In everyone's life, a situation may arise when you need to quickly and most importantly get rid of any information with high quality (regardless of its importance). In the attachment, the material (not all of mine, data from other Internet resources were used), in which you can look at the problem more deeply than just shove the hard drive into the microwave, in general it turned out interesting. It was written at the beginning of this year.
One of the most important tasks of existing information systems is the ability to access it only for those user groups for which it is intended and who have been granted the appropriate rights. Currently, there are many firewalls, VPNs and other software, hardware and software and hardware tools to differentiate access to information. The weak link in the chain of tasks to be solved related to data protection is the ability to physically obtain the storage medium, and therefore, after some time, the information itself. There is a high probability that the owner of the information will have to transfer passwords and access codes under the threat of force or other influence. The possibility of theft of the information carrier as visitors cannot be ruled out (how long will it take to pull the Mobil Rack out of the system unit?), and unscrupulous employees. Installing an access control system will make this difficult, but not for long. With a certain impact, there is a high probability that neither the security service nor the most modern access control system will be able to protect the storage medium from its seizure, theft or confiscation. In modern systems, it is possible to log in under duress. This will probably be enough, but to hope that your opponent will be poorly educated and illiterate is to give yourself (or rather your information). It is better to overestimate the enemy's ability now than to subsequently receive "dividends" from the leakage of information that is valuable to you. that neither the security service nor the most modern access control system will be able to protect the storage medium from its seizure, theft or confiscation. In modern systems, it is possible to log in under duress. This will probably be enough, but to hope that your opponent will be poorly educated and illiterate is to give yourself (or rather your information). It is better to overestimate the enemy's ability now than to subsequently receive "dividends" from the leakage of information that is valuable to you. that neither the security service nor the most modern access control system will be able to protect the storage medium from its seizure, theft or confiscation. In modern systems, it is possible to log in under duress. This will probably be enough, but to hope that your opponent will be poorly educated and illiterate is to give yourself (or rather your information). It is better to overestimate the enemy's ability now than to subsequently receive "dividends" from the leakage of information that is valuable to you. that your opponent will be poorly educated and illiterate means giving yourself up (or rather your information). It is better to overestimate the enemy's ability now than to subsequently receive "dividends" from the leakage of information that is valuable to you. that your opponent will be poorly educated and illiterate means giving yourself up (or rather your information). It is better to overestimate the enemy's ability now than to subsequently receive "dividends" from the leakage of information that is valuable to you.
The article below was published a long time ago, but it remains relevant to this day. Since many are worried about not only the reliable storage of information, but also its reliable deletion. For in the modern conditions of the development of modern market relations, there may be a need to destroy information both from their computers and from computers of a competitor. Moreover, the speech will go not just formatting, but a complete non-recoverable deletion. The material is relevant to this day, since the equipment presented in the material is relevant to this day. We look further in the text for modern analogues.
Enough has already been said about why you need to destroy data without leaving even the probability of their recovery. As always, living practice turns out to be much more interesting and varied - compared to any fictional fears and methods. It is about her that will be discussed in the further presentation.
First of all, it is the CIO who should be concerned about the state of critical data located in its subordinate information economy. And the question is very acute: how can you destroy all the contents of the memory of computers and multi-gigabyte server data stores in a matter of seconds?
The March issue of the online edition of Bits of Bytes featured an article by John Pearce, a regular contributor to the site, entitled "Safely Erase Data from Hard Drives." In general, Pearce does not say anything particularly new, he just puts the necessary accents on well-known things.
First of all, the interest in the destruction of data on magnetic and electronic media has become a kind of fashion, a sign of modern technological thinking. This, of course, is not about the use of standard Microsoft Windows accessories, with the help of which the contents of the trash can, browser caches, anabasis history by Web fields, and other such chronicles are freed ...
The main idea of software degaussing as a data destruction method is to change the orientation of each magnetic domain on the carrier many times (as many as possible). In this case, it is fundamentally important that the bitmaps should not be repeated in time sequence. That is, during the subsequent passage of the recording, its bit image for a given section of the magnetic medium should differ from the previous one.
There are quite a few special programs that recode the spaces occupied by previously deleted files, and just all the empty spaces. A comparative picture on a certain truncated set can be found in the table below. The disadvantage of most of these tools is common: they can cost quite a lot, especially for us, and the value of the acquisition is revealed only in the process of using it. Often, two weeks or a month of testing a demo version is clearly not enough, especially since these versions may leave some of the most “tasty” functions unchecked. One of the pleasant exceptions is a free program called Eraser in plain terms.
Eraser has several different ways to destroy data. The most reliable, but also the slowest, approach follows the principles outlined in the seminal article by Peter Gutman already quoted in the first part of the topic. The essence of this procedure is that the non-working spaces of the hard disk are overwritten 35 times in a specially selected sequence of bitmaps. This achieves the almost complete impossibility of recovering the once contained operational data.
The second method, which is faster to use, is based on US Department of Defense specifications that only require special bitmaps to be overlaid seven times over non-working zones.
The fastest procedure is to fill non-working spaces with pseudo-stochastic data, which is practically not subject to various kinds of compression. As the support file suggests, this is the only method that successfully deals with compressed disk spaces.
The number of penetrations in the latter method varies from 1 to 65,535: you yourself understand what quality of removal of past traces can be provided. While the fastest to execute, this approach is the default Eraser program. There is a possibility for the user to independently define bit patterns and the number of passes.
The program has three modes of execution of functions: on demand, on schedule and as an extension of the system shell. The on-demand mode assumes the choice of the method of data destruction and the choice of the object of elimination, followed by a command to execute the action.
As for what scheduled destruction is, it is hardly worth spreading, but the system shell extension is an extension of Windows Explorer. When viewing files, you just need to right-click on the required data object and select the “Erase” item from the context menu.
Interestingly, the original author of the Eraser program was a Finnish student Sami Tolvanen (oh, these really hot Finnish guys, how many times they overthrew the authorities in software affairs! - almost always for free). In November 2002, the program was handed over for escort to Garrett Trant, an employee of the Irish company Heidi Computers Ltd., which can be found on the website given in the footnote. All this is free, but if you like it very much, a translation of only $ 10 is welcomed - as a thanks to the developer and maintainer.
I myself am happy to use this free boon, but that's not the point. An almost detailed description of this program is useful and pertinent here because it is very typical and easy to use - as a sample of what is needed.
So they say
Each individual in his soul worries about his own personal data, for example, about when exactly and to which healers or drug therapists he went, where he went the day before yesterday or a month ago in the evening, what are the details of his credit cards, etc., and business owners are not worry less about data security critical to the viability and competitiveness of their companies.
But what about the sale and transfer of previously used computer equipment to no one knows, for example, agents - for resale - or even employees of their own company for supposedly useful futuristic use?
We can confidently state that the data from this computer can be recovered with a high probability and have consequences that are incomprehensible to the original owner. Here it is worth quoting the dialogues of well-known experts in the field and their clients1.
Mark McLaughin, Computer Forensics International, Inc .: "Any personal data will be at risk in the event of the sale of the computer on which it was previously located."
This is part of a response to a certain Ted Beitsholtz, who had an old computer and decided to donate it as a charity to an orphanage. Well, Ted reformatted the drive first, and then re-installed Windows. He believed that this was enough to completely destroy the data previously on the disk.
But after these actions, Beitsholtz had doubts, and he decided to make a check, contacting the expert Kevin Krantz. And he immediately found old payment documents on the "formatted" disk ... data on financial transactions ... some of the data about Ted's private existence that could be very effectively used as a blackmail lever ...
According to Kevin Kranz, in order to extract this data from a supposedly "cleaned" disk, it took him about 40 minutes of time and the presence of certain software tools. The list of recovered files was many tens of pages.
Subsequent comments from those who played their roles in this action were as follows.
Beitscholtz: "I am very surprised how much information they managed to extract from the formatted disk."
McLaughin: "Yes, information is never deleted unless the space where it was recorded is overwritten with new information."
Krantz: “I was able to recover even the data on those who were invited to government golf courses. But this is no comment. "
Of course, you can spend some money and buy programs to erase data from the magnetic surfaces of hard drives. But McLaughin recommends more radical, less costly, and more reliable methods.
First of all, you need to use a drill to drill a package of discs inside the hard drive (hard drive) in several places through and through - with a drill of the largest possible diameter. And then it would be necessary, for more peace in a dream, to break what happened with a large hammer. And after that, never regret what you did.
We have just discussed the most common, and indeed, the most widely available software method of data elimination, which does not require the use of special hardware or mechanical means. There is, however, special equipment for demagnetizing hard drives and other magnetic storage media. There are also methods for the complete physical destruction of media, which no longer leave the slightest possibility of data recovery.
Devices for demagnetizing disks are very effective tools, since, in principle, they provide the desired effect for disks in aluminum cases with an increase in the magnetic field compared to the working one, starting from 2 dB. But it should be noted that not only the level of the external magnetic field is important, but also the duration of its application. And more on that later.
There is no need to discuss standards for erasing information from magnetic tapes here because of their rare use in modern practice. Therefore, I immediately turn to discs, with which everything is more complicated than with these very former tapes. In fact, physical demagnetization using an external source of a magnetic field leads to the destruction of all information structures on the magnetic disk, including synchronization bytes, identification fields, error correction fields, all other paraphernalia, which, in general, equates this procedure with the physical destruction of the device - after that, it must be restored in the factory conditions.
But you need to understand that it is not so easy to perform this kind of operation: it requires the use of very special equipment, expensive and inaccessible. An interesting example: to demagnetize a large 14-inch hard drive used in a mainframe, the US Navy research labs used a 2.5 MW (!) Electromagnet, and it did its job in just a minute.
I am deliberately not paying attention here to the ultimate method of information destruction - the physical destruction of hard drives. This is all described in detail by Sergey Karpov and presented in images courtesy of my friend Zen from Toronto ( www.zenvendor.com ).
Persistent memories
Everyone knows that in every computer there is a BIOS (basic input-output operating system) or some other permanent memory that determines the primary, to turn on, the configuration of the entire system.
The most important function of the BIOS is to check the basic hardware components when the computer is turned on, such as memory, keyboard, and hard drives. After confirming the safe state of the system, the first sector of a floppy disk, hard disk, or CD-ROM is loaded into memory. Actually, this is the initiation of the operating system boot.
What are the threats of BIOS tampering? First of all, the aggressor tries to boot the system, which has a significant source of danger in case of unauthorized attempts to enter it (floppy disks, hard drives, CD-ROMs, other types of media, including USB-flash memory).
And if it was possible to simply turn on the computer hardware, then the job has already been done: the system is discredited, because there are many software tools to copy a hard disk of any capacity bit by bit for subsequent dismantling with it at any level of complexity of the information stored on it.
There may be other ways to compromise the system, for example, very quickly inserting Trojans into it in order to subsequently only remove the requested data via the Internet. This practice applies to most existing data processing systems, including office client systems (workstations) and servers, not to mention real personal computers. So, what are the ways of getting into BIOS:
• using passwords, which are sometimes provided by CMOS circuit manufacturers in case of emergency;
• Recovering BIOS passwords using known methods of recovering cryptographic keys;
• complete elimination of CMOS content by software methods;
• complete elimination of CMOS content using hardware methods.
In modern motherboards, BIOS programs are stored in CMOS circuits such as FLASH EEPROM2. When the power is turned off, the data in such schemes, of course, does not disappear; and they can be reprogrammed using special utilities published on the websites of motherboard manufacturers.
Previously, on such sites, it was easy to find software modules for free BIOS updates and install them using the same utilities. I have done this myself many times when updating BIOS on ASUSTeK and Gigabyte motherboards. Other times are now in the yard. After the marketing efforts of well-known BIOS vendors such as Award Software, American Megatrends, Phoenix and MR BIOS took place last year, getting updates in the normal free mode as it was before (they have little profit from direct sales of BIOS circuits!) extremely difficult. So contact resellers like www.biosupgrade.co.uk , who will not stand up for the price, but will keep it.
Of course, in a sense, systems of this kind can now be viewed as an archaic legacy of the 50s of the last century, but to this day nothing has replaced this phenomenon, in which one can see the current deep satisfaction and offensive subsequent brake for monopolists of the market of components for personal computers.
So what to do with the data stored in the BIOS, which is traditionally called CMOS RAM? Rather, how to destroy the data stored there, which just needs to be done in some cases, for example, when completely getting rid of previously former operating systems?
If you have an initial MS-DOS system, you can use a simple sequence of commands from the DEBUG toolkit:
Debug
- 70, 2e
- 71, 0
- q
Generally speaking, there are all sorts of variations of these sets of commands for BIOS of different types and different manufacturers, but the main thing remains the same: these are commands that examine I / O ports 70 and 71 in standard motherboards for Intel processors, which provide access to CMOS memory; it is through them that the checksum of the data stored in the permanent memory is destroyed. And this leads to the fact that when the computer is restarted, the initial parameters are set in the CMOS memory, which do not store either passwords or personal choices of users. For those who do not want to turn to the DEBUG tool, a list of freely available programs can be advised that quite successfully cope with the problems of clearing CMOS3 memory.
Belarusian motive
With the not-so-mastered demand for information destruction systems, it must be admitted that there are solutions in our almost native markets that seem to be effective. On a search query, I managed to find a certain Minsk enterprise "Beltim", which positions itself as a "system integrator in the field of information security." To me personally, system integration in this very private area does not seem possible, but I will not argue: everyone is free to call his field of activity as he pleases.
Without trying to advertise, I will nevertheless quote what is said on the website of our Belarusian specialists: “The advantages of destroying information with these devices over other methods.
The traditional methods of destroying information are: mechanical (press, sledgehammer) and electromagnetic erasure (formatting for hard disk drives and floppy disks, erasing cassettes in tape and video recorders). In the first case, the carrier itself is mechanically destroyed, and its reuse becomes impossible.
In the second case, the time for destruction of information is greatly increased, from several minutes (formatting floppy disks, ZIP disks and hard drives) to several hours (erasing video and audio tapes).
In "Stack" products, information is erased by magnetizing the carrier with a high-intensity pulsed magnetic field (hundreds of kA / m). The time of exposure of the magnetic field to the source of information to be removed is less than one second. As a consequence of the above, the main advantages of this method are the speed of destruction of confidential information and the reuse of the medium later.
• Information safes are designed for quick (emergency) erasing of information recorded on floppy disks, magneto-optical, hard, Zip- and Jaz-disks of a computer. Products can be used to store information carriers, including those used at the time of erasure, and have the ability to remotely initialize.
• Recyclers are designed to quickly erase information recorded on 3.5-inch floppy disks, Zip and Jaz discs, micro- and audio cassettes, video cassettes (VHS type), streamer tapes and hard disks that were not in use at the time of erasing. All magnetic media, except hard drives, can be used after disposal. The products are not intended for storage media. "
From my point of view, these last utilizers do not stand up to the slightest criticism - due to their complete uselessness. Better to grab a hammer and strike accurately - even on your own office desk. As for the "reuse" of the medium (except for hard drives), it is still cheaper to go to the nearest store and buy a new one there for a cheap price, without torturing yourself with subsequent doubts.
There are other methods, not software, to destroy data in CMOS. Most motherboards have jumpers that can be closed to reset the CMOS state. They are usually labeled CLRTC, Clear CMOS, or PWRD. Of course, before using these tools, you need to read the manual for the motherboard. It usually takes a few minutes to close this jumper for the CMOS content to be erased.
In case the motherboard does not contain jumpers of this kind, you need to temporarily remove the battery powering the CMOS memory circuit. Typically this is a long lasting lithium disk battery, clearly marked on any of the motherboards. In difficult cases, you will have to unsolder this kind of power supply, but this can only happen in older models of motherboards.
Finally, you can simply close certain contacts on the CMOS circuits themselves, which is not entirely correct, but ensures the elimination of information in these chips. You can find additional data in already refereed sources.
It seems that all this, described in this chapter, as if it does not apply to the direct interests of the CIO, but it is not. First of all, it is the CIO who should be concerned about the state of critical data located in its subordinate information economy. And the question is very acute: how can you destroy all the contents of the memory of computers and multi-gigabyte server data stores in a matter of seconds?
Well, you must! RAM
Contrary to the traditional, "obvious" opinion, the data presented at the moment the computer's power is turned off do not disappear at all in the RAM 4 circuits, but are somehow retained - at least until the next power-up.
Circuits of both known types - both static (SRAM) and dynamic (DRAM) - are subject to this effect, but, of course, static circuits are much more indicative in this regard. Early chips like SRAM could store data images in cells for several days (!). In general, it is possible to create memory circuits that can hold information for an arbitrarily long time, and even after turning on the power - with the function of subsequent rewriting of the entire field. Something like a "rewritable ROM". This idea could lead to the creation of a computer that would not need to boot at all when turned on: it would simply instantly restore the system configuration from the last power off - as if the lights were on. And yet, as far as I know, reliable solutions of this kind for mass applications have not yet been found.
DRAM-like circuits can also store images of past deeds, but in a different way compared to SRAM circuits. These are not charges that are stored in the cells of the circuit, but some electronic images imprinted in the oxide (oxide) layers of microcircuits under the influence of electric fields applied to active elements. Interestingly, the effect of memorization largely depends on the duration of the state. That is, if the computer is idle for a long time before shutting down, the probability of long-term storage of information in RAM will be significant.
In principle, the effects of residual information retention are tested by any of the manufacturers of memory circuits, but the test data is not published for the general user. Moreover, in a conventional computer system it is simply impossible to activate special modes that test microcircuits for this effect and read residual data. Nevertheless, it is quite possible and in the right cases finds application.
The simplest, but very dangerous method of completely destroying data in RAM circuits is to lightly heat them. An increase in the chip's temperature - 140 ° C above the ambient temperature - completely destroys any remnants of the captured information. To guarantee the result of this act, its duration should be several hours.
Conversely, if you want to store data in microcircuits, they must be placed in a thermostat, setting the temperature to no higher than –60 ° C. This will save residual data in chips, not just days or hours, but weeks!
Simply rewriting data in RAM memory circuits does not have the same efficiency that is possible with the destruction of data on magnetic media. The point is that the application of electric fields to oxides does not deprive them of the "memory" of the previous states. Actually, we are talking about the fact that over time, with a growing set of past states, the probability of preserving the previous states decreases.
It is clear that in normal mode the voltages applied to the microcircuit are the same. Therefore, the application of a voltage to create the opposite cell value for, for example, several microseconds will not cause significant changes in the state of the active element oxides.
Thus, in order to completely erase the residual data in the microcircuit, it should be subjected to thermal effects at the highest possible temperature. But this leads to a sharp decrease in the reliability of its functioning and a reduction in the period of overall performance.
Break up?
The problem of data security is becoming increasingly important in today's business environment around the world and in our country. Perhaps this is determined by the growing competition and the expansion of the spheres of industrial espionage, and in our country, it seems, also the traditional desire to hide everything that can be hidden away. Of course, we must not forget about the problems of government agencies and security services associated with physical data protection, which are becoming increasingly high priority.
Recently, the data security issue has attracted widespread interest. In my opinion, this is partly due to the expansion of the storage segment and the development of Business Intelligence / Decision Making systems. As a result, the theoretical possibility of physically moving data carriers outside the office becomes a serious danger for organizations that do not want to allow critical information to be released.
On the other hand, customers appear who, due to the specifics of their activities, are simply obliged to destroy information before moving the media outside the organization's office, for example, when replacing equipment in security services, government organizations, or in trivial cases of replacing disks under warranty. Therefore, there are users who pay extra money for the right not to return drives for warranty repair - just to physically not take the drive out of the office.
So, the issue of the security of information stored on magnetic media, primarily on hard drives, has become a matter of destroying this very information. In my memory, when discussing this issue, several answers arose. The first thing that comes to mind is to programmatically erase the data, the second is to use a strong magnetic field to "rude" data destruction. However, there are rumors that the special services have special methods for recovering data after these procedures, therefore, the data will not be 100% “protected”.
Therefore, issues of physical access restriction or even destruction of disks are on the agenda. Of course, you can store media in safes, but this brings up many additional questions - how long to store? But what if the disks are stolen from there? etc.
According to the general opinion of the information technology experts with whom I had the opportunity to discuss this problem, the most reliable way to protect data is to physically destroy the media. To this day, there is no standard device that would physically destroy hard drives (at least I am not aware of this), but the apparent simplicity of the problem immediately triggers a whole set of proposals. For example, to install a shelf with disks inside a certain press, which, at the command of the system administrator, simply flattens this shelf with disks, destroying them physically.
More anecdotal is the UK precedent. The specifications (weight and size (!)) Of a hammer were proposed and, most interestingly, approved by the government, which should be used by system operators to break hard drives after their operation ends (of course, this rule applies to data carriers used in information systems starting from a certain level of security and data protection requirements).
Thus, to date, of the really guaranteed ways to save data on disks, there is most likely only physical destruction of disks. And, as follows from the above, a lot of methods of physical destruction of magnetic carriers can be invented.
The conclusion that follows from the above is paradoxical: in order to more reliably destroy data in RAM memory, they need to be changed as rarely as possible, and in order to store them reliably and safely, they need to be updated as often as possible. According to experimental data, storing data in a cell for one second practically does not reveal the effect of residual storage, one minute gives a sufficient probability of determination, and 10 minutes gives an almost complete probability of data determination.
Thus, an effective solution for non-recovery of data from microcircuits is to constantly change the states of the cells so that the images are not stored in the oxides. This method, which is inapplicable in general, can be applied to some areas of the RAM in which particularly sensitive data are stored, for example, encryption keys.
Chrysanthemums have withered ...
I am deliberately leading this motive, which has been such a call for about thirty years. We are talking about floppy disks and floppy disks, other similarities of this type of magnetic media. How we loved them, when they became smaller, larger, harder and more beautiful! They were true kings in our pockets and portfolios.
But tell me, will a graphic (image) file in tiff format, and, by the way, a good resolution jpeg, fit on a familiar 1.44 Mbyte floppy disk? What about placing mp3 files? Now the situation is such that the technology of removable magnetic media is curtailed exponentially, as it happened at one time, say, with typewriters or with movie cameras based on 8-mm celluloid films. Recently, Dell Computer, which remains the leader in personal computer sales, announced that it will no longer install floppy drives in mass production. Little known fact, but Apple got rid of floppy drives back in 1998, in at least some of its mainstream computers.
Cognitively, it is very interesting that the first floppy disk with 8-inch geometry appeared in 1971 as a device for a very specific purpose: it was a data storage device for booting a computer the size of a large room (IBM, Rochester, NY). The famous founder of Seagate Technology Elan Shugart was then the head of the IBM division, which dealt with RAM, and there were always enough problems with it: at the slightest malfunction or power outage, all data disappeared. Therefore, Shugart decided to create a medium that would contain information sufficient to restore the working configuration of the computer. The decision was not easy: initially it was the external resemblance of the usual "vinyl" records, known in the sound recording of the past years, which were extremely unreliable due to the mechanical vulnerability of their magnetic surfaces. Therefore, a fateful decision came - to enclose these magnetic disks in slotted envelopes, to which the magnetic heads of the reader were fed.
Three years later, the ability to quickly write information to disks became a reality, as IBM tried to find a replacement for punched cards as soon as possible. The first 8-inch floppy disks appeared, each with a capacity of 128 KB, which was equivalent to the contents of 1,600 punched cards. In 1977, floppies found their way into hobbyist computers, operating in CP / M on Altair and Imsai Personal Computer installations. Awesome, but true: a floppy disk cost $ 750 back then, but that was ten times less than what it would have cost to buy a hard drive.
According to IBM historian Dave Bradley, the first 5.25-inch floppy disks were invented at the San Jose IBM Research Center in August 1981 for use in personal computers. In general, until 1982, IBM personal computers did not have a hard disk. They each had two 5.25-inch drives: the first contained the operating system on a floppy disk, and the second contained application programs and data.
With what spiritual trepidation we used these really "bendable" Bulgarian-made records with the inscription "IZOT" in the mid-80s! As I recall, then such a contraption could be purchased for at least 3 rubles. Seems a little? No, it was the price of a bottle of then-quality Georgian wine like Kindzmarauli.
In 1982, IBM introduced a 10MB hard drive into the PC, and a year later, the first 3.5-inch floppy disks appeared on the Apple Macintosh. Well, off we go ... In 1995, the peak of popularity fell on the Zip floppy disks, produced by the rather pretentious, but not very successful company Iomega, with a capacity of 100 MB. 10 million drives were sold that year, and an average of ten floppy disks were bought for each drive. In 1996, we also had an attack of such addiction in the publishing house. Then there were attempts by Imation and his comrades to release a certain "Super Drive", which, ultimately, also turned out to be nothing more than an embarrassment ...
During the years of their glory, floppy disks were not only carriers for the exchange of programs and data between computers, but also the basis for the distribution of new programs, the main means of loading collapsed systems, data backup, etc. At the peak of popularity, in 1995-1998, every year in the United States was consumed 5 billion floppies! Some people recall that at some time the Microsoft operating system was published on almost 25 floppy disks.
The true destroyer of floppy disks were CD-ROMs, later CD-RWs, which almost immediately had a better capacity / price ratio compared to disk drives. However, the demand for already almost archaic products varies greatly by region and territory. Despite the fact that in Europe and North America a clear preference is given to various kinds of disk media and flash memory, in Latin America, in China and, oddly enough, in Japan, the popularity of traditional 3.5-inch floppy disks remains significant.
One thing remains in common for any type of disks and floppy disks: if you need to destroy data on them, then the easiest and most reliable way is to take and break them physically into pieces, and if completely, then burn them after that.
Good health and sweet dreams!
This is what they think in Voronezh.
Based on the interest in gaining knowledge and opinions, I strongly advise you to get acquainted with the work of a certain Vladimir Meshcheryakov, Doctor of Law, Professor of the Department of Forensic Science at Voronezh State University, entitled almost longer than the text of the article itself: "Theoretical Foundations of Criminalistic Classification of Crimes in the Sphere of Computer Information" (easy to find via google).
I don’t know what is happening in the field of crimes with computer information, but this is probably about the same as what happens in the field of crimes with toilet bowls in public toilets. In order not to take up a lot of space and not to distract the consciousness of dear readers, I will quote the first phrase that appears to the public. "Then any crime can be described as follows - RxMxWx, where x is any of the previously identified levels of computer information representation." I guess that's enough.
But there are even more serious insinuations. For example, such (the vocabulary and syntax of the author's text are observed). “Destruction (destruction) of information. The most understandable type of crime from a criminal legal point of view, which is the physical destruction of information. From the point of view of forensic science, this is the most difficult type of crime, since it practically does not form any traces. Based on the classification feature of this type of crime (RoMoWx), the main task of the investigation will be to establish the very fact of the destruction of information and the detection of tools (means) to influence information). " No comment.
