I am an IT professional and I know a lot about computers. However, I am baffled when people tell me that data on a hard drive can be recovered after it is overwritten. I know that when you delete a file, it is not actually gone. The computer merely allocates that space to be used again. However, I always thought that hard drives stored everything in 1’s and 0’s. To me, that would mean that if you overwrote it will all 0’s or all 1’s or any random combiantion of the two, the data is gone forever. Experts assure us that that data can only truly be erased by overwriting the data that you want gone 7 times. I believe their expertise but I do not undertsnad why that is the case.
You never write to exactly the same place on the hard drive twice, and that’s enough of an in for people to get what used to be there. If someone wants your data bad enough, they can get at it even after you overwrite it seven times.
While data is stored in the form of 0s and 1s, fundamentally, the magnetic media are analog storage devices. Data recovery works because the 0s and 1s are almost never written to exactly the same place twice. This results in spots of weak residual magnetism offset from the stronger signal of the recently written data which are ignored by the drive elctronics in normal operation. For deep data recovery, the drive platters are actually removed from the original drive and placed in a purpose-built case with specially-designed drive electronics which can send the analog data to be analyzed by software to tease out older layers of data. There is a good atrticle on data recovery techniques here.
Not true. Deep data wiping involves overwriting the area to be erased with a chosen byte pattern and its complement. For example, you might write 01010101 followed by 10101010. This is done several times, and effectivly destroys any chance of recovery. Even without such techniques, overwriting an area with normal data several times effectively renders the original data unrecoverable, since even the best recovery technology can only reccovery the last 3 or 4 layers of data, AFAIK, with any degree of accuracy.
There are several ways of recovering data that has been merely overwritten once or a few times. All rely on very low-level access to the hard drive’s data stream.
Remember that even though data is handed to the system as ones and zeros, it is stored in a more analog fashion on the HD. If you can read the actual waveform from the head before it is “squared up” and digitized, you may be able to interpret it differently. This of course relies on some magnetic domains that were lined up by the first recording, but not altered by the second.
Also, due to expansion and contraction, the same track number may not be overwritten in exactly the same spot. If you can micro-adjust the head to one side of the track, you might be able to pick up pieces of a previous recording quite well. Using a smaller head can aid in this trick.
What Q.E.D. said, as I was lazily typing away.
Depends on how badly you want it whether it is worth your time.
Well, you obviously can’t recover all data that’s been written to the drive, otherwise a hard drive is an infinitely large storage medium, which it just ain’t. Even if you can see ghosts of old data, the more overlapping ghosts you have, the less likely it is that you’ll be able distinguish data representing a particular point in time from data representing another point in time.
If you’re paranoid enough to worry about people doing extreme low-level scanning on your platters, you should probably be opening it up and bending the platters until the media layer starts to crack and peel. That will pretty much ensure that nothing’s going to skim across the platter close enough to read it.
The interesting thing that most people who are paranoid about people stealing their data don’t realize is that these extreme, deep data recovery procedures are extremely labor intensive, and are thus extraordinarily expensive, and are unlikey to be used for anything but misson critical commerical or governmental data, or possibly in important criminal forensic cases. No one’s going to be doing this stuff just for common ID theft.