Wiping data from drive question

A co-worker made a statement that data is recoverable from a hard drive even
after you write zeros to all sectors of the hard drive. I was always under
the impression that once you wrote zeros to all sectors that any data that
was there is impossible to recover. Does anyone have any thoughts on this?
Thanks!

Doofus McFly

There are techniques where you can retrieve some data because if a place on
the disk had a "1" for a long period of time, theoretically, then changed
to a "0" (you wiped the disk) there would be a "shadow" of a "1" left. You
have to write a combo of zeros and ones many, many times say 10,000
times....

Imhotep

Doofus McFly wrote:

> A co-worker made a statement that data is recoverable from a hard drive
> even after you write zeros to all sectors of the hard drive. I was always
> under the impression that once you wrote zeros to all sectors that any
> data that was there is impossible to recover. Does anyone have any
> thoughts on this? Thanks!

--
*************************************
Pass a Net Neutrality Law in the US!!!!

Save the Internet:
http://www.savetheinternet.com/

Its our net:
http://www.itsournet.org/

*************************************

imhotep

On Tue, 13 Jun 2006 18:30:08 -0700, "Doofus McFly"
<> wrote:

>A co-worker made a statement that data is recoverable from a hard drive even
>after you write zeros to all sectors of the hard drive. I was always under
>the impression that once you wrote zeros to all sectors that any data that
>was there is impossible to recover. Does anyone have any thoughts on this?
>Thanks!


Merely overwriting it once with the same digit will allow a
professional with specialized equipment to recover "some" if
not all of the data, at great cost (computer repair shop or
the like could not do it).

Random overwriting with a couple of passes makes it MUCH
more difficult, practically impossible. The prior poster is
incorrect about 10,000 passes, a couple of random passes is
sufficient but prudence with sensitive data would suggest at
least 3 or 4 passes.

kony

Not impossible but very unlikely without access to the proper equipment and
having the necessary skills. It may take a little longer but it is a good
idea to erase to DOD standards or better which most erase programs will
allow you to do. With XP Pro or Windows 2003 you can use cipher /w to do a
decent quick job of overwriting data. A sledge hammer and bucket of
sulphuric acid is probably the most secure solution for permanent
destruction of data but should not be attempted by amateurs. What I find
shocking is the lack of simple security procedures being used such as the
idiot that had a disk with sensitive data on all military retires at his
home unsecured with no encryption. --- Steve


"Doofus McFly" <> wrote in message
news:...
>A co-worker made a statement that data is recoverable from a hard drive
>even after you write zeros to all sectors of the hard drive. I was always
>under the impression that once you wrote zeros to all sectors that any data
>that was there is impossible to recover. Does anyone have any thoughts on
>this? Thanks!
>
>
>
>

Steven L Umbach

kony wrote:

> Random overwriting with a couple of passes makes it MUCH
> more difficult, practically impossible. The prior poster is
> incorrect about 10,000 passes, a couple of random passes is
> sufficient but prudence with sensitive data would suggest at
> least 3 or 4 passes.

The randomness isn't needed either. Zeros will do as well.

Sebastian Gottschalk

Steven L Umbach wrote:
> It may take a little longer but it is a good
> idea to erase to DOD standards or better which most erase programs will
> allow you to do. With XP Pro or Windows 2003 you can use cipher /w to do a
> decent quick job of overwriting data.

If you read the documentation on how the SDelete utility from
Sysinternals works (same applies to the utility Eraser), then you might
understand that file system cache, harddrive cache, journaling (which is
common on NTFS) and data relocation pose a very real threat to such
simple methods, making them fail so blatantly when not carefully considered.

And even then you should be aware of bad sector relocations of your
harddrive. At least SCSI 2 always and SATA optionally, but not IDE
allows you to retrieve a list of bad sectors that are normally hidden
from the view. Still you won't be able to see their data content or to
overwrite them.

Sebastian Gottschalk

Sebastian Gottschalk wrote:
> kony wrote:
>
> > Random overwriting with a couple of passes makes it MUCH
> > more difficult, practically impossible. The prior poster is
> > incorrect about 10,000 passes, a couple of random passes is
> > sufficient but prudence with sensitive data would suggest at
> > least 3 or 4 passes.
>
> The randomness isn't needed either. Zeros will do as well.

The randomness IS necessary. If the recovery specialist knows that the
data was zeroed, then he has a better chance of getting recoverable
data. The ones would make themselves known. But if the pattern is
random, the task becomes much harder.

paulmd@efn.org

wrote:

>> The randomness isn't needed either. Zeros will do as well.
>
> The randomness IS necessary. If the recovery specialist knows that the
> data was zeroed, then he has a better chance of getting recoverable
> data. The ones would make themselves known. But if the pattern is
> random, the task becomes much harder.

The new data has no significant, if any influence on how its noise
cancels out rest signals of old data. Actually in modern harddisks
there's hardly any difference between zeros and ones without knowing the
context, doing a very careful signal estimation and utilizing a lot of
error correction codes - a short glimpse at the signal would essentially
show you no difference to a noisy sinus wave.

Sebastian Gottschalk

On Wed, 14 Jun 2006 07:47:45 +0200, Sebastian Gottschalk
<> wrote:

>kony wrote:
>
>> Random overwriting with a couple of passes makes it MUCH
>> more difficult, practically impossible. The prior poster is
>> incorrect about 10,000 passes, a couple of random passes is
>> sufficient but prudence with sensitive data would suggest at
>> least 3 or 4 passes.
>
>The randomness isn't needed either. Zeros will do as well.

No, 0 or 1 is only an absolute based on a threshold. If one
doesn't "round off" to a threshold but takes absolute values
the signature from a same-bit fill can distinguish the prior
data.

Now, if you were to continually overwrite the same areas,
over and over again with zeros, this would work better, but
not ideally, and why would one want to do that several more
times than it would take to write randomly? There would be
no reason to do it.

kony

On Wed, 14 Jun 2006 10:05:30 +0200, Sebastian Gottschalk
<> wrote:

> wrote:
>
>>> The randomness isn't needed either. Zeros will do as well.
>>
>> The randomness IS necessary. If the recovery specialist knows that the
>> data was zeroed, then he has a better chance of getting recoverable
>> data. The ones would make themselves known. But if the pattern is
>> random, the task becomes much harder.
>
>The new data has no significant, if any influence on how its noise
>cancels out rest signals of old data. Actually in modern harddisks
>there's hardly any difference between zeros and ones without knowing the
>context, doing a very careful signal estimation and utilizing a lot of
>error correction codes - a short glimpse at the signal would essentially
>show you no difference to a noisy sinus wave.


We're not talking about a short glimpse, rather someone who
is experienced and _trying_ to recover the data with the
correct equipment.

kony