NYCPHP Meetup

NYPHP.org

[nycphp-talk] OT: Permanently delete files

max max at neuropunks.org
Thu May 12 10:31:17 EDT 2005


Hi,
If you mean secure multipass deletion, this seems to be pretty cool:
http://www.download.com/Eraser/3000-2092_4-10231813.html?tag=lst-0-5

But consider this (waaaay OT, from recent Bugtraq post):

-----
Hello,

Device Configuration Overlays (DCO) is a not so well known optional feature set in the ATA-6 standard and forwards. It is supported by a lot of, but not all, modern disks. Using DCO it is possible to tell a disk that it should appear smaller than it really is, thus hiding an arbitrarily large part of the disk from the operating system.

We have made some tests with DCO and a few common imaging and wiping tools. It seems that most tools are *not* capable of handling DCO at all.

For example we have found that even using the DOS boot floppy of EnCase Forensic Edition 4.18a, the part of a disk hidden with DCO will not get aquired.

Another really bad thing is that disk wipe tools do not wipe a disk with a DCO set on it. For example, the very common tool ExpertEraser 2.0 from IBAS can be tricked into wiping as little of a disk as wished by setting a DCO on the disk before the wipe.

I would like to emphasize that these are only examples of tools that cannot handle DCO, so simply switching to another manufacturers tool will *not* solve the problem. Because the issue affects so many tools we have chosen not to try to contact all manufacturers before releasing this information.

There is a freeware tool coded by me that can set & discover & remove DCO:

http://vidstrom.net/stools/taft/

We have been using it for our research for a few months now but I haven't published it until now.

Also, I have written a report (which was finished already in January this year) on this and other issues related to ATA and Computer Forensics but it has taken time to get it through all the formalities with classification and such, so it will probably take another couple of weeks before I can publish it.


Regards /Arne Vidström

Researcher, IT Security
Swedish Defence Research Agency
http://www.foi.se



On Thu, May 12, 2005 at 10:10:52AM -0400, Jeff Siegel wrote:
> Can anyone recommend a utility for permanently deleting files from a Windows
> machine?
>  
> Jeff

> _______________________________________________
> New York PHP Talk Mailing List
> AMP Technology
> Supporting Apache, MySQL and PHP
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.nyphp.org



More information about the talk mailing list