research-article

Remembrance of Data Passed: A Study of Disk Sanitization Practices

Authors:

Simson L. Garfinkel,

Abhi ShelatAuthors Info & Claims

IEEE Security and Privacy, Volume 1, Issue 1

Pages 17 - 27

https://doi.org/10.1109/MSECP.2003.1176992

Published: 01 January 2003 Publication History

Abstract

Many discarded hard drives contain information that is both confidential and recoverable, as the authors' own experiment shows. The availability of this information is little publicized, but awareness of it will surely spread.

References

[1]

Network Associates, PGP Windows 95, 98 and NT User's Guide, Version 6.0. 1998; version 6.02 includes the pgpdisk encrypted file system and is available for download at www.pgpi.org/products/pgpdisk.

[2]

M. Blaze, "A Cryptographic File System for Unix," 1st ACM Conf. Comm. and Computing Security, ACM Press, New York, 1993, pp. 9-16.

Digital Library

[3]

Microsoft, "Encrypting File System for Windows 2000," www.microsoft.com/windows2000/techinfo/howitworks/security/encrypt.asp.

[4]

J. Hasson, "V.A. Toughens Security after PC Disposal Blunders," Federal Computer Week, 26 Aug. 2002; www.fcw.com/fcw/articles/2002/0826/news-va-08-26-02.asp.

[5]

M. Villano, "Hard-Drive Magic: Making Data Disappear Forever," New York Times, 2 May 2002.

[6]

J. Lyman, "Troubled Dot-Coms May Expose Confidential Client Data," NewsFactor Network, 8 Aug. 2001; www.newsfactor.com/perl/story/12612.html.

[7]

J. Markoff, "Patient Files Turn Up in Used Computer," New York Times, 4 Apr. 1997.

[8]

S. Berinato, "Good Stuff Cheap," CIO, 15 Oct. 2002, pp. 53-59.

[9]

National Computer Security Center, "A Guide to Understanding Dataremanence in Automated Information Systems," Library No. 5-236,082, 1991, NCSC-TG-025; www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG- 028.ps.

[10]

California v. Greenwood, 486 US 35, 16 May 1988.

[11]

Microsoft, "Microsoft Extensible Firmware Initiative FAT32 File System Specification," 6 Dec. 2000; www.microsoft.com/hwdev/download/hardware/fatgen103.pdf.

[12]

US Department of Defense, "Cleaning and Sanitization Matrix," DOS 5220.22-M, Washington, D.C., 1995; www.dss.mil/isec/nispom_0195.htm.

[13]

P. Gutmann, "Secure Deletion of Data from Magnetic and Solid-State Memory," Proc. Sixth Usenix Security Symp., Usenix Assoc., 1996; www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html.

Digital Library

[14]

T. Vier, "Wipe 2.1.0," 14 Aug. 2002; http://sourceforge.net/projects/wipe.

[15]

D. Millar, "Clean Out Old Computers Before Selling/Donating," June 1997; www.upenn.edu/computing/security/advisories/old computers.html.

[16]

National Institute of Standards and Technology, "National Software Reference Library Reference Data Set"; www.nsrl.nist.gov.

[17]

D.K. Gifford, et al., "Semantic File Systems," Proc. 13th ACM Symp. on Operating Systems Principles, ACM Press, 1991, pp. 16-25.

Digital Library

[18]

G. Di Crescenzo, et al., "How to Forget a Secret," Symposium Theoretical Aspects in Computer Science (STACS 99), Lecture Notes in Computer Science, Springer-Verlag, Berlin, 1999, pp. 500-509.

Digital Library

Cited By

Wagner JRasin AHong JPark J(2024)Forget About It: Batched Database SanitizationProceedings of the 39th ACM/SIGAPP Symposium on Applied Computing10.1145/3605098.3636054(1441-1452)Online publication date: 8-Apr-2024
https://dl.acm.org/doi/10.1145/3605098.3636054
Gao BJia SYin PZhang X(2023)Protection of Access PatternProceedings of the 2023 7th International Conference on Computer Science and Artificial Intelligence10.1145/3638584.3638585(99-105)Online publication date: 8-Dec-2023
https://dl.acm.org/doi/10.1145/3638584.3638585
Garfinkel SStewart J(2023)Sharpening Your ToolsCommunications of the ACM10.1145/360009866:8(44-52)Online publication date: 25-Jul-2023
https://dl.acm.org/doi/10.1145/3600098
Show More Cited By

