Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Drive Wiping

  1. #1
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187

    Drive Wiping

    http://www.securityfocus.com/brief/888

    A computer forensics specialist has a message for security-minded computer users: A single wipe will make drives impossible to read.

    ~~

    "Although there is a good chance of recovery for any individual bit from a drive, the chances of recovery of any amount of data from a drive using an electron microscope are negligible," Wright stated. "The fallacy that data can be forensically recovered using an electron microscope or related means needs to be put to rest."
    Found this article linked on Slashdot ... What do you guys think? Are multiple wipes/rewrites a waste of time?
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    If you overwrite once, you will not be able to recover data using "normal" hardware/software techniques.

    After all, if you could, how would normal software work if it is being confused by these "ghost" images?

    Get yourself a nice $250,000 spin up table, some other fancy hardware and software and a >$75,000 a year technician and you have a whole new ballgame.

    You have a better chance of recovery if you know what overwriting sequence was used, but there rapidly comes a point where the "ghost" is so faint that it is not decipherable. Also consider that what you are interested in might be overlaid on top of other valid data so which "layer" do you really want? And these "layers" could be at different levels depending on how many times that part of the drive has been used.

    The concepts of magnetic remnance and track overlay are valid, but please remember that Guttman was writing in 1996. Hard drives are quite different these days

    It is not a "fallacy" as such, but I will say that the evidence seems to be based on very carefully stage managed laboratory scenarios rather than the real World.

    "The fallacy that data can be forensically recovered using an electron microscope or related means needs to be put to rest."
    Until Wright can show me that he has the combined resources of the NSA, FBI and CIA; I will just mark his card "dork". We just don't know (us mere mortals that is )

    One thing that I can tell you from my experience in the defence industry is that if you overwrite 7 times it has gone. And if it were more classified than that it would have been physically destroyed
    Last edited by nihil; January 20th, 2009 at 09:09 AM.

  3. #3
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    For businesses in the US, if you use Secure Erase to wipe your drives, you are covered re: liability associated with regulatory compliance e.g. HIPAA, SOX, GLB. I Boot & Nuke.

    If you are really paranoid, physically destroy the drive.
    In God We Trust....Everything else we backup.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    I would mention that I am not aware of any commercial data recovery service that offers to recover data that has been overwritten even once. Anyone know of one?

    Also, the experiments that i have read about were on a new drive with a single overwrite. The concept was certainly proven, but whether it would be practical in the real World is another matter.

    I am not aware of any civilian commercial solutions.

  5. #5
    Agony Aunty-Online Moira's Avatar
    Join Date
    Jun 2003
    Posts
    1,063
    You're totally right nihil ..... even software that recovers data not knowingly overwritten doesn't always recover 100% of deleted data.

    I know because recently I deleted photos from my camera and had to run some undelete software. Most of the photos were fine, but one was recovered only half properly. I wouldn't begin to know where to look for data that had been overwritten ... and it's important to remember the distinction between overwritten and having had the chance to be overwritten by the camera or PC being subsequently used. I was lucky that my photos hadn't had the marked "free space" used by more photos (in that I hadn't taken more) but if I knew they'd been overwritten, then I'd have had it.

    Just on the business of drive wiping, I remembered this being discussed on an old thread (indeed, I still have your wonderful copy of DBAN Nihil!), where I was told by someone I know to be very knowledgeable that a clean install of Vista would be a completely secure wipe:

    It overwrites all data with 0s. That's it. The data is gone for all intents and purposes. The drive certainly can't read it again...
    it's technically possible that the old data still "shines through" - as in where there used to be a 1, there's now a 0.0001, and where there used to be a 0, there's now a 0.
    However unless you happen to have lost the meaning of life, or the location of Osama Bin Laden on that drive, you're unlikely to get half the scientists in the world working on recovering it.
    It was nihil who said:

    this is called "magnetic remnance", the other concept is "track overlay", which is where the heads don't write to exactly the same spot each time, so there are traces of previous data at the edges.
    77 111 105 114 97

    My PGP signature

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Here is Peter Gutmann's original article to which he has added a postscript regarding this paper.

    http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

  7. #7
    0_o Mastermind keezel's Avatar
    Join Date
    Jun 2003
    Posts
    1,024
    It overwrites all data with 0s
    Secure drive wipe utilities use a "pseudo-random" sequence of 0's and 1's, which makes it significantly more difficult to recover the overwritten data.

    *edit*
    I thought I should define "pseudo-random". Check out the article below.

    http://en.wikipedia.org/wiki/PRNG
    Last edited by keezel; January 24th, 2009 at 10:50 PM.

  8. #8
    Agony Aunty-Online Moira's Avatar
    Join Date
    Jun 2003
    Posts
    1,063
    Yeah ... you need special computer programs like Yarrow to truly randomise a sample, or produce scientifically accepted random data.
    77 111 105 114 97

    My PGP signature

  9. #9
    Disgruntled Postal Worker fourdc's Avatar
    Join Date
    Jul 2002
    Location
    Vermont, USA
    Posts
    797
    Take the drive to the range, put a few rounds of 9MM and it will be unrecoverable!
    ddddc

    "Somehow saying I told you so just doesn't cover it" Will Smith in I, Robot

  10. #10
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    Way too violent...but what do you expect from a disgruntled postal worker

    I prefer the "better living through chemistry" approach. Drop them in a bucket of acid (no, not that acid you old fart... muriatic acid)

    csr
    In God We Trust....Everything else we backup.

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 02:51 PM
  2. wiping hard drive
    By slinky2004 in forum Newbie Security Questions
    Replies: 17
    Last Post: February 24th, 2005, 06:04 PM
  3. Computer Upgrade & Replacment of parts
    By Raion in forum Other Tutorials Forum
    Replies: 3
    Last Post: May 10th, 2004, 03:20 AM
  4. CD-ROM problem, have some ideas but need advice...
    By mrleachy in forum AntiOnline's General Chit Chat
    Replies: 6
    Last Post: March 4th, 2003, 10:18 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •