Advanced Search
CS Search Google Search
Subscribers, please login

Published Articles >> Table of Contents >> Abstract

Publication Home Page
January-February 2003 (Vol. 1, No. 1)   pp. 17-27
Remembrance of Data Passed: A Study of Disk Sanitization Practices
Simson L. Garfinkel, Massachusetts Institute of Technology
Abhi Shelat, Massachusetts Institute of Technology
Full Article Text: View linked HTML of full textDownload PDF of full textBuy this articleGet full text from IEEE Xplore

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSECP.2003.1176992
Send link to a friend

Abstract
Many discarded hard drives contain information that is both confidential and recoverable, as the authors' own experiment shows. The availability of this information is little publicized, but awareness of it will surely spread.
References
[1] Network Associates, PGP Windows 95, 98 and NT User's Guide, Version 6.0. 1998; version 6.02 includes the pgpdisk encrypted file system and is available for download atwww.pgpi.org/productspgpdisk.
[2] M. Blaze, "A Cryptographic File System for Unix," Proc. First ACM Conf. on Communication and Computing Security, ACM Press, 1993, pp. 9-16.
[3] Microsoft, "Encrypting File System for Windows 2000," www.microsoft.com/windows2000/techinfo/howitworks/ securityencrypt.asp.
[4] J. Hasson, "V.A. Toughens Security after PC Disposal Blunders," Federal Computer Week,26 Aug. 2002; www.fcw.com/fcw/articles/2002/0826news-va-08-26-02.asp .
[5] M. Villano, "Hard-Drive Magic: Making Data Disappear Forever," New York Times,2 May 2002.
[6] J. Lyman, "Troubled Dot-Coms May Expose Confidential Client Data," NewsFactor Network,8 Aug. 2001; www.newsfactor.com/perl/story12612.html.
[7] J. Markoff, "Patient Files Turn Up in Used Computer," New York Times,4 Apr. 1997.
[8] S. Berinato, "Good Stuff Cheap," CIO,15 Oct. 2002, pp. 53-59.
[9] National Computer Security Center, "A Guide to Understanding Dataremanence in Automated Information Systems," Library No. 5-236,082, 1991, NCSC-TG-025;www.radium.ncsc.mil/tpep/library/rainbow NCSC-TG- 028.ps.
[10] California v. Greenwood, 486 US 35, 16 May 1988.
[11] Microsoft, "Microsoft Extensible Firmware Initiative FAT32 File System Specification,"6 Dec. 2000; www.microsoft.com/hwdev/download/hardware fatgen103.pdf.
[12] US Department of Defense, "Cleaning and Sanitization Matrix," DOS 5220.22-M, Washington, D.C., 1995; www.dss.mil/isecnispom_0195.htm.
[13] P. Gutmann, "Secure Deletion of Data from Magnetic and Solid-State Memory," Proc. Sixth Usenix Security Symp., Usenix Assoc., 1996; www.cs.auckland.ac.nz/~pgut001/pubssecure_del.html .
[14] T. Vier, "Wipe 2.1.0,"14 Aug. 2002; http://sourceforge.net/projectswipe.
[15] D. Millar, "Clean Out Old Computers Before Selling/Donating," June 1997; www.upenn.edu/computing/security/advisories old computers.html.
[16] National Institute of Standards and Technology, "National Software Reference Library Reference Data Set"; www.nsrl.nist.gov.
[17] D.K. Gifford et al., “Semantic File Systems,” Thirteenth ACM Symp. on Operating Systems Principles, ACM, New York, 1991. Available inOperating Systems Rev., Vol. 25,No.5.
[18] G. Di Crescenzo et al., "How to Forget a Secret," Symposium Theoretical Aspects in Computer Science (STACS 99), Lecture Notes in Computer Science, Springer-Verlag, Berlin, 1999, pp. 500-509.
Additional Information
Index Terms- Data Forensics

Citation:  Simson L. Garfinkel, Abhi Shelat, "Remembrance of Data Passed: A Study of Disk Sanitization Practices," IEEE Security and Privacy, vol. 01,  no. 1,  pp. 17-27,  January-February,  2003

RSS Feed

Similar Articles

Abstract Contents
Abstract
References
Index Terms
Citation

Download Citation
Ascii Text
BibTex
RefWorks
Procite/RefMan/Endnote




Free access to

  • Abstracts
  • Selected PDFs

Electronic subscribers login to:

  • Access HTML/PDFs of full text articles

Subscription information

Get a Web account

PDFs require Adobe Acrobat Reader.

Peer Review Notice

Give us Feedback