Talk:Data remanence

Dead link in Reference #4
https://www.dss.mil/portal/ShowBinary/BEA%20Repository/new_dss_internet/isp/odaa/documents/clear_n_san_matrix_06282007_rev_11122007.pdf is a 404 (access date 25/09/08) Anyone can provide mirrors or alternatives? Apapadop (talk) 10:24, 25 September 2008 (UTC)
 * There's a Word document with the same title at http://www.sdisac.com/clearing_and_sanitization_matrix.doc (linked from http://www.sdisac.com/ais.html); I couldn't find any PDFs or other portable formats though. :( -- intgr [talk] 13:34, 25 September 2008 (UTC)
 * Hmmm. According to the ODAA (Office of the Designated Approving Authority) downloads page, the Clearing and Sanitization Matrix has been folded into the ODAA Process Guide (2 MB; May 2008).  That document is... less than clear on exactly what's permitted and what isn't.  The matrix they provide looks like the early 2007 matrix, and indicates overwrite is acceptable.  But I haven't received any notification to that effect.  The most recent Industrial Security Letter that addresses this which I am aware of is ISL 2007-01 (174 KB; Oct 2007).  That explicitly states overwrite is not permitted, and provides a different matrix.  I don't know which document controls.  At work, I'll contact our IS tech rep and see if I can get a verifiable authoritative statement. — DragonHawk (talk|hist) 02:50, 26 September 2008 (UTC)

Reconciling US DoD with others
I find some recent changes don't necessarily agree with the material I am most familiar with. I'm coming from a US industrial security background, which is overseen by the DoD and NSA. The authoritative documents these days are the NISPOM and the DSS Clearing and Sanitization Matrix. These standards make no distinction between sanitization by physical destruction and by other means. Data is sanitizied if it's not recoverable by any known means. Sometimes physical destruction is the only approved way to do that; other time, overwrite is sufficient. If overwrite is sufficient, that's the end of the story; physical destruction isn't a higher level. References: 2006 NISPOM, Page 8-3-1, Section 8-301, which simply defines "Clearing" and "Sanitization", and does not get into methods. ISL 2007-01, pages 19-20, which identifies various methods for "Sanitize", some of which include physical destruction, and some of which are software methods (overwrite).

Now, I don't propose to say these recent changes are "wrong" — the US DoD is but one of many entities which promulgate sanitization standards. It just happens that they are the ones I am familiar with. There are, of course, many other standards. Even US NIST guidelines don't necessarily match up one-to-one, and certainly private industry and other governments are going to have their own takes. All of that deserves coverage in this article. However, reconciling them all, and presenting them with their common aspects and their differences, is going to take some collaboration. It will probabbly help to be explicit, and state where prescription sources from (i.e., "US DSS ISL 2007-01 states that..."), rather than making blanket statements.

I'm hoping this thread will serve to kick off some discussion. Indeed, I think it will be good for the quality of the article to have input from people with other backgrounds. · So, what do other contributors think of all this? — DragonHawk (talk|hist) 00:56, 10 November 2008 (UTC)


 * I agree a discussion is called for. The article needs updating and probably should be merged with data erasure. There is a table there that needs to be updated and expanded. I added a column for "date." It seems the original table was lifted from http://www.dataerasure.com/recognized_overwriting_standards.htm (which is a copyright issue as well). Most of the references seem out of date. I haven't found any current source that says the DoD approves multiple overwrites for sanitizing hard drives. The ISL document you cite as well as the current recommendation at NSA http://www.nsa.gov/ia/government/MDG/NSA_CSS_Storage_Device_Declassification_Manual.pdf both say a drive must be degaussed by an approved device or destroyed. The NSA document notes that degaussing renders the device permanently inoperative. Clearly we should present all notable views and distinguish current recommendations from stuff that is a decade old or more. In particular, the NIST SP800-88 document seems to be the most current and authoritative source for non-classified data in the U.S. As for levels, NIST and DoD seem to use different terminology and we should cover both. We should also add the firmware erase stuff from UCSD CMRR.


 * This stuff is of particular importance from an ewaste perspective. Multiple overwrites take days on modern large hard drives. Industry is going to find doing that prohibitive and will destroy surplus hard drives instead. that in turn makes surplus computers much less desirable for reuse, so they are more likely to end up in land fills. So it is important that we do not give undue weight to recommendations that are now out of date.--agr (talk) 22:41, 10 November 2008 (UTC)

Is "remanence" the most appropriate word?
According to the Merriam-Webster online dictionary (http://www.merriam-webster.com/dictionary/remanence)the definition is: rem·a·nence Pronunciation: \re-mə-nən(t)s, ri-mā-\ Function: noun Date: circa 1880 : the magnetic induction remaining in a magnetized substance no longer under external magnetic influence

The American Heritage Dictionary Deluxe Edition for Windows computer application has a similar definition:

rem·a·nence (rµm“…-n…ns) n. Physics. The magnetic induction that remains in a material after removal of the magnetizing force. [From Middle English remanent, remaining, from Latin remanens, remanent-, present participle of remanere, to remain. See REMAIN.] --rem“a·nent adj.

I believe "remanence" is the fundamental way hard disks normally function. This article, however, is about what gets "left behind" after attempts to erase the data. I suggest that "remnant" is a more appropriate word.

From The American Heritage Dictionary:

rem·nant (rem'nent) n. 1. Something left over; a remainder. 2. A leftover piece of fabric remaining after the rest has been used or sold. 3. A surviving trace or vestige: a remnant of his past glory. 4. Often remnants. A small surviving group of people. [Middle English remanant, remnant, from Old French remanant, from present participle of remaindre, to remain. See REMAIN.]

I suggest "remnant" should be substituted for "remanence", throughout this article. —Preceding unsigned comment added by Hbnoyes (talk • contribs) 15:18, 11 June 2009 (UTC)

FWIW I completely agree: it seems to me that "remanence" is simply a bastardization of the perfectly good and equally descriptive English word "remnants". I find the continued use of "remanence" mildly disturbing, but then I also dislike "color" and "neighbor" and so forth (!). A quick and thoroughly unscientific check on Google mostly reveals people casually using "remanence" when they really mean "remnants" of some kind, seldom relating specifically to computer data. NoticeBored (talk) 08:07, 18 January 2010 (UTC)


 * The term "remanence" comes from the seminal publication on the subject matter, A Guide to Understanding Data Remanence in Automated Information Systems -- the "Forrest Green Book" in the Rainbow Series. The NSA really did write the book on this.  From the introduction: "Data remanence is the residual physical representation of data that has been in some way erased."  It may not match what your dictionary says, but in the field, it's a widely-recognized term (i.e, jargon). I'm weakly opposed to renaming it because of the codifying nature of the publication. • Google for various phrases suggests "data remanence" is the most common, but established Wikipedia articles tend to skew Google results and Internet usage, so that may be inconclusive.  •  If we must rename the article, I would recommend residual data, which I see almost as often as "data remanence" -- but again, I think we should stick with the established terminology. — DragonHawk (talk|hist) 15:13, 26 January 2010 (UTC)

Removing Merge suggestion
I am removing the merge suggestion for this article and Data erasure. This is mostly because it has limited support at Talk:Data_erasure. I'm also removing it because that support seems to be based on assumptions about why the reader is looking at these pages. The best way to help the reader is by assuming as little as possible about why the reader is here. If data remanence is a problem for the reader then permanent data erasure is the solution for the reader. If Wikipedia were a problem-solving manual, it would make perfect sense to discuss both topics in one article. However, we can't assume such a motive for the reader of a general-purpose encyclopedia. Related topics are not "all dealing with the same thing." Just because an editor has a problem-solution orientation, that does not mean that the reader will. Some readers will want to know how data is erased without caring about why it's done that way. Those readers will be poorly served by a redirect from "Data erasure" to "Data remanence." Other readers will only want to know about remanence. Presenting similar or even identical introductory and background content in articles about related topics is something that print encyclopedias do often. Flying Jazz (talk) 23:58, 15 September 2009 (UTC)

Rewrite tag
Recently, an anonymous user at added the rewrite tag to this article, without further comment. Reviewing that user's contributions finds they recently went on a spree of adding that tag to articles without comment. In one case, they did so with inappropriate remarks in the edit summary. Given this, I find the addition of the tag somewhat suspicious. However, given that I've made major contributions to the current state of the article, I'm somewhat loathe to just revert, given the conflict-of-interest. What do others thing? Anonymous contributor, care to comment? What do you object to in this article? — DragonHawk (talk|hist) 21:59, 8 December 2009 (UTC)
 * IMO the tag is not warranted. I removed it. 86.134.9.119 (talk) 12:52, 25 December 2009 (UTC).

RCMP links still standards?
A bit reluctant to make a wholesale change, since I am a very new editor.

The first issue is that the RCMP links are both broken. After some investigation, there is really one one document left. It is numbered B2-002 called: IT Media Overwrite and Secure Erase Products. It can be found here: http://www.rcmp-grc.gc.ca/ts-st/pubs/it-ti-sec/b2-002-eng.pdf

The document it replaces: B2-001 Suggested DSX Replacement Products  is no longer on the RCMP site, though it is still referenced in places, and available on other websites.

The second issue is that B2-002 it really is no longer a document which can be called a Standard as per the section it is in. It is still close to the original Replacement Product list. What's best? Keep it there with a bit of explanatory text, fix the one referecen, and delete the second? Thanks! Wigbold (talk) 17:48, 19 January 2010 (UTC)


 * I updated the page with the B2-002 document. It's the best we have.--agr (talk) 18:29, 19 January 2010 (UTC)

BCWipe
is that reference an ad? --187.40.174.93 (talk) 23:16, 3 June 2010 (UTC)

Encryption
I've removed the following text:
 * However, even this is unlikely and difficult to execute in a non-laboratory situation, as a cold boot attack requires immediate network access to the computer and is only possible within several minutes or even seconds of the system being depowered, depending on the kind of random access memory used. Even then there is still the possibility of the key itself being scrambled or otherwise protected, which may make even this method fail.

It's an unsourced statement, and as such, mere opinion. Worse, it's in the classic "nothing can possibly go wrong, the attacks are merely theoretical" mode, notorious in computer security for being proved wrong. Worse still, it flatly contradicts the study cited in the section on Data in RAM, that shows such attacks are neither difficult to execute nor require immediate network access. Ross Fraser (talk) 03:36, 28 December 2010 (UTC)
 * I agree, this makes very little sense. Cold boot attacks do require network or physical access to the machine, but that doesn't make it impossible to execute (the typical target is a corporate laptop stolen from a public place). This concept of "scrambling" the key is original research and I frankly can't imagine how it would work at all. It doesn't matter what mutations you apply to the key, the decryption algorithm is still using the resulting data to perform the decryption, such that the attacker could also perform the decryption using the same data - so this is at best a (novel) mitigation measure. The original paper also notes that by cooling the machine first the time within which key recovery is possible can be extended to weeks. Dcoetzee 01:32, 13 October 2011 (UTC)

7 Pass pattern
Article says "...the seven-pass pattern: 0xF6, 0x00, 0xFF, random, 0x00, 0xFF, random; sometimes erroneously attributed...". Shouldn't the first byte be 0xFF ? —Preceding unsigned comment added by 87.127.101.241 (talk) 15:38, 9 January 2011 (UTC)

No,there seems to be lots of references to 0xF6, eg., http://www.puredarwin.org/curious/armoring-puredarwin and http://hints.macworld.com/article.php?story=20031025092806502 and http://ubuntuforums.org/showthread.php?t=813666 and http://www.opensource.apple.com/source/srm/srm-6/srm/doc/srm.1 If it's an error, it's ubiquitous. Ross Fraser (talk) 22:56, 12 January 2011 (UTC)

About appropriateness and reconciliation
The term "data remanence" is based on a term used in E&M physics, "remanence". This is explained here: http://en.wikipedia.org/wiki/Remanence.

Data remanence refers to the most-recent states a bit had prior to its current state. (Note the similarity between the word "remain" and "remanence".)

It should not be confused with data that is not over-written by a delete operation, (Also referred to as "remove" or "erase"). These operations are limited to removing either part or all of a table entry, or a journal entry. The table lists what is on a disk. Removing the name of a file doesn't remove the file's content.

Kernel.package (talk) 02:16, 10 October 2011 (UTC)


 * This issue was broached at further up the page.  The term has some currency in this use as well.  Whether it's the best word or not, I dunno.  — DragonHawk (talk|hist) 01:35, 12 October 2011 (UTC)

Cold book attacks and memory testing
I removed this statement from the article:
 * It is also possible to prevent data remanence in RAM by running a memory testing tool, such as Memtest86, in order to overwrite the entire RAM.

As far as I can tell, this is based on a misunderstanding of how cold boot attacks work. At the time the attacker obtains the machine, the key data is still in memory because it is actively in use by the decryption algorithm, not because it is left over in unused portions of memory. They then reboot and immediately read the memory. The person defending has no opportunity to run anything between the reboot and the attack, since only BIOS code runs before the attacker's boot device begins execution. Even if the BIOS is configured to wipe the memory before boot, which would be the closest meaningful mitigation measure, they can circumvent this by moving the memory to another PC under the control of the attacker. Dcoetzee 01:18, 13 October 2011 (UTC)

Grammar slip
"Modern hard disks often feature reallocation of marginal sectors or tracks, automated in a way that the OS would not need to work with it. " What does "it" refer to? Sorry, if I knew I would have fixed it. David Lloyd-Jones (talk) 06:48, 28 February 2016 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 2 one external links on Data remanence. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20140327221151/http://www.asd.gov.au/publications/Information_Security_Manual_2014_Controls.pdf to http://www.asd.gov.au/publications/Information_Security_Manual_2014_Controls.pdf
 * Added archive https://web.archive.org/web/20110524003922/http://www.dss.mil/isp/odaa/documents/nispom2006-5220.pdf to http://www.dss.mil/isp/odaa/documents/nispom2006-5220.pdf#page=75

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at ).

Cheers.— InternetArchiveBot  (Report bug) 08:10, 7 December 2016 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified one external link on Data remanence. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20121022224013/http://www.af.mil/shared/media/epubs/AFI33-106.pdf to http://www.af.mil/shared/media/epubs/AFI33-106.pdf

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 14:12, 25 December 2017 (UTC)