Hard Drive scrub

I've scrubed one of my hard drives using an application that does multiple wipes followed by a final writing of all zeros to every sector of the hard drive.

How can I verify that the hard drive has truely been scrubed before I send it offiste?

Thank you

---

On Fri, 17 Jun 2005 06:18:56 GMT, "---" <> wrote:

>I've scrubed one of my hard drives using an application that does multiple wipes followed by a final writing of all zeros to every sector of the hard drive.
>
>How can I verify that the hard drive has truely been scrubed before I send it offiste?
>
>Thank you


Have a look here

www.roadkil.net/

....for some disk sector tools etc...one of these will allow you to
examine the disk for data.

Regards,



--
Stephen Howard - Woodwind repairs & period restorations
www.shwoodwind.co.uk
Emails to: showard{whoisat}shwoodwind{dot}co{dot}uk

Stephen Howard

"---" <> wrote in news:kXtse.1721605$6l.1632425@pd7tw2no:

> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> I've scrubed one of my hard drives using an application that does
> multiple wipes followed by a final writing of all zeros to every
> sector of the hard drive.
>
> How can I verify that the hard drive has truely been scrubed before I
> send it offiste?
>
> Thank you

Use any of the file-recovery tools, especially the forensic ones, such as
Encase, etc.

This will confirm *software* unrecoverability - if someone is willing to
spend serious bucks, hardware recovery may still be possible.

Regards,

nemo_outis

"nemo_outis" <> wrote in message
news:Xns96784A18143F3abcxyzcom@127.0.0.1...
> "---" <> wrote in news:kXtse.1721605$6l.1632425@pd7tw2no:
>
>> Content-Type: text/plain; charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>>
>> I've scrubed one of my hard drives using an application that does
>> multiple wipes followed by a final writing of all zeros to every
>> sector of the hard drive.
>>
>> How can I verify that the hard drive has truely been scrubed before I
>> send it offiste?
>>
>> Thank you
>
> Use any of the file-recovery tools, especially the forensic ones, such as
> Encase, etc.
>
> This will confirm *software* unrecoverability - if someone is willing to
> spend serious bucks, hardware recovery may still be possible.
>
> Regards,
>

Not true.
After a 3 times overwrite virtually nothing is recoverable by any
professional
After a 30 times over write nothing is recoverable.

If someone has the capability to recover anything of use after 7 times over
write I want to speak to them. I will refer DR jobs to them!

Re the OP and his ?. Winhex or similar and examine some random sectors for
text or data.

someone2

"someone2" <> wrote in
news:mjDse.50345$iU.44518@lakeread05:

>
> "nemo_outis" <> wrote in message
> news:Xns96784A18143F3abcxyzcom@127.0.0.1...
>> "---" <> wrote in news:kXtse.1721605$6l.1632425@pd7tw2no:
>>
>>> Content-Type: text/plain; charset="iso-8859-1"
>>> Content-Transfer-Encoding: quoted-printable
>>>
>>> I've scrubed one of my hard drives using an application that does
>>> multiple wipes followed by a final writing of all zeros to every
>>> sector of the hard drive.
>>>
>>> How can I verify that the hard drive has truely been scrubed before
>>> I send it offiste?
>>>
>>> Thank you
>>
>> Use any of the file-recovery tools, especially the forensic ones,
>> such as Encase, etc.
>>
>> This will confirm *software* unrecoverability - if someone is willing
>> to spend serious bucks, hardware recovery may still be possible.
>>
>> Regards,
>>
>
> Not true.
> After a 3 times overwrite virtually nothing is recoverable by any
> professional
> After a 30 times over write nothing is recoverable.
>
> If someone has the capability to recover anything of use after 7 times
> over write I want to speak to them. I will refer DR jobs to them!
>
> Re the OP and his ?. Winhex or similar and examine some random
> sectors for text or data.


The limits of the possible in data recovery are NOT set by the commercial
recovery houses.

The US DoD recommends *destruction* of any HD that is to pass outside the
agency, EVEN for those used just for general office work, let alone those
those that once contained classified data (see, for instance, DoD
Directive 8500.1, October 2002. The ancient DoD 5220.22-M with its
overwrite specs was rescinded as obsolete long ago!).

Even degaussing is viewed askance (since only the top-end units can
handle modern high-coercivity drives, and, even then, reliability - 80+
dB suppression - is spotty). Software methods, such as overwriting, just
don't cut it against a serious adversary (even ignoring, for the moment,
that things such as HD buffers - some bigger than 8 megs - may result in
7 overwrites really only resulting in one!).

Yes, a disk that has been overwritten many times times will not be
recoverable by an ordinary recovery shop, but they do not use methods
such as second-harmonic magnetoresistive microscopy and newer variants
(since they would never be economically viable See, for instance,
http://www.boulder.nist.gov). Ordinary users need not worry about such
recovery methods, but they are well within the capabilities of TLAs and
some other labs (which is why I used "may" in my post).

If a HD contains, or has ever contained, sensitive data it should be
destroyed, not erased, when one is finished with it. Since new drives
cost less than $1/gig these days, anything else is madness.

Regards,

nemo_outis

On 17 Jun 2005 17:51:45 GMT, "nemo_outis" <> wrote:

>If a HD contains, or has ever contained, sensitive data it should be
>destroyed, not erased, when one is finished with it. Since new drives
>cost less than $1/gig these days, anything else is madness.

For sensitive data maybe, but otherwise its a pity to trash something
useful, and <4gb disks that work are getting a rarity and are needed
for older machines that won't recognise the current crop.
--
Jim Watt
http://www.gibnet.com

Jim Watt

"nemo_outis" <> writes:

>"someone2" <> wrote in
>news:mjDse.50345$iU.44518@lakeread05:

>>
>> "nemo_outis" <> wrote in message
>> news:Xns96784A18143F3abcxyzcom@127.0.0.1...
>>> "---" <> wrote in news:kXtse.1721605$6l.1632425@pd7tw2no:
>>>
>>>> Content-Type: text/plain; charset="iso-8859-1"
>>>> Content-Transfer-Encoding: quoted-printable
>>>>
>>>> I've scrubed one of my hard drives using an application that does
>>>> multiple wipes followed by a final writing of all zeros to every
>>>> sector of the hard drive.
>>>>
>>>> How can I verify that the hard drive has truely been scrubed before
>>>> I send it offiste?
>>>>
>>>> Thank you
>>>
>>> Use any of the file-recovery tools, especially the forensic ones,
>>> such as Encase, etc.
>>>
>>> This will confirm *software* unrecoverability - if someone is willing
>>> to spend serious bucks, hardware recovery may still be possible.
>>>
>>> Regards,
>>>
>>
>> Not true.
>> After a 3 times overwrite virtually nothing is recoverable by any
>> professional
>> After a 30 times over write nothing is recoverable.

Not true. The tracks on the disk can shift by small amounts.Thus the
rewrite can cover a track that is shifted from the original (eg temp
changes, electronics changes in the head positioning etc). Those small side
tracks can still have useful info on them. It hard to read, and cannot be
done with the usual disk hardware, but with special read heads or STMs
information may well be recoverable.

>>
>> If someone has the capability to recover anything of use after 7 times
>> over write I want to speak to them. I will refer DR jobs to them!
>>
>> Re the OP and his ?. Winhex or similar and examine some random
>> sectors for text or data.


>The limits of the possible in data recovery are NOT set by the commercial
>recovery houses.

>The US DoD recommends *destruction* of any HD that is to pass outside the
>agency, EVEN for those used just for general office work, let alone those
>those that once contained classified data (see, for instance, DoD
>Directive 8500.1, October 2002. The ancient DoD 5220.22-M with its
>overwrite specs was rescinded as obsolete long ago!).

>Even degaussing is viewed askance (since only the top-end units can
>handle modern high-coercivity drives, and, even then, reliability - 80+
>dB suppression - is spotty). Software methods, such as overwriting, just
>don't cut it against a serious adversary (even ignoring, for the moment,
>that things such as HD buffers - some bigger than 8 megs - may result in
>7 overwrites really only resulting in one!).

>Yes, a disk that has been overwritten many times times will not be
>recoverable by an ordinary recovery shop, but they do not use methods
>such as second-harmonic magnetoresistive microscopy and newer variants
>(since they would never be economically viable See, for instance,
>http://www.boulder.nist.gov). Ordinary users need not worry about such
>recovery methods, but they are well within the capabilities of TLAs and
>some other labs (which is why I used "may" in my post).

>If a HD contains, or has ever contained, sensitive data it should be
>destroyed, not erased, when one is finished with it. Since new drives
>cost less than $1/gig these days, anything else is madness.

Agree completely.
And when you destroy it, make sure that you heat the platters to a high
temp.


>Regards,

Unruh

Jim Watt <_way> writes:

>On 17 Jun 2005 17:51:45 GMT, "nemo_outis" <> wrote:

>>If a HD contains, or has ever contained, sensitive data it should be
>>destroyed, not erased, when one is finished with it. Since new drives
>>cost less than $1/gig these days, anything else is madness.

>For sensitive data maybe, but otherwise its a pity to trash something
>useful, and <4gb disks that work are getting a rarity and are needed
>for older machines that won't recognise the current crop.

The OP wanted to remove data. He has to decide how sensitive the data is.
If the data would be worth $10M if it fell into the wrong hands then
recycling the disk for the $100 savings is lunacy. If the data is worth
$50, then by all means recycle the disk.

Unruh

Jim Watt <_way> wrote in
news::

> On 17 Jun 2005 17:51:45 GMT, "nemo_outis" <> wrote:
>
>>If a HD contains, or has ever contained, sensitive data it should be
>>destroyed, not erased, when one is finished with it. Since new drives
>>cost less than $1/gig these days, anything else is madness.
>
> For sensitive data maybe, but otherwise its a pity to trash something
> useful, and <4gb disks that work are getting a rarity and are needed
> for older machines that won't recognise the current crop.
> --
> Jim Watt
> http://www.gibnet.com


I agree that it's up to the owner to do a risk/threat assessment and decide
how sensitive the data was and if software overwriting is sufficient.
Maybe for some the answer will be "it's OK." For most, however, the answer
will be that its a needless risk for very little benefit - to them or to
others.

A 4-gig drive's replacement value is less than $4 and it seems to me that
taking any risk for that sort of money is silly. One recovered bad sector
(possibly, say, passed over in the overwriting) might mean a serious data
leak, a massive lawsuit, or a major PR hit for a firm. Seems foolhardy and
penny-wise, pound-foolish to me.

Moreover, any motherboard that won't recognize anything except a 4-gig
drive should be of interest only to the Smithsonian. Junk both it and the
drive!

We're talking nickle and dime stuff here. Just the time to erase the disk
and verify its cleanliness is worth much more than the disk (unless you
value your time under $1/hour Destroy the drive and give $50 to
charity: a bigger benefit than 10 such used disks, no risk, no endless
jacking around, and a nice warm fuzzy feeling..

Regards,

nemo_outis

On 18 Jun 2005 02:38:37 GMT, "nemo_outis" <> wrote:

>A 4-gig drive's replacement value is less than $4 and it seems to me that
>taking any risk for that sort of money is silly. One recovered bad sector
>(possibly, say, passed over in the overwriting) might mean a serious data
>leak, a massive lawsuit, or a major PR hit for a firm. Seems foolhardy and
>penny-wise, pound-foolish to me.
>
>Moreover, any motherboard that won't recognize anything except a 4-gig
>drive should be of interest only to the Smithsonian. Junk both it and the
>drive!
>
>We're talking nickle and dime stuff here. Just the time to erase the disk
>and verify its cleanliness is worth much more than the disk (unless you
>value your time under $1/hour Destroy the drive and give $50 to
>charity: a bigger benefit than 10 such used disks, no risk, no endless
>jacking around, and a nice warm fuzzy feeling..

Yes and no.

I recently spent lots of hours fixing a machine that would only work
with a <4gb drive. The problem was finding one that worked because
several found in our junk collection are there because they have been
replaced for being dodgy. They are now safely binned.

The clients machine has lots of ISA slots with special cards to drive
external hardware and the software only runs on win/98. A new
machine is not the solution.

I jsut hope that the drive on my Northstar Horizon holds out because
MFM drives are hard to find ...
--
Jim Watt
http://www.gibnet.com

Jim Watt