I work for a health insurance company so we are subject to HIIPA and other regulations with regard to protected information. When we donate equipment to charity we use a software called Datagone by a company called Power Quest.
I can’t seem to find a web site for PowerQuest but I did find a link to a news article saying they’re being purchased by Symantec so maybe that’s why.
Good luck with your project.
Yes, because a multi-pass random data write couldn’t be done by the computer while you’re sleeping or doing your normal daily business as they chug away in the corner unsupervised.
Also, what magical time-free method do you use to remove and destroy hard drives and install new ones?
My personal favorite is Eraser. It’s free, very easy to use, and includes the (very cool, IMHO) option of shredding your disks free space.
So you folks are saying that if one formats a disk and then creates enough cluster optimized files containing random information to fill up a disk that I would be able to recover the information that I erased previsouly? That would be great if it’s true, because my disk could both archive information and handle new information resulting in my drive being twice and big as advertised.
It is a question of reliability. In order to make a drive that people will use you need to be able to read back the data with high reliability relatively quickly. This will dictate the physical area taken on the surface of the platter. In order to guarantee that the drives cannot be read by people with more sensitive electronics and a large amount of time the data must be overwritten with random data several times. If you overwrite only once it may be possible to read back the previous data. But it won’t be guaranteed that you can get the data and in any case you wont be able to get the data quickly.
As a side note the main reason the government physically destroys the drives is that it costs a fair amount to have a technician with security clearance monitor the wiping process.
That’s what I like as well. It takes forever to shred 300 gigs with 35 passes, but boy does it work.
There are a couple of good, free suggestions in this thread. I’d like to add sdelete. It is a single Windows executable that can delete both used and free space. You can specify the number of passes and the algorithm is the “Department of Defense clearing and sanitizing standard DOD 5220.22-M”.
Is there any hard evidence to support this? Anyone have any links to some actual studies about this?
Hard drives at there heart are an analog media. 1s and 0s are not on the disks. Instead you have contentious analog samples say normalized from -1 to 1. A 0 will be -1 and a 1 will get 1. There is a certain amount of noise when writing and when reading. Also they tend to pack the bits close together so that there is bleeding from one bit to the next.
is an article about recovering overwritten data.
I am at home currently and cannot access the full article but I will look at it from work tomorrow.
I’ve been wondering about this since I heard about the physically shredding/building into a wall somewhere. Why would anyone even bother to do any software based data erasing before this? Is there any conceivable situation in which a hard drive that has literally been shredded to bits could be reassembled?
Those DoD folks are pretty fond of redundancy in critical systems. Just because you sent your disk to the Office of Hard Drive Destruction don’t mean it got destroyed.
I’ve spoken with some people from a 3-letter law enforcement agency who claim that they can recover data that has been overwritten past the “magic 7” times.
Your ones and zeros aren’t really ones and zeros. There’s a threshold and anything below the threshold is a zero and anything above the threshold is a one.
If you over write your drive with zeros, to a normal read head, it will all come back zeros. However, bits that were formerly ones will be closer to the threshold than bits that were formerly zeros. Forensic read heads return the raw value of the bit. Then they image the disc at lower and lower thresholds until your old data pops back up.
It doesn’t really need to be “all zeros” or “all ones”. The skew from any known data can be filtered out, so even if you’ve deleted a file and over-written the sectors where it was contained, it may still be recoverable.
If you have a source of cryptographically secure random data, fewer passes are acceptable. Is you have only pseudorandom or unsecure random data available, the purpose of multiple passes is to reduce the ghost image from previous data below the limit of detectablility… to a determined attacker, it’s no different from a multi-pass cycle of byte patterns (it just takes longer for you to clean the disk).
What I find really amusing on the zealous destructive government procedures, is that they lose laptops with security data often. I think if they go to all the trouble to destroy the hard drives like they do, laptops should have drives that melt to sludge if tampered with, and a tracer beacon that tracks them via cell towers at all times.
This was an outstanding explanation. Thank you!
Excellent post.
I’d also like to say that this is the best combination of post and username I’ve ever seen.
IIRC, the spy plane that went down over China in 2001 degaussed their stuff.
That’s what the law requires around here for hds from state agencies to be made ready for resale.
I’m not sure why this technique hasn’t come up.
Because it’s really tough to do without ultra-powerful magnets or exposing the platters (which, unless done in a clean room, is death for the drive). Additionally, even if you’re successful, erasing the data in this manner also erases the servo data, which renders a modern IDE HDD nearly worthless. Only the drive manufaturer can rewrite the servo data and I’m sure they’re not going to do it for free.
I finally clicked on the link.
I had thought for sure it would be something about nuking the hard drive from orbit.