December 23rd, 2006, 09:19 AM
Format Vs Pdwipe
I am trying to understand what is the core difference between operating system based HDD erasing tools like format and third part tools like Pdwipe/eraser or OSS -dban.
Please refer me the links which will help me in getting my understanding right.
December 23rd, 2006, 09:47 AM
There is one fundamental difference. The operating system tools are designed to prepare a hard drive for the installation or reinstallation of the operating system, and that alone.
They are not security tools and do not actually "erase" the data. It is still there, and can be subsequently recovered. This is exactly the same as when you "delete" something from the drive using the OS tools, and when you "empty" the recycle bin. All that happens is that space on the HDD is marked as available for reuse.
A third party security tool actually overwrites the HDD or a part of it with other data. The basic DoD requirement writes zeroes on the first pass, ones on the second, and random zeroes and ones on the third. This makes it impossible to use a simple software solution for data recovery.
This site has the theory explained:
Last edited by nihil; December 23rd, 2006 at 10:37 AM.
December 23rd, 2006, 10:49 AM
A nice reference chart for the DoD standard can be found here:
(Standard DoD 5220.22-M / NISPOM 8-306)
Oh and just for the record (because I know it will come up) there is no legendary NSA 7 pass standard. The NSA uses the DoD standard and has no separate recommendation. You can actually call the NSA and ask them about this and they will gladly tell you this.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
December 23rd, 2006, 11:07 AM
Nice link Hoss,
Whilst we are "mythbusting", there is a common misconception that Peter Gutmann's method involves overwriting 35 times. It doesn't.......................
Some tools will use 35 passes because they are based on the assumption that you do not know the encoding pattern used by the drive, and they aren't smart enough to detect it. I think that only 17 or so of them are actually effective in any given situation.