DoD wiping standards --> DoD 5200.28-STD


Prickaerts

Administrator
Jan 2, 2006
765
0
#1
Hi group,

Perhaps someone can help me out with this one.
Most documents pertaining wiping refer to DoD 5200.28-STD explaining the three pass requirement.

I have researched the Internet in search for this document and the text that holds this passage. I can find several versions of DoD 5200.28-STD, but none that contains any mention of the three pass requirement (or anything about sanitizing disks in general).

I do find DOD5220.22-M, which DOES say something about this requirement, IF you have the matrix that is.

Any thoughts?
 
Dec 24, 2005
93
0
#2
It's everywhere, what are you using to search Archie? Haha good joke no?

Go to google and type |
Department of defense dod 5200.28-STD

That document is dated 1985 when hard drives were very slow (of course files were small) no one uses that anymore. I'm guessing this is for research. Nowadays the military drills holes in the hard drive and melts them down. Now that's safe data deletion.
 

Prickaerts

Administrator
Jan 2, 2006
765
0
#3
Hi Androcrates,

My question was not WHERE I can find 5200.28-STD.

Most reference to the three-pass wipe go to 5200.28-STD. My question is WHERE does it say in the document that drives need to be sanitized by passing it with zero's, it's complement and then random data.

When you research it, as I have, DoD 5220.22-M seems to be the standard to refer to. But perhaps someone could correct me.

Thanks for the Google tip buddy ;)
 
Dec 24, 2005
93
0
#4
Well no tip since you seem to be way ahead of me. Perhaps you could search Peter Gutmann instead. I think that will turn up more references. As you noted the manual is DoD 5200.28-M but military manuals tend to be very, very thick. Perhaps you only found pieces. Maybe wade through the Library of congress?
 
Sep 9, 2007
9
0
#5
ambiguous intentional

<t>Neither the 5200.28-STD nor the 5220.22-M mention anything about wiping, overwrite, degaussing, etc. They do mention and describe only physical destruction as the only preferred method. These DOD manuals are for the sole purpose of describing the requirements to manage Audit controls and proper marking and identification of materials (i.e. Hard Drives). <br/>
This is done intentionally as the DOD, NSA and DSS (and NIST) leave it up to each agency to make thier own decisions on the proper methods of end of life of data and the hard drives they're contained on.</t>
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu