STE WILLIAMS

Self-erasing flash drives destroy court evidence

The inner workings of solid state storage devices are so fundamentally different from traditional hard drives that forensic investigators can no longer rely on current preservation techniques when admitting evidence stored on them in court cases, Australian scientists said in a research paper.

Data stored on Flash drives is often subject to a process the scientists called “self-corrosion,” in which evidence is permanently erased or contaminated in ways that bits stored on magnetic-based hard drives are not. The alterations happen in the absence of any instructions from the user. The findings introduce a “grey area” into the integrity of files that are forensically extracted from the devices and threaten to end a “golden age” of digital evidence gathering offered by older storage types. (more…)

Flash drives dangerously hard to purge of sensitive data

In research that has important findings for banks, businesses and security buffs everywhere, scientists have found that computer files stored on solid state drives are sometimes impossible to delete using traditional disk-erasure techniques.

Even when the next-generation storage devices show that files have been deleted, as much as 75 percent of the data contained in them may still reside on the flash-based drives, according to the research, which is being presented this week at the Usenix FAST 11 conference in California. In some cases, the SSDs, or sold-state drives, incorrectly indicate the files have been “securely erased” even though duplicate files remain in secondary locations. (more…)

Gov will spend £400k to destroy ID card data

Taxpayers will finally see some value for money out of the former goverment’s ID card scheme.

The cost of destroying the personal data collected under the ill-starred programme will be a mere £400,000, Home Office minister Damian Green revealed yesterday.

The figure came in a commons reply to Paul Goggins MP, who’d asked what security standards would be applied in the destruction of the National Identity Register, what the arrangements were for the data destruction, and what the cost would be.

Green replied that the standards applied had been set out in a document placed in the House of Lords Library last November.

The destruction will be carried out by a a CESG accredited and approved supplier, securely and in accordance with established secure destruction policy, procedures and guidelines, Green said. These include compliance with the HMS IA Standard No. 5-Secure Sanitisation of Protectively Marked Sensitive Information. Physical equipment holding the data will be degaussed and physically shredded.

While scrapping the system will save £86m over the next four years, said Green, costs from asset write-offs and the like will be £5m in 2010-2011.

The actual dismantling of the systems and the destruction of the personal data will be a mere £400,000, though. Which seems like a bargain compared to the £330m Labour spent on the scheme, of which £41m went on “developing the policy, legislation and business case for the introduction of identity cards”.

A cheaper option of course might have been to simply shove the data in the Lords Library. As Green himself demonstrated to Goggins, no one thinks of looking for anything in there