sanitizing media that contains secret or top-secret information by the DoD itself.
Renowned security expert Peter Gutmann explains:
"The ... problem with official data destruction standards is that the information in them may be partially inaccurate in an attempt to fool opposing intelligence agencies (which is probably why a great many guidelines on sanitizing media are classified)." (Gutmann P, 1996) .
The original NISPOM (National Industrial Security Program Operating Manual = DoD 5220.22 M) was first published in 1995. When you look at Chapter 8 section 306, you can see the "Clearing and Sanitization Matrix" which prescribes the well-known 3-pass pattern for hard drives. So far, so good. Since then NISPOM has been changed twice: in July 1997 and February 2001. After the 2001 change, the recommended 3-pass pattern vanished. The updated NISPOM now only contains a general description (8.301) of what Clearing(a) and Sanitization(
mean.
Goodbye to the following?
US DoD 5220.22-M (8-306./E) (3 passes)
US DoD 5220.22-M (8-306./E,C and E) (7 passes)
This might indicate that the progress in hard disk technology with increasing densities causes considerable problems to those trying to recover deleted information. Maybe progress in computer forensics is much slower than required to fill the gap.
In 2003, Dipl-Ing. Roy Pfitzner, a German IT security expert, wrote an explosive paper about the secure removal of data:
Pfitzner, R.: Sicheres L?schen von Dateien ? Standards, L?schtools, Empfehlungen.
Der Landesbeauftragte f?r den Datenschutz und f?r das Recht auf Akteneinsicht Brandenburg, Internes Arbeitspapier, 2003.
This translates to:
Pfitzner, R.: Secure Deletion of Files - Standards, Erasure Tools, Recommendations.
The Federal Commissioner for Privacy Protection and the Right for access records Brandenburg, internal working paper, 2003.
As far as I know, Mr Pfitzner then worked for the Commissioner for Privacy Protection of the federal state Brandenburg. In 2003 (or 2004), he asked to be transferrred to a superior rank within the Department of Strategic Planning and Innovation in the Department of the Interior of the Federal State Brandenburg. (The Spiegel news report said that he also worked for Interior when he wrote the paper.)
Until today, his paper is classified and thus not available to the general public. Fortunately there are 2 documents that give us at least some information from his paper.
The first document is a report by German news magazine Der Spiegel in December 2003 (52/2003). According to the journalists, Pfitzner said that data could be retrieved even if it was overwritten 20 times and that one would have to overwrite more than 30 times with random data to achieve a security level that would defy the capabilities of
law enforcement and intelligence agencies.
The second document is an orientation guide on secure data removal:
Original title:
Orientierungshilfe ?Sicheres L?schen magnetischer Datentr?ger?
Grundlagen, Werkzeuge und Empfehlungen aus Sicht des Datenschutzes
Translation:
Orientation guide "Secure Sanitization of magnetic data storage media"
Basics, Tools and Recommendations for Data Privacy Purposes
It has been published in October 2004 by the working committee "Technical and Organizational Issues in Privacy Protection" of the Conference of Commissioners for Privacy Protection of the federal states of Germany and the national Commissioner.
This orientation guide is a review of methods for the secure deletion of data from hard disks and other media. Most of the information is based on Pfitzner's classified paper (it's cited).
According to the guide, the classified Pfitzner paper says:
- 33 overwrite passes with random data are sufficient such that with a probability of 0,99 every magnetic domain gets re-orientated at least twice -> Very High security level
- 7 overwrite passes with random data are sufficient such that with a probability of 0,99 every magnetic domain gets re-orientated at least once -> Medium security level.
SOURCE: http://mareichelt.de/pub/notmine/sanitizing.html
7 passes is the national standard for the U.S. government, the NSA, and many different branches of the U.S. government.
Canadian RCMP TSSIT OPS-II: <http://www.rcmp-grc.gc.ca/tsb/pubs/it_sec/g2-003_e.pdf>an 8 drive-wiping passes with a random byte in the overwrite sequence changed each time.
However rumours abound the most passes that U.S government can recover data wiped with up to 14 passes! That being said, Britain's national standard for overwriting files is 38!!!!
PS. The Gutmann method is unnecessary since MLM method of writing data to magnetic media is now obsolete, BUT some still prefer it!!