Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Wiping data from drive question

Reply
Thread Tools

Wiping data from drive question

 
 
Doofus McFly
Guest
Posts: n/a
 
      06-14-2006
A co-worker made a statement that data is recoverable from a hard drive even
after you write zeros to all sectors of the hard drive. I was always under
the impression that once you wrote zeros to all sectors that any data that
was there is impossible to recover. Does anyone have any thoughts on this?
Thanks!




 
Reply With Quote
 
 
 
 
imhotep
Guest
Posts: n/a
 
      06-14-2006
There are techniques where you can retrieve some data because if a place on
the disk had a "1" for a long period of time, theoretically, then changed
to a "0" (you wiped the disk) there would be a "shadow" of a "1" left. You
have to write a combo of zeros and ones many, many times say 10,000
times....

Imhotep

Doofus McFly wrote:

> A co-worker made a statement that data is recoverable from a hard drive
> even after you write zeros to all sectors of the hard drive. I was always
> under the impression that once you wrote zeros to all sectors that any
> data that was there is impossible to recover. Does anyone have any
> thoughts on this? Thanks!


--
*************************************
Pass a Net Neutrality Law in the US!!!!

Save the Internet:
http://www.savetheinternet.com/

Its our net:
http://www.itsournet.org/

*************************************
 
Reply With Quote
 
 
 
 
kony
Guest
Posts: n/a
 
      06-14-2006
On Tue, 13 Jun 2006 18:30:08 -0700, "Doofus McFly"
<(E-Mail Removed)> wrote:

>A co-worker made a statement that data is recoverable from a hard drive even
>after you write zeros to all sectors of the hard drive. I was always under
>the impression that once you wrote zeros to all sectors that any data that
>was there is impossible to recover. Does anyone have any thoughts on this?
>Thanks!



Merely overwriting it once with the same digit will allow a
professional with specialized equipment to recover "some" if
not all of the data, at great cost (computer repair shop or
the like could not do it).

Random overwriting with a couple of passes makes it MUCH
more difficult, practically impossible. The prior poster is
incorrect about 10,000 passes, a couple of random passes is
sufficient but prudence with sensitive data would suggest at
least 3 or 4 passes.
 
Reply With Quote
 
Steven L Umbach
Guest
Posts: n/a
 
      06-14-2006
Not impossible but very unlikely without access to the proper equipment and
having the necessary skills. It may take a little longer but it is a good
idea to erase to DOD standards or better which most erase programs will
allow you to do. With XP Pro or Windows 2003 you can use cipher /w to do a
decent quick job of overwriting data. A sledge hammer and bucket of
sulphuric acid is probably the most secure solution for permanent
destruction of data but should not be attempted by amateurs. What I find
shocking is the lack of simple security procedures being used such as the
idiot that had a disk with sensitive data on all military retires at his
home unsecured with no encryption. --- Steve


"Doofus McFly" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>A co-worker made a statement that data is recoverable from a hard drive
>even after you write zeros to all sectors of the hard drive. I was always
>under the impression that once you wrote zeros to all sectors that any data
>that was there is impossible to recover. Does anyone have any thoughts on
>this? Thanks!
>
>
>
>



 
Reply With Quote
 
Sebastian Gottschalk
Guest
Posts: n/a
 
      06-14-2006
kony wrote:

> Random overwriting with a couple of passes makes it MUCH
> more difficult, practically impossible. The prior poster is
> incorrect about 10,000 passes, a couple of random passes is
> sufficient but prudence with sensitive data would suggest at
> least 3 or 4 passes.


The randomness isn't needed either. Zeros will do as well.
 
Reply With Quote
 
Sebastian Gottschalk
Guest
Posts: n/a
 
      06-14-2006
Steven L Umbach wrote:
> It may take a little longer but it is a good
> idea to erase to DOD standards or better which most erase programs will
> allow you to do. With XP Pro or Windows 2003 you can use cipher /w to do a
> decent quick job of overwriting data.


If you read the documentation on how the SDelete utility from
Sysinternals works (same applies to the utility Eraser), then you might
understand that file system cache, harddrive cache, journaling (which is
common on NTFS) and data relocation pose a very real threat to such
simple methods, making them fail so blatantly when not carefully considered.

And even then you should be aware of bad sector relocations of your
harddrive. At least SCSI 2 always and SATA optionally, but not IDE
allows you to retrieve a list of bad sectors that are normally hidden
from the view. Still you won't be able to see their data content or to
overwrite them.
 
Reply With Quote
 
paulmd@efn.org
Guest
Posts: n/a
 
      06-14-2006
Sebastian Gottschalk wrote:
> kony wrote:
>
> > Random overwriting with a couple of passes makes it MUCH
> > more difficult, practically impossible. The prior poster is
> > incorrect about 10,000 passes, a couple of random passes is
> > sufficient but prudence with sensitive data would suggest at
> > least 3 or 4 passes.

>
> The randomness isn't needed either. Zeros will do as well.


The randomness IS necessary. If the recovery specialist knows that the
data was zeroed, then he has a better chance of getting recoverable
data. The ones would make themselves known. But if the pattern is
random, the task becomes much harder.

 
Reply With Quote
 
Sebastian Gottschalk
Guest
Posts: n/a
 
      06-14-2006
http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:

>> The randomness isn't needed either. Zeros will do as well.

>
> The randomness IS necessary. If the recovery specialist knows that the
> data was zeroed, then he has a better chance of getting recoverable
> data. The ones would make themselves known. But if the pattern is
> random, the task becomes much harder.


The new data has no significant, if any influence on how its noise
cancels out rest signals of old data. Actually in modern harddisks
there's hardly any difference between zeros and ones without knowing the
context, doing a very careful signal estimation and utilizing a lot of
error correction codes - a short glimpse at the signal would essentially
show you no difference to a noisy sinus wave.
 
Reply With Quote
 
kony
Guest
Posts: n/a
 
      06-15-2006
On Wed, 14 Jun 2006 07:47:45 +0200, Sebastian Gottschalk
<(E-Mail Removed)> wrote:

>kony wrote:
>
>> Random overwriting with a couple of passes makes it MUCH
>> more difficult, practically impossible. The prior poster is
>> incorrect about 10,000 passes, a couple of random passes is
>> sufficient but prudence with sensitive data would suggest at
>> least 3 or 4 passes.

>
>The randomness isn't needed either. Zeros will do as well.


No, 0 or 1 is only an absolute based on a threshold. If one
doesn't "round off" to a threshold but takes absolute values
the signature from a same-bit fill can distinguish the prior
data.

Now, if you were to continually overwrite the same areas,
over and over again with zeros, this would work better, but
not ideally, and why would one want to do that several more
times than it would take to write randomly? There would be
no reason to do it.

 
Reply With Quote
 
kony
Guest
Posts: n/a
 
      06-15-2006
On Wed, 14 Jun 2006 10:05:30 +0200, Sebastian Gottschalk
<(E-Mail Removed)> wrote:

>(E-Mail Removed) wrote:
>
>>> The randomness isn't needed either. Zeros will do as well.

>>
>> The randomness IS necessary. If the recovery specialist knows that the
>> data was zeroed, then he has a better chance of getting recoverable
>> data. The ones would make themselves known. But if the pattern is
>> random, the task becomes much harder.

>
>The new data has no significant, if any influence on how its noise
>cancels out rest signals of old data. Actually in modern harddisks
>there's hardly any difference between zeros and ones without knowing the
>context, doing a very careful signal estimation and utilizing a lot of
>error correction codes - a short glimpse at the signal would essentially
>show you no difference to a noisy sinus wave.



We're not talking about a short glimpse, rather someone who
is experienced and _trying_ to recover the data with the
correct equipment.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Request: Looking for recommendations for secure free space wiping and recycle bin wiping for VISTA Trevor Computer Security 0 12-30-2007 06:30 PM
Wiping Drive Luc The Perverse Java 5 10-18-2006 06:26 PM
wiping a drive ROBERT BROOKS Computer Information 1 05-08-2005 01:45 PM
need advice on wiping hard drive ftran999 Computer Support 4 09-15-2004 02:16 AM
Wiping hard drive fdisk/mbr? UnderDog Computer Support 7 08-25-2003 11:42 PM



Advertisments