[mred2000]

... Does it exist?

Apparently so:

Quote:

Originally Posted by robertcrowther

All software that is available to the public that erases data leaves a fingerprint (id) on the hard disk/usb stick, this is a requirement in law and any software that does not is not permitted.

However, this then raises the question:

Quote:

Originally Posted by ibatten

Could you show me where in the Linux kernel this is implemented?

So, has anyone heard of this legislation before now and has anyone got links to any solid information regarding it?

[Stig]

What form would this "fingerprint (id)" take? We have quite a few developers post here, so they should have heard of it.

[mred2000]

Quote:

Originally Posted by Stig

What form would this "fingerprint (id)" take? We have quite a few developers post here, so they should have heard of it.

That's what I would've thought. A supposed expert has mentioned it so I'm surprised that more of us weren't aware of it...

[anniebrion]

It would need to be a global law as people can get software for many different countries. I have never heard of this and have been in IT for many decades.

[tealady]

I dunno, but I found a lot of hits offering the service of erasing drives so that Cos could comply with the DPA....

[robertcrowther]

As nobody has ever read about this subject I will post details in stages so that you all can understand.

To start off with the basic understanding read: http://link.springer.com/chapter/10....387-36891-4_15

[anniebrion]

Quote:

Originally Posted by tealady

I dunno, but I found a lot of hits offering the service of erasing drives so that Cos could comply with the DPA....

My company used to provide that service but we stopped when it became easy for anyone to perform this with free software.

[d'@ve]

Quote:

Originally Posted by robertcrowther

As nobody has ever read about this subject I will post details in stages so that you all can understand.

To start off with the basic understanding read: http://link.springer.com/chapter/10....387-36891-4_15

That's just what Guttman theorised though, as discussed in the other thread. it even references his paper. Where's the Government regulation, and which Government(s) would that be anyway?

Not that I think this deserves its own thread, it doesn't, IMO, it just seems to be one poster having a go at another.

[robertcrowther]

Quote:

Originally Posted by d'@ve

That's just what Guttman theorised though, as discussed in the other thread. it even references his paper. Where's the Government regulation, and which Government(s) would that be anyway?

Not that I think this deserves its own thread, it doesn't, IMO, it just seems to be one poster having a go at another.

I've posted the link so that people who've not read about this subject before can get a understanding of what's going on before making comments.

You should read up on people like M. Geiger and L. Cranor, who are Counter-Forensic Privacy Tools experts rather than keep saying about Guttman.

[mred2000]

All I (and many others) want to know about is the specific government legislation regarding the leaving of digital fingerprints when data is being erased, as well as how this is implemented in the Linux kernel. Not the theories surrounding it. Hard proof of legislation.

[flagpole]

Quote:

Originally Posted by mred2000

... Does it exist?

No. it does not. there is no such legislation.

it would have to exist in every country in the world for it not to fall foul of the DP legislation where it didn't exist.

i blame the reverse vampires and the bildeberg group.

[mred2000]

Quote:

Originally Posted by flagpole

No. it does not. there is no such legislation.

Until someone comes up with something solid proving otherwise, and not an exercise of dancing around gardens, this is enough for me.

Since I started coming to this forum, flagpole is one of many posters who has repeatedly given me (as well as many others on a daily basis) good advice and shared knowledge, often backing this up with links to sites etc. Hence I trust what he has to say on this matter.

Unless someone gives actual solid proof of this legislation existing...

[Maxatoria]

The thing is if its law here in the UK it should be simple to just go say look at xxxx regulations section y paragraph z but given i've never heard of and no one i know has either it's some obscure 17th century legislation thats been re interpreted to mean something in the modern light

i was reading about the wikileaks marine and the us military worked over his computers and they could see he'd done some wiping but they were unable to view what was written to the disk before but they didn't give details of the wiping methods used so its hard to say what happened

[Stig]

Quote:

Originally Posted by robertcrowther

I've posted the link so that people who've not read about this subject before can get a understanding of what's going on before making comments.

You should read up on people like M. Geiger and L. Cranor, who are Counter-Forensic Privacy Tools experts rather than keep saying about Guttman.

Page 6 of this paper by M. Geiger and L. Cranor is interesting:

http://reports-archive.adm.cs.cmu.ed...SRI-05-119.pdf

Basically, it says that "just overwriting the data once presents a major obstacle to recovery".

[tealady]

Quote:

Originally Posted by robertcrowther

To start off with the basic understanding read: http://link.springer.com/chapter/10....387-36891-4_15

"Possible ways to access this content


Purchase on Springer.com £19.95 / $29.95 / €24.95 *
Buy now
Or buy the complete ebook £97.00 / $139.00 / €113.04 *
* Final gross prices may vary according to local VAT.

Log in to your account to check if you already have access to this content."

[robertcrowther]

Quote:

Originally Posted by tealady

"Possible ways to access this content


Purchase on Springer.com £19.95 / $29.95 / €24.95 *
Buy now
Or buy the complete ebook £97.00 / $139.00 / €113.04 *
* Final gross prices may vary according to local VAT.

Log in to your account to check if you already have access to this content."

You could always enrol onto a Uni course if you want to learn, or have you never paid for your education?

You are obviously not very successful in IT if you can't afford £20.

[c4rv]

Quote:

Originally Posted by robertcrowther

As nobody has ever read about this subject I will post details in stages so that you all can understand.

To start off with the basic understanding read: http://link.springer.com/chapter/10....387-36891-4_15

Have you got anything newer then a 7 year old paper ?

[flagpole]

Quote:

Originally Posted by Stig

Page 6 of this paper by M. Geiger and L. Cranor is interesting:

http://reports-archive.adm.cs.cmu.ed...SRI-05-119.pdf

Basically, it says that "just overwriting the data once presents a major obstacle to recovery".

I've read this before.

they are dealing with a slightly different scenario. secure erasure from an in use hard disk of specific files.

they do indeed conclude that just over writing the data once presents a significant obstacle to recovery. but importantly where that failed. it wasn't because that data wasn't erased. it was because in using the operating system and applications certain temporary files were created and it was them that aren't erased.

we've all seen this. you open a word document and it immediately creates a temporary file to store the auto-saves. you close your document and the temporary file disappears. at this point if you securely erase your word document the temporary file can still be recovered.

so that is the end of that. next.

[misar]

Quote:

Originally Posted by mred2000

All I (and many others) want to know about is the specific government legislation regarding the leaving of digital fingerprints when data is being erased, as well as how this is implemented in the Linux kernel. Not the theories surrounding it. Hard proof of legislation.

You are not going to get hard proof just more confusion.

The only candidate for legislation is the Data Protection Act (DPA) which puts a requirement on organisations to secure personal information they collect about individuals. Clearly this includes the responsibility to wipe disks etc of such information before disposing of them. There are vast numbers of programmes, many free, which do this to varying levels of security. Whatever "fingerprints" might be left, there would be no usable personal data for any "victim" to worry about and no justification for saying that the DPA had not been complied with.

Only the ultra paranoid need worry about some of the nonsense posted in this thread.

[mred2000]

As I said in the post that someone obviously reported because it hurt their feelings - posting stuff that goes around the gardens is pointless, repeatedly berating folk for various reasons without giving answers points to you as being pretentious and a WUM.

When someone wants to get directions to, say, Leeds they don't start by consulting star-maps or reading geology books to find out how the country was formed and then history books on Leeds to see how and when it first came into existence...

Quote:

Originally Posted by misar

The only candidate for legislation is the Data Protection Act (DPA) which puts a requirement on organisations to secure personal information they collect about individuals. Clearly this includes the responsibility to wipe disks etc of such information before disposing of them. There are vast numbers of programmes, many free, which do this to varying levels of security. Whatever "fingerprints" might be left, there would be no usable personal data for any "victim" to worry about and no justification for saying that the DPA had not been complied with..

That's not exactly what we're talking about. Apparently there's a rumour (as it hasn't as yet been proven to exist) regarding a requirement for digital fingerprints to specifically be left behind by software that erases informantion.

[tealady]

Quote:

Originally Posted by robertcrowther

You could always enrol onto a Uni course if you want to learn, or have you never paid for your education?

You are obviously not very successful in IT if you can't afford £20.

Straw man argument.

[flagpole]

Quote:

Originally Posted by robertcrowther

As nobody has ever read about this subject I will post details in stages so that you all can understand.

To start off with the basic understanding read: http://link.springer.com/chapter/10....387-36891-4_15

Quote:

Originally Posted by robertcrowther

You could always enrol onto a Uni course if you want to learn, or have you never paid for your education?

You are obviously not very successful in IT if you can't afford £20.

I'm not buying because it is clear from the summary what the paper is about. but i don't think you will ever realise how much of an ass the above makes you sound.

'Moreover, some of the programs do not completely erase file metadata, which enables forensic investigators to extract the name, size, creation date and deletion date of the “deleted” files.'

this is not exactly the same as recovering data from a zero'd drive now is it? being as it doesn't apply to a zero'd drive at all. or recovering data.

Nor is it the same as a law that says that all computers must retain indefinitely whatever it is that you think they retain.

next.

[robertcrowther]

http://en.wikipedia.org/wiki/Data_remanence

Note: "As of November 2007, the United States Department of Defense considers overwriting acceptable for clearing magnetic media within the same security area/zone, but not as a sanitization method. Only degaussing or physical destruction is acceptable for the latter"

[misar]

Quote:

Originally Posted by mred2000

That's not exactly what we're talking about. Apparently there's a rumour (as it hasn't as yet been proven to exist) regarding a requirement for digital fingerprints to specifically be left behind by software that erases informantion.

As I said, the only legislation that could possibly have any connection with the title of this thread is the DPA. Most of the posts so far are nonsense just like the rumour.

[robertcrowther]

Another link to read is : http://en.wikipedia.org/wiki/Stochastic_forensics

http://en.wikipedia.org/wiki/Computer_forensics