Posted on 03/11/2009 1:29:17 PM PDT by LibWhacker
The myth that to delete data really securely from a hard disk you have to overwrite it many times, using different patterns, has persisted for decades, despite the fact that even firms specialising in data recovery, openly admit that if a hard disk is overwritten with zeros just once, all of its data is irretrievably lost.
Craig Wright, a forensics expert, claims to have put this legend finally to rest. He and his colleagues ran a scientific study to take a close look at hard disks of various makes and different ages, overwriting their data under controlled conditions and then examining the magnetic surfaces with a magnetic-force microscope. They presented their paper at ICISS 2008 and it has been published by Springer AG in its Lecture Notes in Computer Science series (Craig Wright, Dave Kleiman, Shyaam Sundhar R. S.: Overwriting Hard Drive Data: The Great Wiping Controversy).
They concluded that, after a single overwrite of the data on a drive, whether it be an old 1-gigabyte disk or a current model (at the time of the study), the likelihood of still being able to reconstruct anything is practically zero. Well, OK, not quite: a single bit whose precise location is known can in fact be correctly reconstructed with 56 per cent probability (in one of the quoted examples). To recover a byte, however, correct head positioning would have to be precisely repeated eight times, and the probability of that is only 0.97 per cent. Recovering anything beyond a single byte is even less likely.
Nevertheless, that doesn't stop the vendors of data-wiping programs offering software that overwrites data up to 35 times, based on decades-old security standards that were developed for diskettes. Although this may give a data wiper the psychological satisfaction of having done a thorough job, it's a pure waste of time.
Something much more important, from a security point of view, is actually to overwrite all copies of the data that are to be deleted. If a sensitive document has been edited on a PC, overwriting the file is far from sufficient because, during editing, the data have been saved countless times to temporary files, back-ups, shadow copies, swap files ... and who knows where else? Really, to ensure that nothing more can be recovered from a hard disk, it has to be overwritten completely, sector by sector. Although this takes time, it costs nothing: the dd command in any Linux distribution will do the job perfectly.
Very Interesting.
However, data recovery is 100% impossible on a hard disk shattered by a 5.56 round then burned... :)
I take the default in DBAN, it is good enough for me.
Flipping between 1 and Zer0 a few times couldn’t hurt. The computer can do the work while you sleep. Where’s the problem here?
Or, you can be less dramatic and use scissors.
A lot depends on what equipment you have to read the data with. I double wipe all my customer drives, random patterns, every bit, every sector, every track, every cylinder.
No exceptions.
If the drive is broke, I really break it ... into pieces, then make sure to bend the platters completely.
I used to design and manufacture hard disk drives. You might be surprised what can be recovered. I take the side of the software manufacturers, I think they are doing it safe.
My understanding is that spin rotation of magnetic molecules can be derived from as many as eight past magnetic impulses. This is only true for the most extremely expensive recovery techniques, though.
Odds are, those are never used with you or me.
HA!
One Gig ain't old.
You want old? I remember when a 10Meg hard drive was the Cat's Ass.
Personally, I’m a little suspicious that this comes out just as Leon Panetta is taking over at the CIA!
Full height 5MB for me. Seems weird even typing that since I have a 1TB drive that cost about $100.
It's comforting to know I did the right thing. I guess.
Backup! (Talking to self, here.)
more interesting as I understand it using a wand or handheld device may not introduce enough current to fool a forensic reader. Enough Magnetism may be present to read it. You need to wipe with the same or more current to eliminate the data.
It's worth noting that the only 'approved' decommissioning technique for hard drives which contained classified data remains physically melting the drive. That's good enough for me. :)
BUT!!!
Okay, so you are working on a very secret document in MS Word. you then close the document, copy it to a jump drive and securely delete the original. Done! Right?
No, because MS Office (among others) will write (seemingly hidden “temp” files to disk that can esaily be recovered in plain form to be read by the offending app. There are any number of free appliations that can find and ressurect such files.
Wiping a file is not nearly enough, one must wipe the drive.
Correction: Wipe the free space of the drive
I think the author is correct, however like all superstitions and myth’s, it’ll die hard, and people will keep spending money. I shred drives when I’m done with them, which is, I guess, best practice, and more practical than any other method considering the fact that I dispose of 10-20 a week sometimes, all with critical info on them.
Geeze, you guys must be babies... our first home computer didn't even have a hard drive.. everything was on 5.25 inch floppies. :-)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.