[LINK] Self-erasing flash drives destroy court evidence

Tom Cleary tom.cleary at gmail.com
Sat Mar 5 01:38:45 AEDT 2011


Hmmm.... now you've opened a can of worms.

"Cloud" is even more problematical than SSDs - can you even know which
country your deleted data is hosted in?

Talk about lying to the O/S - is there any incentive for a Cloud supplier to
actually delete anything?

Why not just flash up a confirmation window and move on?

For more restrictive regimes, it may buy time for the intelligence community
to suck the marrow from live debate and as the Google in China case shows,
the Net is bent to local whim most places....

>From personal experience, the "low hanging fruit" of Cloud based crime (
http://www.perthnow.com.au/news/western-australia/police-hacker-avoids-jail/story-e6frg143-1225958450764)
is rare and becoming rarer.

After all, getting a warrant for a server in Khazakstan so you can gain
access to a secured website is probably never going to become easy, even if
there's effectively no local privacy legislation ( cough, cough USA... cough
)

The question is more about practical than theoretical availability and for
many "cybercops" the odds are getting longer that practical availability
achievable, particularly as volumes of evidence rise.

tom.

On Thu, Mar 3, 2011 at 10:04 AM, Fernando Cassia <fcassia at gmail.com> wrote:

> On Wed, Mar 2, 2011 at 8:55 PM, Bernard Robertson-Dunn
> <brd at iimetro.com.au> wrote:
> > Self-erasing flash drives destroy court evidence
> > 'Golden age' of forensics coming to close
> > By Dan Goodin in San Francisco
> > Posted in ID, 1st March 2011
> > The Register
> > http://www.theregister.co.uk/2011/03/01/self_destructing_flash_drives/
>
> Thanks for the Link.. I' ll see what the Rogister has to say. It's
> funny that this piece sees the light just days after I read this other
> one, claiming data on SSDs is almost impossible to erase ;)
>
> Study: SSDs Are Resistant to Current Data Erasing Techniques
> Jason Mick (Blog) - February 22, 2011 10:15 AM
>
> http://www.dailytech.com/Study+SSDs+Are+Resistant+to+Current+Data+Erasing+Techniques/article20965.htm
>
> My gut feeling is that this is a tempest in a teapot.
>
> Regardless of which of these reports you prefer the problem is
> obvious: SSDs have its own internal magician that writes data at the
> time it wishes and on the sectors it wishes, based on its own internal
> algorithms.
>
> Basically, SSDs have firmware with its own optimization routines that
> in order to maximize flash life and minimize access times, lies to the
> OS. It says it's written something somewhere, but in order to save
> expensive (slow) flash writes, it doesn't always end up writing that
> data in the next flash memory sector. In fact, for what I' ve read it
> can shuffle around areas with frequent writes to maximize the overall
> life of the whole drive.
>
> Those kind of "optimization algorithms" do not exist on a spinning
> hard drive, which only understands of Cylinders, heads, and sectors.
> Yes, there might be some virtualization and on-the-fly-translation
> going on (faking heads and sectors to comply with BIOS limits) but
> data writes are respected and data is not "moved around" by the
> drive's firwmare as happens with SSDs.
>
> I have mixed feelings with SSDs... for one I like the nzero seek
> times, and the peace of mind that a crashed head won't ruin an entire
> drive's contents.
>
> On the other hand, I wouldn't run any apps that do a lot of saving in
> small batches, like torrent downloads to a SSD. The OSs also need to
> be optimized for SSDs in order to minimize writes. Really, what's the
> point of the OS doing a disk write every time you decide a given icon
> in your desktop 20 pixels to the left or right, instead of just saving
> the icons' positions on the desktop when you invoke a system
> shutdown?.
>
>
> How will SSDs challenge data forensics? I don' t know, but I' d like
> to think the issue is moot. Criminals will use the cloud, emails and
> other telecommunication networks at one point or another and that's
> where they' ll get caught, just as happens today.
>
> In fact, I wonder how many criminals convicted actually got a chance
> to attempt to erase their hard drives before they got handcuffs in
> their wrists and a gun pointing at their head... so that forensics had
> to be used to recover it.
>
> FC
> PS: People can use free Open Source software like "Eraser" to erase
> their spinning hard drives today http://eraser.heidi.ie/ which lets
> you choose among many government data erasing standards (which
> supposedly re-writers the same sector so many times that makes "ghost"
> magnetic data from previous generations overwritten as well). Did the
> availability of these tools prevent any criminals from being
> convicted? I don't think so. The hard drive is just a small part of
> the evidence in any criminal case. Just my $0.02
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
>



More information about the Link mailing list