Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Secure deletion: a single overwrite will do it
H Online ^ | 1/17/09

Posted on 03/11/2009 1:29:17 PM PDT by LibWhacker

The myth that to delete data really securely from a hard disk you have to overwrite it many times, using different patterns, has persisted for decades, despite the fact that even firms specialising in data recovery, openly admit that if a hard disk is overwritten with zeros just once, all of its data is irretrievably lost.

Craig Wright, a forensics expert, claims to have put this legend finally to rest. He and his colleagues ran a scientific study to take a close look at hard disks of various makes and different ages, overwriting their data under controlled conditions and then examining the magnetic surfaces with a magnetic-force microscope. They presented their paper at ICISS 2008 and it has been published by Springer AG in its Lecture Notes in Computer Science series (Craig Wright, Dave Kleiman, Shyaam Sundhar R. S.: Overwriting Hard Drive Data: The Great Wiping Controversy).

They concluded that, after a single overwrite of the data on a drive, whether it be an old 1-gigabyte disk or a current model (at the time of the study), the likelihood of still being able to reconstruct anything is practically zero. Well, OK, not quite: a single bit whose precise location is known can in fact be correctly reconstructed with 56 per cent probability (in one of the quoted examples). To recover a byte, however, correct head positioning would have to be precisely repeated eight times, and the probability of that is only 0.97 per cent. Recovering anything beyond a single byte is even less likely.

Nevertheless, that doesn't stop the vendors of data-wiping programs offering software that overwrites data up to 35 times, based on decades-old security standards that were developed for diskettes. Although this may give a data wiper the psychological satisfaction of having done a thorough job, it's a pure waste of time.

Something much more important, from a security point of view, is actually to overwrite all copies of the data that are to be deleted. If a sensitive document has been edited on a PC, overwriting the file is far from sufficient because, during editing, the data have been saved countless times to temporary files, back-ups, shadow copies, swap files ... and who knows where else? Really, to ensure that nothing more can be recovered from a hard disk, it has to be overwritten completely, sector by sector. Although this takes time, it costs nothing: the dd command in any Linux distribution will do the job perfectly.


TOPICS: Computers/Internet
KEYWORDS: deletion; files; overwrite; secure
Navigation: use the links below to view more comments.
first 1-2021-4041-44 next last

1 posted on 03/11/2009 1:29:18 PM PDT by LibWhacker
[ Post Reply | Private Reply | View Replies]

To: LibWhacker

Very Interesting.


2 posted on 03/11/2009 1:32:28 PM PDT by 2 Kool 2 Be 4-Gotten
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker

However, data recovery is 100% impossible on a hard disk shattered by a 5.56 round then burned... :)


3 posted on 03/11/2009 1:34:56 PM PDT by Andonius_99 (There are two sides to every issue. One is right, the other is wrong; but the middle is always evil.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker

I take the default in DBAN, it is good enough for me.


4 posted on 03/11/2009 1:34:57 PM PDT by proxy_user
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker

Flipping between 1 and Zer0 a few times couldn’t hurt. The computer can do the work while you sleep. Where’s the problem here?


5 posted on 03/11/2009 1:35:15 PM PDT by Paladin2 (No, pundits strongly believe that the proper solution is more dilution.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Andonius_99

Or, you can be less dramatic and use scissors.


6 posted on 03/11/2009 1:37:20 PM PDT by MeanWestTexan (Beware Obama's Reichstag Fire.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: LibWhacker

A lot depends on what equipment you have to read the data with. I double wipe all my customer drives, random patterns, every bit, every sector, every track, every cylinder.

No exceptions.

If the drive is broke, I really break it ... into pieces, then make sure to bend the platters completely.

I used to design and manufacture hard disk drives. You might be surprised what can be recovered. I take the side of the software manufacturers, I think they are doing it safe.


7 posted on 03/11/2009 1:38:20 PM PDT by Tarpon (It's a common fact, one can't be liberal and rational at the same time.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker

My understanding is that spin rotation of magnetic molecules can be derived from as many as eight past magnetic impulses. This is only true for the most extremely expensive recovery techniques, though.

Odds are, those are never used with you or me.


8 posted on 03/11/2009 1:38:46 PM PDT by ConservativeMind (Who is now in charge of the "Office of the President-Elect"?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker
....whether it be an old 1-gigabyte disk....

HA!

One Gig ain't old.

You want old? I remember when a 10Meg hard drive was the Cat's Ass.

9 posted on 03/11/2009 1:45:25 PM PDT by Bloody Sam Roberts (Despite all my rage, I am still just a rat in a cage...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Paladin2

Personally, I’m a little suspicious that this comes out just as Leon Panetta is taking over at the CIA!


10 posted on 03/11/2009 1:46:07 PM PDT by LibWhacker
[ Post Reply | Private Reply | To 5 | View Replies]

To: Bloody Sam Roberts

Full height 5MB for me. Seems weird even typing that since I have a 1TB drive that cost about $100.


11 posted on 03/11/2009 1:54:39 PM PDT by uncommonsense
[ Post Reply | Private Reply | To 9 | View Replies]

To: Bloody Sam Roberts
You want old? I remember when a 10Meg hard drive was the Cat's Ass.

Heh heh... me too... I thought I was the king of BBS SysOps when I had my 10Meg InCider drive connected to my Apple IIe running Ascii Express and CatFur for my AppleCat modem! Warez D00d!
12 posted on 03/11/2009 1:55:21 PM PDT by adaven
[ Post Reply | Private Reply | To 9 | View Replies]

To: LibWhacker
Well, I've done my share of stupid deletions through the years (without a current backup) -- but never had time to wait on some company who may or may not recover the data for a hefty price. So it was stay up all night for a few days and re-enter a month of more worth of (home-based business) transactions.

It's comforting to know I did the right thing. I guess.

Backup! (Talking to self, here.)

13 posted on 03/11/2009 2:01:01 PM PDT by browardchad
[ Post Reply | Private Reply | To 1 | View Replies]

To: Tarpon
http://www.youtube.com/watch?v=yd_O7-rqcHc
14 posted on 03/11/2009 2:05:09 PM PDT by LibWhacker
[ Post Reply | Private Reply | To 7 | View Replies]

To: LibWhacker

more interesting as I understand it using a wand or handheld device may not introduce enough current to fool a forensic reader. Enough Magnetism may be present to read it. You need to wipe with the same or more current to eliminate the data.


15 posted on 03/11/2009 2:12:22 PM PDT by ImJustAnotherOkie
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker
The real point is that at $100/TB (and falling). Disks are so cheap there's no reason to do anything other than physically destroy an old disk. Why worry about where the data is or how many copies reside on the disk?

It's worth noting that the only 'approved' decommissioning technique for hard drives which contained classified data remains physically melting the drive. That's good enough for me. :)

16 posted on 03/11/2009 2:15:05 PM PDT by AustinBill (consequence is what makes our choices real)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibWhacker

BUT!!!

Okay, so you are working on a very secret document in MS Word. you then close the document, copy it to a jump drive and securely delete the original. Done! Right?

No, because MS Office (among others) will write (seemingly hidden “temp” files to disk that can esaily be recovered in plain form to be read by the offending app. There are any number of free appliations that can find and ressurect such files.

Wiping a file is not nearly enough, one must wipe the drive.


17 posted on 03/11/2009 2:17:38 PM PDT by BornToBeAmerican (Freedom is not free)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BornToBeAmerican

Correction: Wipe the free space of the drive


18 posted on 03/11/2009 2:18:40 PM PDT by BornToBeAmerican (Freedom is not free)
[ Post Reply | Private Reply | To 17 | View Replies]

To: LibWhacker

I think the author is correct, however like all superstitions and myth’s, it’ll die hard, and people will keep spending money. I shred drives when I’m done with them, which is, I guess, best practice, and more practical than any other method considering the fact that I dispose of 10-20 a week sometimes, all with critical info on them.


19 posted on 03/11/2009 2:19:57 PM PDT by SoDak (Molon Labe)
[ Post Reply | Private Reply | To 1 | View Replies]

To: adaven
You want old? I remember when a 10Meg hard drive was the Cat's Ass.

Geeze, you guys must be babies... our first home computer didn't even have a hard drive.. everything was on 5.25 inch floppies. :-)

20 posted on 03/11/2009 2:30:27 PM PDT by Aunt Polgara
[ Post Reply | Private Reply | To 12 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-44 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson