Data Remanence

1
Data Remanence

• Brandon Ochs

2
Overview

• Introduction
• Causes
• Countermeasures
• Complications

3
Introduction

• Data remanence is the residual representation of
  data that has been in some way nominally erased
  or removed

4
Causes

• Files may not be deleted immediately
• Most computers do not remove the contents of a
  file when deleted
• Enough metadata may be left behind to restore the
  file

5
Metadata

• Data about data
• Required of effective data management

6
Countermeasures

• Clearing requires a lot of effort to recover
• Purging cannot possibly be recovered

7
Overwriting

• Overwrite the store device with new data
• Can be implemented through software
• Can use different
• overwrite patterns
• Takes a lot of time

8
Overwriting Patterns

• Writing all zeros
• Alternating ones and zeros
• Complement or bitwise NOT
• Some areas of disk may not be accessible

9
Gutmann Method

• Algorithm for erasing hard drive
• Write a series of
• 35 patterns over
• region
• Patterns specific
• to encoding
• mechanism of
• drive

10

11
DoD Standards

• Overwriting no longer acceptable method
• Degaussing or
• Physical destruction

12
Degaussing

• Reduction or removal of a magnetic field
• May purge the entire device
• Renders the hard disk inoperable

13
Encryption

• Encrypting can eliminate data remanence
• Data may be unrecoverable

14
Physical Destruction

• Guaranteed to eliminate data remanence if done
  properly
• Most expensive of the techniques
• Small fragments may still contain data

15
Physical Destruction Methods

• Physically breaking the
• media apart, by grinding,
• shredding
• Incinerating
• Phase transition (liquification
• or vaporization of a solid disk)
• Application of corrosive chemicals, such as
  acids, to recording surfaces
• For magnetic media, raising its temperature above
  the Curie point (1400F for steel, 800F for most
  HDD alloys)

16
Head Crashing

• Bad Parking
• Manual power down
• Modern disks have a
• retract mechanism

17
Magnets?

• Consumer-grade magnets dont cut it
• Strength of magnet required
• to completely
• destroy data
• would bend the
• platter and casing

18
Guard Dog

• Developed by Georgia Tech Research Institute
• uses a 125 pound magnet delivered via hand crank

19
Complications

• Inaccessible media areas
• Advanced Storage
• Systems
• Optical Media
• Data in RAM

20
Inaccessible Media Areas

• Areas may become inaccessible
• Bad sectors on hard drives
• Make overwriting ineffective

21
Advanced Storage Systems

• Make overwriting ineffective
• Especially hard to overwrite single files
• Built in revision control
• May be duplicate data

22
Optical Media

• Non magnetic
• Write-once media cannot be overwritten
• Safest to physically destroy
• Throw it in the microwave!

23
Data In RAM

• May retain data at room temperature
• Data remains longer at low temperatures
• Partial data greatly
• reduces search space

24

25
Oscilloscopes

• Can be used to look at hard drive sectors
• Write head is not 100 accurate
• Peaks and valleys
• become entrenched
• over time
• Media not truly digital

26
Conclusion

• Data is not truly eliminated from media when
  erased
• Safest way is to physically destroy
• Oscilloscopes make overwriting unsafe
• Encryption is relatively strong, but is
  susceptible to recovering data in RAM

27
Questions

• What is the difference between purging and
  clearing?
• What are two DoD acceptable methods for
  eliminating data?

28
References

• Peter Gutmann (July 1996). "Secure Deletion of
  Data from Magnetic and Solid-State Memory".
  Retrieved on 2008-4-08.
• Sergei Skorobogatov (June 2002). "Low temperature
  data remanence in static RAM". University of
  Cambridge, Computer Laboratory.
• Media Destruction Guidance. NSA. Retrieved on
  2008-4-08.