Hi, I hate to send to a post when it is so far gone but I wanted to put my views, as always. Like normal please let me know if my assumptions are flawed. -=-=Wiping Drive=-=- Make sure it foobars the MBR etc. New drives do not always come clean, can contain prior information (eg platter been reused) Wipe drive to decommission hardware (eg getting rid of 486s) Wipe drive to change ownership (still going to authorised person however they don't need to know) Wipe drive to use in examination (should verify the write worked by using crc programs etc) Send random data then zero would improve security for paranoid people??? (just a thought) -=-=Filesystem dependant=-=- If you wish to only clean a specific part of a hard drive. PGP and nortons even OS9 install wizard have the (If you have a drive that you use to examine partial case information (say) you may wish to wipe your data partition.) I get the impression in documents relating to this field that media does not get touched on as much. How do you examine zip/jaz/tape/dvdram. I have seen photocopiers with 11gb hard drives do these also get searched. If so how is this done, also are these drives wiped before they get decommissioned? In the below new article it mentions the "Pentagon Reverses Order to Destroy Old Hard Drives" http://dailynews.yahoo.com/h/nm/20010608/od/pentagon_dc_1.html?&_ref=1610027298 Like all security topics you should perform a threat assessment and use this to determine what procedures and processes should be put in place so that it people know what they should do in each situation. Daniel Heinonen
This archive was generated by hypermail 2b30 : Fri Jun 22 2001 - 15:00:19 PDT