Secure disk erase

Page may contain affiliate links. Please see terms for details.
mr_cellophane

mr_cellophane

Legendary Member
Location
Essex
I used Norton to wipe a server disk at work once. After an hour it had only done a small amount. As I had a few servers to clear it was easier to swap drives about and rebuild. Unfortunately you can't do that on a laptop.
 
TheDoctor

TheDoctor

Noble and true, with a heart of steel
Moderator
Location
The TerrorVortex
Smokin Joe said:
I have heard data recovery experts claim that if you have the time and the expertise anything that has been written to a hard drive can be recovered, no matter how many times it was over-written. I don't know myself, but hard drives are cheap enough now to replace completely if you are at all unsure.
Click to expand...

Yes, theoretically, but before you set to work at reading it, you'd need to be certain there was stuff there that was valuable enough to warrant the effort, and it wouldn't be out of date when you eventually did read it. If the data was that sensitive you'd have encryption anyhow. Or at least you should. Most times, it would be easier to find the person who put the data on there and beat them up till they tell you what you want to know!

The easiest way to ensure a hard drive can't be read is to give it a good few smacks with a big hammer. Heads rammed into the disks and disks themselves in bits. Sort that lot out.
 
rh100

rh100

Well-Known Member
TheDoctor said:
Yes, theoretically, but before you set to work at reading it, you'd need to be certain there was stuff there that was valuable enough to warrant the effort, and it wouldn't be out of date when you eventually did read it. If the data was that sensitive you'd have encryption anyhow. Or at least you should. Most times, it would be easier to find the person who put the data on there and beat them up till they tell you what you want to know!

The easiest way to ensure a hard drive can't be read is to give it a good few smacks with a big hammer. Heads rammed into the disks and disks themselves in bits. Sort that lot out.
Click to expand...

I agree, best policy is destruction, sledghammer or take it apart and mangle it.

Software wise though, surely if the software physically writes 0's and 1's over every sector, then it replaces what was there before so nothing to recover? Whereas a normal delete will only mark the area as usable and not actually clear the data.

Another vote for DBAN here, it's open source freeware as well.
 
Vapin' Joe

Vapin' Joe

Formerly known as Smokin Joe
Location
Bare headed cyclist, Smoker
rh100 said:
I agree, best policy is destruction, sledghammer or take it apart and mangle it.

Software wise though, surely if the software physically writes 0's and 1's over every sector, then it replaces what was there before so nothing to recover?
.
Click to expand...
As I understand it (and I may well be wrong as I am only repeating what I have read) is that overwriting data on a disc is the same as physically overwriting a printed page. You may cover what is already there but if someone has the expertise to remove the top layer of print they can then get to what is underneath.

I stand to be corrected by anyone with real knowledge of this.
 
twowheelsgood

twowheelsgood

Senior Member
Location
Zurich Switzerland
I have heard data recovery experts claim that if you have the time and the expertise anything that has been written to a hard drive can be recovered, no matter how many times it was over-written. I don't know myself, but hard drives are cheap enough now to replace completely if you are at all unsure.

That just isn't possible. The laws of physics dictate the boundaries of information storage. The minimum granularity of the magnetic media is limited by thermal noise. If it were possible to recover say 35 generations of data written to a magnetic platter then why not market a disk drive of 35 times the capacity? It's not like writing over the same piece of paper as there is no deposition of new material which can contain the additional information.

The truth is that modern drives utilises perpendicular technologes to increase areal density and it's getting pretty close to some quite fundamental barriers imposed by the materials used.

Old techniques relied primarily on user ignorance (like only deleting file table entires) and in extremis the gap between what was technically possible in a lab and what could be commericial produced. Even this relied or luck (or more accurately statistics).

Realistically, even a single complete over-write of new drive is going to make recovery near impossible if the drive is relatively recent.

I still wouldn't be glib about it though but for those who exist in the same dimensions as the rest of us, the regular 3-pass overwrite from DBAN is going to have the CIA stratching their heads, let alone any potential home master criminal who is in the market for a second hand PC.

Some light bedtime reading:

http://www.sciencedirect.com/scienc...serid=10&md5=dc431ed2375fa859e93f0a6066e97e93
 
BlueDog

BlueDog

Veteran
Location
Somerset
As another option, CCleaner is recommended by our IT Department for general cleaning of the disc (cookies, temp files, recycle bin, etc) with options to overwrite files from 1 to 35 times. It can also wipe freespace and keep the Registry in check.
It's simple to use and is available as a free download available from http://www.filehippo.com (which coincidentally is also their most popular download)
 
twowheelsgood

twowheelsgood

Senior Member
Location
Zurich Switzerland
CCleaner is very good, but it's an example of why I emphasize a complete overrite of the disk is necessary.

The NTFS file system uses something called MFT as an index to the file sof the disk. This is not in a fixed position and is not a fixed size (unlike FAT). The MFT is also used to contain files that are very small as this is more efficient than indexing them onto another sector of the disk.

Recent versions of Ccleaner do attempt to clean the MFT but does not completely, hence some of those small files are not overwritten.

In order to ensure the disk is erased you must go outside an operating system and use something that writes to the disk directly, like DBAN and not through the the OS and it's filesystem API which requires certain things to be in place in order to work. The old method of doing this was to do a low-level format. This isn't really possible with current disks.

You can try it yourself. Run CCleaner and then run a deep scan with Recuva (made be the same people and free). You will see filenames, headers and some data of files you thought were gone.

It's not the physical disk that really represents a security problem - they can be effectively cleaned, it's the "holes" in the software used that are your main problem.

One alternative that is pretty secure is to run ccleaner on an NTFS partition and then reformat it to FAT32 and run ccleaner again.

Hope this helps.
 
You must log in or register to reply here.
Top Bottom