handslive

Today's work related reading and assessment included starting some compare and contrast review of NIST's Guidelines for Media Sanitization and the Canadian Communication Security Establishment's document on Clearing and Declassifying Electronic Storage Devices. I've only just got started on this, but one key point seems to be that NIST is satisfied with a single overwrite with any value (0s, 1s, random patterns, whatever) and CSE wants an overwrite with some value (e.g., 0), an overwrite with its inverse (e.g., 1), and then an overwrite with a preset value (e.g. 0xDEAD 0xBEEF) for verification purposes. A three pass overwrite more or less conforms to most guidance you'll find online although they don't usually do exactly what CSE is asking for there. Recovering anything from a drive that's had a full overwrite of all writeable sectors usually requires special equipment (from specialized software and hardware all the way up to electron microscopes in a lab). NIST feels you should just plan on destroying the drive if electron microscopes are something that'll be used against you. So does CSE, but they think you should do a 3 pass overwrite first before shoving the drive into an industrial shredder (which, btw, needs to break the drive down into parts no bigger than 10mm² if it's had top secret data on it at some point -- a bit more than half the size of a dime) and then mix the pieces with pieces of drives that weren't as sensitive. No question, this is your super villian scenario right here, except the US and the UK are potential super villians.