For example, I do one shred with the 35-pass Guttman method once. Or, I can do the 7-pass DoD method 5 times. Which would be more effective for bypassing any forms of data forensics?

PGP’s Shred Free Space includes the option to shred metadata as well as file space on NTFS volumes. I have no idea how it works, but I presume that they were able to get enough info from M$ on the innards of NTFS to know how to do that safely. My guess is, considering how hard it’s been to get even enough info to create the Linux NTFS drivers, it may be a trick to find out what has to be found out to accomplish that.

However, what would be the degree of difficulty finding and shredding metadata for such as Ext3 and Reiser? At least the technical details are freely available. Anyone know enough about them (which means, a lot more than I do) to estimate the practicality of getting shred to handle those cases?

No, there’s nothing that’s popularly available on disk drives as currently done. The stuff that’s out there is pretty generic, but you’ll never see discussion of modern encoding schemes, ECC schemes, error recovery and management, or the like. That’s all vendor proprietary and secret. There are even quite a few secret ATA commands that are vendor proprietary that are usually disabled and hidden after manufacture.

As to the Seagate FDE drives, they have to have a password entered at boot time since it’s full disk encryption and unless you give the right passphrase you don’t get access to the disk at all. It’s an enhanced version of the BIOS password since it’s actually the key to the AES engine.

There were older variations of this scheme that weren’t all that secure. The old version used by the IBM laptop drives was a far simpler encryption scheme that could be broken by brute force if needed (there were several companies that specialized in this).

A few years ago, I fell in love with that animation.

They had this form where you could order a free shirt that had the… _|_ mathematical symbol for perpendicular on it and the text “Get Perpendicular”, with Hitachi on the front. I missed the opportunity, and want it so badly.

You do know that ext3 is a journaling file system a using meta data to keep track of everything on your hard drive.

That is the only way it can recover information in a power blink, system crash, etc.

So it is still possible to recover the data through the meta data on the file system…

-Shane

*cough* Here’s an educational vid on Perpendicular Magnetic Recording…

http://www.hitachigst.com/hdd/research/recording_head/pr/PerpendicularAnimation.html

Very informative. I have not used a drive with hardware encryption yet, and was curious as to where/how the passphrase was entered. Does it need OS support to prompt during boot, or is it related to the same BIOS-based password protected HDs that I have seen and used?

Also, if you know of one off the top of your head, would you be able to point to a good whitepaper or book to read up on how modern hard disks actually work?

Drives have a fair number of spare tracks. When you hit a TA (Thermal Asperity) or similar event the drive goes into recover mode and uses some increasingly severe recovery methods. If it can recover the sector (and generally it can) the sector is remapped to one on one of those spare sectors, data copied over, and you never know about it. So if you ever see a sector fail in a modern drive you know it’s time to go get a new one since you’re running on margin.

Since a sector is only 512 bytes these days (going to 4K but slowly), your data exposure risk to one of these remappings is relatively low, especially as things like TAs tend to grow and effectively erase more data in that sector.

The Seagate FDE drives use a special faster controller with AES hardware support inside the drive so that they can do full-speed encryption without burdening the CPU. They’re completely transparent except to your wallet. But if I were a company and had anyone dealing with SSNs or credit card numbers they’d be mandatory in their computers.