1. Morgan Palmer, What Could Be Hidden on Your Old Computer? - www.kltv.com .
2. EEPROM - electrically erasable programmable read only memory. A microcircuit capable of storing data when the external power is disconnected for a long time. Data can be completely erased by applying a voltage higher than the established limit of about 5 V, but this is a very risky experiment. The life cycle of an EEPROM is typically in the range of 10,000 to 100,000 rewrites of content. Therefore, any BIOS reconfiguration is a step in the life of this element. [back]
3. Allgeuer R. WhyBother About BIOS Security? - Sans InfoSee Reading Room - www.sans.org/rr/ .
4. RAM - random access memory. According to the terminology that developed back in the 50s of the last century, memory of this kind in Russian is called “operational”, but if we follow the modern vision of the functions of devices of this kind, then such memory should be called “operational”. However, revolutions, even in linguistics, do more harm than good. [back]
Based on the materials of the magazine "CIO".
It is known from the theory of magnetic recording that information is recorded by the sequential action of an external magnetic field, which changes according to the law of an informative signal, on various parts of the carrier. Erasing occurs in the same way, but instead of an information signal, a signal of some frequency is sent to the erasing magnetic head.
Proceeding from the fact that it is necessary to perform two main tasks:
1. Completely destroy information;
2. Do it as soon as possible, preferably instantly.
It is not possible to influence a separate area in order to destroy only part of the information. Therefore, it is necessary to influence the medium as a whole.
In this case, there are two options.
1. Influence the carrier with a permanent magnet, carrying the carrier past it. The disadvantage of this method is the impossibility of demagnetizing large media without using a large magnet, as well as the need to carry the media through the magnet, which takes a certain amount of time and is difficult.
2. Influence the carrier with a powerful electromagnetic pulse.
What does this method allow?
- information carriers can be in special cameras and at the same time be fully operational. (for example, hard drives);
- data erasure occurs instantly, for this you only need to put the accumulated charge into the camera.
There are several types of such devices developed both in Russia and abroad. One of the representatives of such devices is a line of products united under the brand name "Raskat" produced by the Scientific and Production Company "New Electronic Technologies"
Functionally, "Raskat" has three main modules united into a single structure - a charge storage module, a camera and a control module.
The charge storage module accumulates the charge required to erase the information. After the charge has accumulated, and this happens in 2-4 seconds, the product is ready for erasure, and in the presence of an electric power supply, the "Roll" can be in this form as long as you like. It is possible to work with autonomous power supply, or in some models, power supply from the vehicle's on-board network. An autonomous power supply module for 24 hours is offered as standard.
The erasing chamber is designed in such a way that the data carrier is completely affected by the magnetic field pulse. A cooling system has been added for the use of information carriers when they are in the erasing chamber. This is important when working with hard drives (especially SCSI). In the case of personal computers, the cameras, as well as the entire unit, are built into the PC case in such a way that they do not interfere with the placement of the rest of the PC parts (motherboard, expansion slots. Modules are embedded in the customer's PC.
The control module is designed to receive commands, process them) in accordance with the specified algorithm and the erasing pulse activation In the simplest version, the erasing command is given by pressing a button built into the device.
It is possible to use a remote button located remotely, for example, at a security post.
Assuming that a crisis situation can begin at any moment in time, an algorithm was proposed for triggering the device when a command is sent from radio key fobs. As a standard, two types of remote controls are assumed - a typical one, operating at a distance of up to 50 meters in the line of sight and reinforced, which allows not only to turn on the product from a distance of up to 1 km in the line of sight, but also to receive confirmation of the origin of the command.
To protect unauthorized access to the media, if for some reason it was not possible to find out about this attempt in a timely manner, the control module provides several more activation algorithms.
The most common of them are turning on when trying to open the case, when turning the Mobile Rack key, and turning on when lifting the case.
If necessary, control loops are connected to reed switches, motion detectors or other security sensors.
If you need authorized personnel access to the information carrier, it is enough to insert an access key, which is simultaneously a means of monitoring the performance of all switching algorithms. If, for some reason, when installing the data carrier, at least one of the loops was not put in the normal ready position, which can lead to instant erasure of the information when the key is removed, the key indication will signal this, and the signal will not disappear until all the necessary settings will be produced.
A separate algorithm is the PC power-on blocking device. This algorithm is not usually associated with triggering the "Roll", but when used together, it greatly increases the security of data on the PC. It will be almost impossible to turn on the computer without using the personal Touch Memory ID. We'll have to open the system unit, which will naturally trigger the device and erase information from the media.
In conclusion, I would like to note that the products of the Raskat series are harmoniously integrated into the already existing means and systems of information protection, while allowing to significantly increase the security of information processed at a protected facility. At the same time, simplicity in operation, lack of settings allows any unprepared user to operate this product, who has read the operating instructions at least once.
Reliability, ease of use, guaranteed, instant and complete destruction of information on any magnetic media, including any, even working at the time of destruction, hard drives - these are the main advantages of this device. And in combination with the fact that it can be built into the case of any personal computer or carried with you in a diplomat, devices of the Raskat series become unique and irreplaceable assistants in ensuring corporate and personal information security.
Whitaker Brothers 102-DG. Killer of magnetic disks.
In the days of computer youth, when 5.25-inch floppy disks were still in use (they had not heard anything about 3.5-inch ones at that time) and reel-to-reel tape recorders, for any user of these media the biggest tragedy was meeting ... an ordinary magnet. The main disadvantage of magnetic tapes and disks was that in direct contact with a magnet, all data was inevitably lost, became indigestible, and the medium itself often lost its ability to further read-write cycles.
The intriguingly named Whitaker Brothers is the manufacturer of a totally awesome thing called the Disk Erasing Wand, designed to ... right! - destruction of data on magnetic media.
The spatula, which looks like a pastry shop, weighs one pound (453 grams), but in its effect on magnetic disks or tapes, still used by mankind (some organizations are surprisingly inert and unhealthy conservatism when it comes to hardware upgrades) analogue of a single piece of magnet weighing ... 10 kilograms!
By swiping such a paddle over a floppy disk, you can be sure that the unfortunate drive will lose not only all data, but even magnetic tracks created during low-level formatting. Neither hard drives, using all the same magnetic technologies for data storage, nor streamers are immune to these weapons. On the other hand, more advanced CDs or flash drives will feel great.
According to the manufacturer, the impact power will be at least 6,000 gauss with the maximum 102-DG capabilities of 12,000 gauss. The price of a miracle weapon will not seem small to anyone and amounts to as much as 800 American dollars. We do not know whether this product is delivered to the countries of the former USSR, but, according to information at the office. website, anyone can purchase Disk Erasing Wand.
Huge amounts of information are stored on magnetic media, and this information can be erased using special devices and programs.
The device for rapid destruction of information for magnetic carriers "Stack" is based on the concentration of a directed magnetic field, which reorients domains on a magnetic carrier and thus erases information.
These devices destroy records on microcassettes, audio cassettes, floppy disks, ZIP disks, videotapes, computer hard drives. There are universal utilizers that erase information from several types of media.
Recyclers and safes
Rapid destruction devices for magnetic media are divided into utilizers and information safes. When using recyclers, you need to remove the hard drive from the computer, place it in the device and erase it. Which is quite inconvenient when you need to quickly destroy. When using information safes, the hard drive can be in working order, and information from it will be erased within a specified period of time.
When using destruction devices, inconveniences are also possible. "Having destroyed information on audio, video cassettes and floppy disks, these media can be used in the future. And hard drives and ZIP disks become problematic to use, since the manufacturer applies special markings on them, which is also destroyed. Theoretically, these media can be restored, but it's easier to buy new ones.
The disc will be kept alive
There is, for example, the "SGU" program that does not require hardware support. "When using a shredder, the physical structure of the disk is not destroyed." Software systems allow you to delete information selectively, leaving the system and erasing confidential information. This is a flexible scheme of impact on the carrier, without destruction. The speed of information destruction with the installed system "SGU" depends on the characteristics of the motherboard, processor, but first of all - on the type of hard drive. On a medium-speed hard drive, 80 gigabytes of information are erased in 16 hours, on a high-speed one - 2 times faster.
The customer is classified The
demand for information destruction devices is growing rapidly.
Devices for destruction of information for magnetic media are used in several areas. Experience shows that they are most often used by security structures that conduct audio and video control. "They accumulate hundreds of tapes that must be destroyed. The tape recorder does not erase, it puts the next tape on top of the previous one, so it is convenient for security guards to use such devices," says Alexander Matveev. The next circle of users is the recording industry. With the help of devices - information shredders, they clean tapes for subsequent recordings. Traditionally, there is a demand for such devices among the departments of the regime of large enterprises, especially those related to the defense industry, nuclear energy, etc., where information is classified.
The circle of customers for information destruction devices has been defined, but it is not so easy to find a specific user. Information destruction devices are of interest to those companies that store and transport a large number of information carriers. None of the users of information destruction devices will name themselves. It's no secret that such devices are often used in spite of anything else. Therefore, their customers strictly classify themselves.
One of the most important tasks of existing information systems is the ability to access it only for those user groups for which it is intended and who have been granted the appropriate rights. Currently, there are many firewalls, VPNs and other software, hardware and software and hardware tools to differentiate access to information. The weak link in the chain of tasks to be solved related to data protection is the ability to physically obtain the storage medium, and therefore, after some time, the information itself. There is a high probability that the owner of the information will have to transfer passwords and access codes under the threat of force or other influence. The possibility of theft of the information carrier as visitors cannot be ruled out (how long will it take to pull the Mobil Rack out of the system unit?), and unscrupulous employees. Installing an access control system will make this difficult, but not for long. With a certain impact, there is a high probability that neither the security service nor the most modern access control system will be able to protect the storage medium from its seizure, theft or confiscation. In modern systems, it is possible to log in under duress. This will probably be enough, but to hope that your opponent will be poorly educated and illiterate is to give yourself (or rather your information). It is better to overestimate the enemy's ability now than to subsequently receive "dividends" from the leakage of information that is valuable to you. that neither the security service nor the most modern access control system will be able to protect the storage medium from its seizure, theft or confiscation. In modern systems, it is possible to log in under duress. This will probably be enough, but to hope that your opponent will be poorly educated and illiterate is to give yourself (or rather your information). It is better to overestimate the enemy's ability now than to subsequently receive "dividends" from the leakage of information that is valuable to you. that neither the security service nor the most modern access control system will be able to protect the storage medium from its seizure, theft or confiscation. In modern systems, it is possible to log in under duress. This will probably be enough, but to hope that your opponent will be poorly educated and illiterate is to give yourself (or rather your information). It is better to overestimate the enemy's ability now than to subsequently receive "dividends" from the leakage of information that is valuable to you. that your opponent will be poorly educated and illiterate means giving yourself up (or rather your information). It is better to overestimate the enemy's ability now than to subsequently receive "dividends" from the leakage of information that is valuable to you. that your opponent will be poorly educated and illiterate means giving yourself up (or rather your information). It is better to overestimate the enemy's ability now than to subsequently receive "dividends" from the leakage of information that is valuable to you.
The article below was published a long time ago, but it remains relevant to this day. Since many are worried about not only the reliable storage of information, but also its reliable deletion. For in the modern conditions of the development of modern market relations, there may be a need to destroy information both from their computers and from computers of a competitor. Moreover, the speech will go not just formatting, but a complete non-recoverable deletion. The material is relevant to this day, since the equipment presented in the material is relevant to this day. We look further in the text for modern analogues.
Enough has already been said about why you need to destroy data without leaving even the probability of their recovery. As always, living practice turns out to be much more interesting and varied - compared to any fictional fears and methods. It is about her that will be discussed in the further presentation.
First of all, it is the CIO who should be concerned about the state of critical data located in its subordinate information economy. And the question is very acute: how can you destroy all the contents of the memory of computers and multi-gigabyte server data stores in a matter of seconds?
The March issue of the online edition of Bits of Bytes featured an article by John Pearce, a regular contributor to the site, entitled "Safely Erase Data from Hard Drives." In general, Pearce does not say anything particularly new, he just puts the necessary accents on well-known things.
First of all, the interest in the destruction of data on magnetic and electronic media has become a kind of fashion, a sign of modern technological thinking. This, of course, is not about the use of standard Microsoft Windows accessories, with the help of which the contents of the trash can, browser caches, anabasis history by Web fields, and other such chronicles are freed ...
The main idea of software degaussing as a data destruction method is to change the orientation of each magnetic domain on the carrier many times (as many as possible). In this case, it is fundamentally important that the bitmaps should not be repeated in time sequence. That is, during the subsequent passage of the recording, its bit image for a given section of the magnetic medium should differ from the previous one.
There are quite a few special programs that recode the spaces occupied by previously deleted files, and just all the empty spaces. A comparative picture on a certain truncated set can be found in the table below. The disadvantage of most of these tools is common: they can cost quite a lot, especially for us, and the value of the acquisition is revealed only in the process of using it. Often, two weeks or a month of testing a demo version is clearly not enough, especially since these versions may leave some of the most “tasty” functions unchecked. One of the pleasant exceptions is a free program called Eraser in plain terms.
Eraser has several different ways to destroy data. The most reliable, but also the slowest, approach follows the principles outlined in the seminal article by Peter Gutman already quoted in the first part of the topic. The essence of this procedure is that the non-working spaces of the hard disk are overwritten 35 times in a specially selected sequence of bitmaps. This achieves the almost complete impossibility of recovering the once contained operational data.
The second method, which is faster to use, is based on US Department of Defense specifications that only require special bitmaps to be overlaid seven times over non-working zones.
The fastest procedure is to fill non-working spaces with pseudo-stochastic data, which is practically not subject to various kinds of compression. As the support file suggests, this is the only method that successfully deals with compressed disk spaces.
The number of penetrations in the latter method varies from 1 to 65,535: you yourself understand what quality of removal of past traces can be provided. While the fastest to execute, this approach is the default Eraser program. There is a possibility for the user to independently define bit patterns and the number of passes.
The program has three modes of execution of functions: on demand, on schedule and as an extension of the system shell. The on-demand mode assumes the choice of the method of data destruction and the choice of the object of elimination, followed by a command to execute the action.
As for what scheduled destruction is, it is hardly worth spreading, but the system shell extension is an extension of Windows Explorer. When viewing files, you just need to right-click on the required data object and select the “Erase” item from the context menu.
Interestingly, the original author of the Eraser program was a Finnish student Sami Tolvanen (oh, these really hot Finnish guys, how many times they overthrew the authorities in software affairs! - almost always for free). In November 2002, the program was handed over for escort to Garrett Trant, an employee of the Irish company Heidi Computers Ltd., which can be found on the website given in the footnote. All this is free, but if you like it very much, a translation of only $ 10 is welcomed - as a thanks to the developer and maintainer.
I myself am happy to use this free boon, but that's not the point. An almost detailed description of this program is useful and pertinent here because it is very typical and easy to use - as a sample of what is needed.
So they say
Each individual in his soul worries about his own personal data, for example, about when exactly and to which healers or drug therapists he went, where he went the day before yesterday or a month ago in the evening, what are the details of his credit cards, etc., and business owners are not worry less about data security critical to the viability and competitiveness of their companies.
But what about the sale and transfer of previously used computer equipment to no one knows, for example, agents - for resale - or even employees of their own company for supposedly useful futuristic use?
We can confidently state that the data from this computer can be recovered with a high probability and have consequences that are incomprehensible to the original owner. Here it is worth quoting the dialogues of well-known experts in the field and their clients1.
Mark McLaughin, Computer Forensics International, Inc .: "Any personal data will be at risk in the event of the sale of the computer on which it was previously located."
This is part of a response to a certain Ted Beitsholtz, who had an old computer and decided to donate it as a charity to an orphanage. Well, Ted reformatted the drive first, and then re-installed Windows. He believed that this was enough to completely destroy the data previously on the disk.
But after these actions, Beitsholtz had doubts, and he decided to make a check, contacting the expert Kevin Krantz. And he immediately found old payment documents on the "formatted" disk ... data on financial transactions ... some of the data about Ted's private existence that could be very effectively used as a blackmail lever ...
According to Kevin Kranz, in order to extract this data from a supposedly "cleaned" disk, it took him about 40 minutes of time and the presence of certain software tools. The list of recovered files was many tens of pages.
Subsequent comments from those who played their roles in this action were as follows.
Beitscholtz: "I am very surprised how much information they managed to extract from the formatted disk."
McLaughin: "Yes, information is never deleted unless the space where it was recorded is overwritten with new information."
Krantz: “I was able to recover even the data on those who were invited to government golf courses. But this is no comment. "
Of course, you can spend some money and buy programs to erase data from the magnetic surfaces of hard drives. But McLaughin recommends more radical, less costly, and more reliable methods.
First of all, you need to use a drill to drill a package of discs inside the hard drive (hard drive) in several places through and through - with a drill of the largest possible diameter. And then it would be necessary, for more peace in a dream, to break what happened with a large hammer. And after that, never regret what you did.
We have just discussed the most common, and indeed, the most widely available software method of data elimination, which does not require the use of special hardware or mechanical means. There is, however, special equipment for demagnetizing hard drives and other magnetic storage media. There are also methods for the complete physical destruction of media, which no longer leave the slightest possibility of data recovery.
Devices for demagnetizing disks are very effective tools, since, in principle, they provide the desired effect for disks in aluminum cases with an increase in the magnetic field compared to the working one, starting from 2 dB. But it should be noted that not only the level of the external magnetic field is important, but also the duration of its application. And more on that later.
There is no need to discuss standards for erasing information from magnetic tapes here because of their rare use in modern practice. Therefore, I immediately turn to discs, with which everything is more complicated than with these very former tapes. In fact, physical demagnetization using an external source of a magnetic field leads to the destruction of all information structures on the magnetic disk, including synchronization bytes, identification fields, error correction fields, all other paraphernalia, which, in general, equates this procedure with the physical destruction of the device - after that, it must be restored in the factory conditions.
But you need to understand that it is not so easy to perform this kind of operation: it requires the use of very special equipment, expensive and inaccessible. An interesting example: to demagnetize a large 14-inch hard drive used in a mainframe, the US Navy research labs used a 2.5 MW (!) Electromagnet, and it did its job in just a minute.
I am deliberately not paying attention here to the ultimate method of information destruction - the physical destruction of hard drives. This is all described in detail by Sergey Karpov and presented in images courtesy of my friend Zen from Toronto ( www.zenvendor.com ).
Persistent memories
Everyone knows that in every computer there is a BIOS (basic input-output operating system) or some other permanent memory that determines the primary, to turn on, the configuration of the entire system.
The most important function of the BIOS is to check the basic hardware components when the computer is turned on, such as memory, keyboard, and hard drives. After confirming the safe state of the system, the first sector of a floppy disk, hard disk, or CD-ROM is loaded into memory. Actually, this is the initiation of the operating system boot.
What are the threats of BIOS tampering? First of all, the aggressor tries to boot the system, which has a significant source of danger in case of unauthorized attempts to enter it (floppy disks, hard drives, CD-ROMs, other types of media, including USB-flash memory).
And if it was possible to simply turn on the computer hardware, then the job has already been done: the system is discredited, because there are many software tools to copy a hard disk of any capacity bit by bit for subsequent dismantling with it at any level of complexity of the information stored on it.
There may be other ways to compromise the system, for example, very quickly inserting Trojans into it in order to subsequently only remove the requested data via the Internet. This practice applies to most existing data processing systems, including office client systems (workstations) and servers, not to mention real personal computers. So, what are the ways of getting into BIOS:
• using passwords, which are sometimes provided by CMOS circuit manufacturers in case of emergency;
• Recovering BIOS passwords using known methods of recovering cryptographic keys;
• complete elimination of CMOS content by software methods;
• complete elimination of CMOS content using hardware methods.
In modern motherboards, BIOS programs are stored in CMOS circuits such as FLASH EEPROM2. When the power is turned off, the data in such schemes, of course, does not disappear; and they can be reprogrammed using special utilities published on the websites of motherboard manufacturers.
Previously, on such sites, it was easy to find software modules for free BIOS updates and install them using the same utilities. I have done this myself many times when updating BIOS on ASUSTeK and Gigabyte motherboards. Other times are now in the yard. After the marketing efforts of well-known BIOS vendors such as Award Software, American Megatrends, Phoenix and MR BIOS took place last year, getting updates in the normal free mode as it was before (they have little profit from direct sales of BIOS circuits!) extremely difficult. So contact resellers like www.biosupgrade.co.uk , who will not stand up for the price, but will keep it.
Of course, in a sense, systems of this kind can now be viewed as an archaic legacy of the 50s of the last century, but to this day nothing has replaced this phenomenon, in which one can see the current deep satisfaction and offensive subsequent brake for monopolists of the market of components for personal computers.
So what to do with the data stored in the BIOS, which is traditionally called CMOS RAM? Rather, how to destroy the data stored there, which just needs to be done in some cases, for example, when completely getting rid of previously former operating systems?
If you have an initial MS-DOS system, you can use a simple sequence of commands from the DEBUG toolkit:
Debug
- 70, 2e
- 71, 0
- q
Generally speaking, there are all sorts of variations of these sets of commands for BIOS of different types and different manufacturers, but the main thing remains the same: these are commands that examine I / O ports 70 and 71 in standard motherboards for Intel processors, which provide access to CMOS memory; it is through them that the checksum of the data stored in the permanent memory is destroyed. And this leads to the fact that when the computer is restarted, the initial parameters are set in the CMOS memory, which do not store either passwords or personal choices of users. For those who do not want to turn to the DEBUG tool, a list of freely available programs can be advised that quite successfully cope with the problems of clearing CMOS3 memory.
Belarusian motive
With the not-so-mastered demand for information destruction systems, it must be admitted that there are solutions in our almost native markets that seem to be effective. On a search query, I managed to find a certain Minsk enterprise "Beltim", which positions itself as a "system integrator in the field of information security." To me personally, system integration in this very private area does not seem possible, but I will not argue: everyone is free to call his field of activity as he pleases.
Without trying to advertise, I will nevertheless quote what is said on the website of our Belarusian specialists: “The advantages of destroying information with these devices over other methods.
The traditional methods of destroying information are: mechanical (press, sledgehammer) and electromagnetic erasure (formatting for hard disk drives and floppy disks, erasing cassettes in tape and video recorders). In the first case, the carrier itself is mechanically destroyed, and its reuse becomes impossible.
In the second case, the time for destruction of information is greatly increased, from several minutes (formatting floppy disks, ZIP disks and hard drives) to several hours (erasing video and audio tapes).
In "Stack" products, information is erased by magnetizing the carrier with a high-intensity pulsed magnetic field (hundreds of kA / m). The time of exposure of the magnetic field to the source of information to be removed is less than one second. As a consequence of the above, the main advantages of this method are the speed of destruction of confidential information and the reuse of the medium later.
• Information safes are designed for quick (emergency) erasing of information recorded on floppy disks, magneto-optical, hard, Zip- and Jaz-disks of a computer. Products can be used to store information carriers, including those used at the time of erasure, and have the ability to remotely initialize.
• Recyclers are designed to quickly erase information recorded on 3.5-inch floppy disks, Zip and Jaz discs, micro- and audio cassettes, video cassettes (VHS type), streamer tapes and hard disks that were not in use at the time of erasing. All magnetic media, except hard drives, can be used after disposal. The products are not intended for storage media. "
From my point of view, these last utilizers do not stand up to the slightest criticism - due to their complete uselessness. Better to grab a hammer and strike accurately - even on your own office desk. As for the "reuse" of the medium (except for hard drives), it is still cheaper to go to the nearest store and buy a new one there for a cheap price, without torturing yourself with subsequent doubts.
There are other methods, not software, to destroy data in CMOS. Most motherboards have jumpers that can be closed to reset the CMOS state. They are usually labeled CLRTC, Clear CMOS, or PWRD. Of course, before using these tools, you need to read the manual for the motherboard. It usually takes a few minutes to close this jumper for the CMOS content to be erased.
In case the motherboard does not contain jumpers of this kind, you need to temporarily remove the battery powering the CMOS memory circuit. Typically this is a long lasting lithium disk battery, clearly marked on any of the motherboards. In difficult cases, you will have to unsolder this kind of power supply, but this can only happen in older models of motherboards.
Finally, you can simply close certain contacts on the CMOS circuits themselves, which is not entirely correct, but ensures the elimination of information in these chips. You can find additional data in already refereed sources.
It seems that all this, described in this chapter, as if it does not apply to the direct interests of the CIO, but it is not. First of all, it is the CIO who should be concerned about the state of critical data located in its subordinate information economy. And the question is very acute: how can you destroy all the contents of the memory of computers and multi-gigabyte server data stores in a matter of seconds?
Well, you must! RAM
Contrary to the traditional, "obvious" opinion, the data presented at the moment the computer's power is turned off do not disappear at all in the RAM 4 circuits, but are somehow retained - at least until the next power-up.
Circuits of both known types - both static (SRAM) and dynamic (DRAM) - are subject to this effect, but, of course, static circuits are much more indicative in this regard. Early chips like SRAM could store data images in cells for several days (!). In general, it is possible to create memory circuits that can hold information for an arbitrarily long time, and even after turning on the power - with the function of subsequent rewriting of the entire field. Something like a "rewritable ROM". This idea could lead to the creation of a computer that would not need to boot at all when turned on: it would simply instantly restore the system configuration from the last power off - as if the lights were on. And yet, as far as I know, reliable solutions of this kind for mass applications have not yet been found.
DRAM-like circuits can also store images of past deeds, but in a different way compared to SRAM circuits. These are not charges that are stored in the cells of the circuit, but some electronic images imprinted in the oxide (oxide) layers of microcircuits under the influence of electric fields applied to active elements. Interestingly, the effect of memorization largely depends on the duration of the state. That is, if the computer is idle for a long time before shutting down, the probability of long-term storage of information in RAM will be significant.
In principle, the effects of residual information retention are tested by any of the manufacturers of memory circuits, but the test data is not published for the general user. Moreover, in a conventional computer system it is simply impossible to activate special modes that test microcircuits for this effect and read residual data. Nevertheless, it is quite possible and in the right cases finds application.
The simplest, but very dangerous method of completely destroying data in RAM circuits is to lightly heat them. An increase in the chip's temperature - 140 ° C above the ambient temperature - completely destroys any remnants of the captured information. To guarantee the result of this act, its duration should be several hours.
Conversely, if you want to store data in microcircuits, they must be placed in a thermostat, setting the temperature to no higher than –60 ° C. This will save residual data in chips, not just days or hours, but weeks!
Simply rewriting data in RAM memory circuits does not have the same efficiency that is possible with the destruction of data on magnetic media. The point is that the application of electric fields to oxides does not deprive them of the "memory" of the previous states. Actually, we are talking about the fact that over time, with a growing set of past states, the probability of preserving the previous states decreases.
It is clear that in normal mode the voltages applied to the microcircuit are the same. Therefore, the application of a voltage to create the opposite cell value for, for example, several microseconds will not cause significant changes in the state of the active element oxides.
Thus, in order to completely erase the residual data in the microcircuit, it should be subjected to thermal effects at the highest possible temperature. But this leads to a sharp decrease in the reliability of its functioning and a reduction in the period of overall performance.
Break up?
The problem of data security is becoming increasingly important in today's business environment around the world and in our country. Perhaps this is determined by the growing competition and the expansion of the spheres of industrial espionage, and in our country, it seems, also the traditional desire to hide everything that can be hidden away. Of course, we must not forget about the problems of government agencies and security services associated with physical data protection, which are becoming increasingly high priority.
Recently, the data security issue has attracted widespread interest. In my opinion, this is partly due to the expansion of the storage segment and the development of Business Intelligence / Decision Making systems. As a result, the theoretical possibility of physically moving data carriers outside the office becomes a serious danger for organizations that do not want to allow critical information to be released.
On the other hand, customers appear who, due to the specifics of their activities, are simply obliged to destroy information before moving the media outside the organization's office, for example, when replacing equipment in security services, government organizations, or in trivial cases of replacing disks under warranty. Therefore, there are users who pay extra money for the right not to return drives for warranty repair - just to physically not take the drive out of the office.
So, the issue of the security of information stored on magnetic media, primarily on hard drives, has become a matter of destroying this very information. In my memory, when discussing this issue, several answers arose. The first thing that comes to mind is to programmatically erase the data, the second is to use a strong magnetic field to "rude" data destruction. However, there are rumors that the special services have special methods for recovering data after these procedures, therefore, the data will not be 100% “protected”.
Therefore, issues of physical access restriction or even destruction of disks are on the agenda. Of course, you can store media in safes, but this brings up many additional questions - how long to store? But what if the disks are stolen from there? etc.
According to the general opinion of the information technology experts with whom I had the opportunity to discuss this problem, the most reliable way to protect data is to physically destroy the media. To this day, there is no standard device that would physically destroy hard drives (at least I am not aware of this), but the apparent simplicity of the problem immediately triggers a whole set of proposals. For example, to install a shelf with disks inside a certain press, which, at the command of the system administrator, simply flattens this shelf with disks, destroying them physically.
More anecdotal is the UK precedent. The specifications (weight and size (!)) Of a hammer were proposed and, most interestingly, approved by the government, which should be used by system operators to break hard drives after their operation ends (of course, this rule applies to data carriers used in information systems starting from a certain level of security and data protection requirements).
Thus, to date, of the really guaranteed ways to save data on disks, there is most likely only physical destruction of disks. And, as follows from the above, a lot of methods of physical destruction of magnetic carriers can be invented.
The conclusion that follows from the above is paradoxical: in order to more reliably destroy data in RAM memory, they need to be changed as rarely as possible, and in order to store them reliably and safely, they need to be updated as often as possible. According to experimental data, storing data in a cell for one second practically does not reveal the effect of residual storage, one minute gives a sufficient probability of determination, and 10 minutes gives an almost complete probability of data determination.
Thus, an effective solution for non-recovery of data from microcircuits is to constantly change the states of the cells so that the images are not stored in the oxides. This method, which is inapplicable in general, can be applied to some areas of the RAM in which particularly sensitive data are stored, for example, encryption keys.
Chrysanthemums have withered ...
I am deliberately leading this motive, which has been such a call for about thirty years. We are talking about floppy disks and floppy disks, other similarities of this type of magnetic media. How we loved them, when they became smaller, larger, harder and more beautiful! They were true kings in our pockets and portfolios.
But tell me, will a graphic (image) file in tiff format, and, by the way, a good resolution jpeg, fit on a familiar 1.44 Mbyte floppy disk? What about placing mp3 files? Now the situation is such that the technology of removable magnetic media is curtailed exponentially, as it happened at one time, say, with typewriters or with movie cameras based on 8-mm celluloid films. Recently, Dell Computer, which remains the leader in personal computer sales, announced that it will no longer install floppy drives in mass production. Little known fact, but Apple got rid of floppy drives back in 1998, in at least some of its mainstream computers.
Cognitively, it is very interesting that the first floppy disk with 8-inch geometry appeared in 1971 as a device for a very specific purpose: it was a data storage device for booting a computer the size of a large room (IBM, Rochester, NY). The famous founder of Seagate Technology Elan Shugart was then the head of the IBM division, which dealt with RAM, and there were always enough problems with it: at the slightest malfunction or power outage, all data disappeared. Therefore, Shugart decided to create a medium that would contain information sufficient to restore the working configuration of the computer. The decision was not easy: initially it was the external resemblance of the usual "vinyl" records, known in the sound recording of the past years, which were extremely unreliable due to the mechanical vulnerability of their magnetic surfaces. Therefore, a fateful decision came - to enclose these magnetic disks in slotted envelopes, to which the magnetic heads of the reader were fed.
Three years later, the ability to quickly write information to disks became a reality, as IBM tried to find a replacement for punched cards as soon as possible. The first 8-inch floppy disks appeared, each with a capacity of 128 KB, which was equivalent to the contents of 1,600 punched cards. In 1977, floppies found their way into hobbyist computers, operating in CP / M on Altair and Imsai Personal Computer installations. Awesome, but true: a floppy disk cost $ 750 back then, but that was ten times less than what it would have cost to buy a hard drive.
According to IBM historian Dave Bradley, the first 5.25-inch floppy disks were invented at the San Jose IBM Research Center in August 1981 for use in personal computers. In general, until 1982, IBM personal computers did not have a hard disk. They each had two 5.25-inch drives: the first contained the operating system on a floppy disk, and the second contained application programs and data.
With what spiritual trepidation we used these really "bendable" Bulgarian-made records with the inscription "IZOT" in the mid-80s! As I recall, then such a contraption could be purchased for at least 3 rubles. Seems a little? No, it was the price of a bottle of then-quality Georgian wine like Kindzmarauli.
In 1982, IBM introduced a 10MB hard drive into the PC, and a year later, the first 3.5-inch floppy disks appeared on the Apple Macintosh. Well, off we go ... In 1995, the peak of popularity fell on the Zip floppy disks, produced by the rather pretentious, but not very successful company Iomega, with a capacity of 100 MB. 10 million drives were sold that year, and an average of ten floppy disks were bought for each drive. In 1996, we also had an attack of such addiction in the publishing house. Then there were attempts by Imation and his comrades to release a certain "Super Drive", which, ultimately, also turned out to be nothing more than an embarrassment ...
During the years of their glory, floppy disks were not only carriers for the exchange of programs and data between computers, but also the basis for the distribution of new programs, the main means of loading collapsed systems, data backup, etc. At the peak of popularity, in 1995-1998, every year in the United States was consumed 5 billion floppies! Some people recall that at some time the Microsoft operating system was published on almost 25 floppy disks.
The true destroyer of floppy disks were CD-ROMs, later CD-RWs, which almost immediately had a better capacity / price ratio compared to disk drives. However, the demand for already almost archaic products varies greatly by region and territory. Despite the fact that in Europe and North America a clear preference is given to various kinds of disk media and flash memory, in Latin America, in China and, oddly enough, in Japan, the popularity of traditional 3.5-inch floppy disks remains significant.
One thing remains in common for any type of disks and floppy disks: if you need to destroy data on them, then the easiest and most reliable way is to take and break them physically into pieces, and if completely, then burn them after that.
Good health and sweet dreams!
This is what they think in Voronezh.
Based on the interest in gaining knowledge and opinions, I strongly advise you to get acquainted with the work of a certain Vladimir Meshcheryakov, Doctor of Law, Professor of the Department of Forensic Science at Voronezh State University, entitled almost longer than the text of the article itself: "Theoretical Foundations of Criminalistic Classification of Crimes in the Sphere of Computer Information" (easy to find via google).
I don’t know what is happening in the field of crimes with computer information, but this is probably about the same as what happens in the field of crimes with toilet bowls in public toilets. In order not to take up a lot of space and not to distract the consciousness of dear readers, I will quote the first phrase that appears to the public. "Then any crime can be described as follows - RxMxWx, where x is any of the previously identified levels of computer information representation." I guess that's enough.
But there are even more serious insinuations. For example, such (the vocabulary and syntax of the author's text are observed). “Destruction (destruction) of information. The most understandable type of crime from a criminal legal point of view, which is the physical destruction of information. From the point of view of forensic science, this is the most difficult type of crime, since it practically does not form any traces. Based on the classification feature of this type of crime (RoMoWx), the main task of the investigation will be to establish the very fact of the destruction of information and the detection of tools (means) to influence information). " No comment.
1. Morgan Palmer, What Could Be Hidden on Your Old Computer? - www.kltv.com .
2. EEPROM - electrically erasable programmable read only memory. A microcircuit capable of storing data when the external power is disconnected for a long time. Data can be completely erased by applying a voltage higher than the established limit of about 5 V, but this is a very risky experiment. The life cycle of an EEPROM is typically in the range of 10,000 to 100,000 rewrites of content. Therefore, any BIOS reconfiguration is a step in the life of this element. [back]
3. Allgeuer R. WhyBother About BIOS Security? - Sans InfoSee Reading Room - www.sans.org/rr/ .
4. RAM - random access memory. According to the terminology that developed back in the 50s of the last century, memory of this kind in Russian is called “operational”, but if we follow the modern vision of the functions of devices of this kind, then such memory should be called “operational”. However, revolutions, even in linguistics, do more harm than good. [back]
Based on the materials of the magazine "CIO".
It is known from the theory of magnetic recording that information is recorded by the sequential action of an external magnetic field, which changes according to the law of an informative signal, on various parts of the carrier. Erasing occurs in the same way, but instead of an information signal, a signal of some frequency is sent to the erasing magnetic head.
Proceeding from the fact that it is necessary to perform two main tasks:
1. Completely destroy information;
2. Do it as soon as possible, preferably instantly.
It is not possible to influence a separate area in order to destroy only part of the information. Therefore, it is necessary to influence the medium as a whole.
In this case, there are two options.
1. Influence the carrier with a permanent magnet, carrying the carrier past it. The disadvantage of this method is the impossibility of demagnetizing large media without using a large magnet, as well as the need to carry the media through the magnet, which takes a certain amount of time and is difficult.
2. Influence the carrier with a powerful electromagnetic pulse.
What does this method allow?
- information carriers can be in special cameras and at the same time be fully operational. (for example, hard drives);
- data erasure occurs instantly, for this you only need to put the accumulated charge into the camera.
There are several types of such devices developed both in Russia and abroad. One of the representatives of such devices is a line of products united under the brand name "Raskat" produced by the Scientific and Production Company "New Electronic Technologies"
Functionally, "Raskat" has three main modules united into a single structure - a charge storage module, a camera and a control module.
The charge storage module accumulates the charge required to erase the information. After the charge has accumulated, and this happens in 2-4 seconds, the product is ready for erasure, and in the presence of an electric power supply, the "Roll" can be in this form as long as you like. It is possible to work with autonomous power supply, or in some models, power supply from the vehicle's on-board network. An autonomous power supply module for 24 hours is offered as standard.
The erasing chamber is designed in such a way that the data carrier is completely affected by the magnetic field pulse. A cooling system has been added for the use of information carriers when they are in the erasing chamber. This is important when working with hard drives (especially SCSI). In the case of personal computers, the cameras, as well as the entire unit, are built into the PC case in such a way that they do not interfere with the placement of the rest of the PC parts (motherboard, expansion slots. Modules are embedded in the customer's PC.
The control module is designed to receive commands, process them) in accordance with the specified algorithm and the erasing pulse activation In the simplest version, the erasing command is given by pressing a button built into the device.
It is possible to use a remote button located remotely, for example, at a security post.
Assuming that a crisis situation can begin at any moment in time, an algorithm was proposed for triggering the device when a command is sent from radio key fobs. As a standard, two types of remote controls are assumed - a typical one, operating at a distance of up to 50 meters in the line of sight and reinforced, which allows not only to turn on the product from a distance of up to 1 km in the line of sight, but also to receive confirmation of the origin of the command.
To protect unauthorized access to the media, if for some reason it was not possible to find out about this attempt in a timely manner, the control module provides several more activation algorithms.
The most common of them are turning on when trying to open the case, when turning the Mobile Rack key, and turning on when lifting the case.
If necessary, control loops are connected to reed switches, motion detectors or other security sensors.
If you need authorized personnel access to the information carrier, it is enough to insert an access key, which is simultaneously a means of monitoring the performance of all switching algorithms. If, for some reason, when installing the data carrier, at least one of the loops was not put in the normal ready position, which can lead to instant erasure of the information when the key is removed, the key indication will signal this, and the signal will not disappear until all the necessary settings will be produced.
A separate algorithm is the PC power-on blocking device. This algorithm is not usually associated with triggering the "Roll", but when used together, it greatly increases the security of data on the PC. It will be almost impossible to turn on the computer without using the personal Touch Memory ID. We'll have to open the system unit, which will naturally trigger the device and erase information from the media.
In conclusion, I would like to note that the products of the Raskat series are harmoniously integrated into the already existing means and systems of information protection, while allowing to significantly increase the security of information processed at a protected facility. At the same time, simplicity in operation, lack of settings allows any unprepared user to operate this product, who has read the operating instructions at least once.
Reliability, ease of use, guaranteed, instant and complete destruction of information on any magnetic media, including any, even working at the time of destruction, hard drives - these are the main advantages of this device. And in combination with the fact that it can be built into the case of any personal computer or carried with you in a diplomat, devices of the Raskat series become unique and irreplaceable assistants in ensuring corporate and personal information security.
Whitaker Brothers 102-DG. Killer of magnetic disks.
In the days of computer youth, when 5.25-inch floppy disks were still in use (they had not heard anything about 3.5-inch ones at that time) and reel-to-reel tape recorders, for any user of these media the biggest tragedy was meeting ... an ordinary magnet. The main disadvantage of magnetic tapes and disks was that in direct contact with a magnet, all data was inevitably lost, became indigestible, and the medium itself often lost its ability to further read-write cycles.
The intriguingly named Whitaker Brothers is the manufacturer of a totally awesome thing called the Disk Erasing Wand, designed to ... right! - destruction of data on magnetic media.
The spatula, which looks like a pastry shop, weighs one pound (453 grams), but in its effect on magnetic disks or tapes, still used by mankind (some organizations are surprisingly inert and unhealthy conservatism when it comes to hardware upgrades) analogue of a single piece of magnet weighing ... 10 kilograms!
By swiping such a paddle over a floppy disk, you can be sure that the unfortunate drive will lose not only all data, but even magnetic tracks created during low-level formatting. Neither hard drives, using all the same magnetic technologies for data storage, nor streamers are immune to these weapons. On the other hand, more advanced CDs or flash drives will feel great.
According to the manufacturer, the impact power will be at least 6,000 gauss with the maximum 102-DG capabilities of 12,000 gauss. The price of a miracle weapon will not seem small to anyone and amounts to as much as 800 American dollars. We do not know whether this product is delivered to the countries of the former USSR, but, according to information at the office. website, anyone can purchase Disk Erasing Wand.
Huge amounts of information are stored on magnetic media, and this information can be erased using special devices and programs.
The device for rapid destruction of information for magnetic carriers "Stack" is based on the concentration of a directed magnetic field, which reorients domains on a magnetic carrier and thus erases information.
These devices destroy records on microcassettes, audio cassettes, floppy disks, ZIP disks, videotapes, computer hard drives. There are universal utilizers that erase information from several types of media.
Recyclers and safes
Rapid destruction devices for magnetic media are divided into utilizers and information safes. When using recyclers, you need to remove the hard drive from the computer, place it in the device and erase it. Which is quite inconvenient when you need to quickly destroy. When using information safes, the hard drive can be in working order, and information from it will be erased within a specified period of time.
When using destruction devices, inconveniences are also possible. "Having destroyed information on audio, video cassettes and floppy disks, these media can be used in the future. And hard drives and ZIP disks become problematic to use, since the manufacturer applies special markings on them, which is also destroyed. Theoretically, these media can be restored, but it's easier to buy new ones.
The disc will be kept alive
There is, for example, the "SGU" program that does not require hardware support. "When using a shredder, the physical structure of the disk is not destroyed." Software systems allow you to delete information selectively, leaving the system and erasing confidential information. This is a flexible scheme of impact on the carrier, without destruction. The speed of information destruction with the installed system "SGU" depends on the characteristics of the motherboard, processor, but first of all - on the type of hard drive. On a medium-speed hard drive, 80 gigabytes of information are erased in 16 hours, on a high-speed one - 2 times faster.
The customer is classified The
demand for information destruction devices is growing rapidly.
Devices for destruction of information for magnetic media are used in several areas. Experience shows that they are most often used by security structures that conduct audio and video control. "They accumulate hundreds of tapes that must be destroyed. The tape recorder does not erase, it puts the next tape on top of the previous one, so it is convenient for security guards to use such devices," says Alexander Matveev. The next circle of users is the recording industry. With the help of devices - information shredders, they clean tapes for subsequent recordings. Traditionally, there is a demand for such devices among the departments of the regime of large enterprises, especially those related to the defense industry, nuclear energy, etc., where information is classified.
The circle of customers for information destruction devices has been defined, but it is not so easy to find a specific user. Information destruction devices are of interest to those companies that store and transport a large number of information carriers. None of the users of information destruction devices will name themselves. It's no secret that such devices are often used in spite of anything else. Therefore, their customers strictly classify themselves.