Recommendations

Personal computer privacy: analysis for korean PC users
IWSEC'06: Proceedings of the 1st international conference on Security

In this paper, we introduce our own two-year experiments to acquire sensitive personal information from discarded hard disks which we had obtained with no ease in Korean second-hand PC markets. With careful scanning, we found that most of hard disks ...
Stonebraker on data warehouses

The Communications Web site, http://cacm.acm.org, features more than a dozen bloggers in the BLOG@CACM community. In each issue of Communications, we'll publish selected posts or excerpts.
twitter
Follow us on Twitter at http://twitter.com/blogCACM
http://...
Identifying the influential bloggers in a community
WSDM '08: Proceedings of the 2008 International Conference on Web Search and Data Mining

Blogging becomes a popular way for a Web user to publish information on the Web. Bloggers write blog posts, share their likes and dislikes, voice their opinions, provide suggestions, report news, and form groups in Blogosphere. Bloggers form their ...

Comments

Information & Contributors

Information

Published In

cover image IEEE Security and Privacy

IEEE Security and Privacy Volume 1, Issue 1

January 2003

91 pages

ISSN:1540-7993

Issue’s Table of Contents

Copyright © Copyright © 2003 IEEE. All Rights Reserved.

Publisher

IEEE Educational Activities Department

United States

Publication History

Published: 01 January 2003

Author Tag

Data Forensics

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

45
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wagner JRasin AHong JPark J(2024)Forget About It: Batched Database SanitizationProceedings of the 39th ACM/SIGAPP Symposium on Applied Computing10.1145/3605098.3636054(1441-1452)Online publication date: 8-Apr-2024
https://dl.acm.org/doi/10.1145/3605098.3636054
Gao BJia SYin PZhang X(2023)Protection of Access PatternProceedings of the 2023 7th International Conference on Computer Science and Artificial Intelligence10.1145/3638584.3638585(99-105)Online publication date: 8-Dec-2023
https://dl.acm.org/doi/10.1145/3638584.3638585
Garfinkel SStewart J(2023)Sharpening Your ToolsCommunications of the ACM10.1145/360009866:8(44-52)Online publication date: 25-Jul-2023
https://dl.acm.org/doi/10.1145/3600098
Scope NRasin ALenard BWagner J(2023)Compliance and Data Lifecycle Management in Databases and BackupsDatabase and Expert Systems Applications10.1007/978-3-031-39847-6_20(281-297)Online publication date: 28-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-39847-6_20
Chen NChen BSuga YSakurai KDing XSako K(2022)Duplicates also Matter! Towards Secure Deletion on Flash-based Storage Media by Removing DuplicatesProceedings of the 2022 ACM on Asia Conference on Computer and Communications Security10.1145/3488932.3523255(54-66)Online publication date: 30-May-2022
https://dl.acm.org/doi/10.1145/3488932.3523255
Chen SWu CYang MChang Y(2022)A File-Oriented Fast Secure Deletion Strategy for Shingled Magnetic Recording DrivesIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2021.311264041:8(2463-2476)Online publication date: 1-Aug-2022
https://dl.acm.org/doi/10.1109/TCAD.2021.3112640
Ceci JKhan HHengartner UVogel DChiasson S(2021)Concerned but ineffectiveProceedings of the Seventeenth USENIX Conference on Usable Privacy and Security10.5555/3563572.3563596(455-473)Online publication date: 9-Aug-2021
https://dl.acm.org/doi/10.5555/3563572.3563596
Gao BChen BJia SXia LGalbraith SRussello GSusilo WGollmann DKirda ELiang Z(2019)eHIFSProceedings of the 2019 ACM Asia Conference on Computer and Communications Security10.1145/3321705.3329839(573-585)Online publication date: 2-Jul-2019
https://dl.acm.org/doi/10.1145/3321705.3329839
Chen SYang MChang YWu C(2019)Enabling File-Oriented Fast Secure Deletion on Shingled Magnetic Recording DrivesProceedings of the 56th Annual Design Automation Conference 201910.1145/3316781.3317817(1-6)Online publication date: 2-Jun-2019
https://dl.acm.org/doi/10.1145/3316781.3317817
Koh JBellovin SNieh J(2019)Why Joanie Can EncryptProceedings of the Fourteenth EuroSys Conference 201910.1145/3302424.3303980(1-16)Online publication date: 25-Mar-2019
https://dl.acm.org/doi/10.1145/3302424.3303980
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents