It seems to be an urban legend that if one does a simple one pass security wipe of a file then it is possible to reconstruct the file by some advanced technique, and that one should do multiple wipes of a file. Given that one presumes the domains involved are fully magnetised how can that be? WAG - it may be some residual magnetisation beyond the domain boundary or that perhaps the degree of magnetisation achieved depends on the prior state. In either case the noise component must be enormous.
The Department of Defense considers 7 random overwrites to meet its standard of security. Personally, I use 10.
Personally, I use 35. Only for sensitive data, becausing overwriting 100+ gigs 35 times is a very long time indeed. Otherwise, 7-9 is enough for when I’m just letting Eraser wipe “empty” space.
I asked this once and got some good answers. I will try to find it but one explanation is that the writes don’t exactly overlap the next time so advanced techniques can still get all or parts of what was there by shifting the read a tiny amount also.
Here is the thread I mentioned:
http://boards.straightdope.com/sdmb/showthread.php?t=279022&highlight=hard+drive
It’s my understanding that since each domain isn’t precisely on top of the domain it overwrote, it’s possible to recover data from the edges of each individual domain with some effort.
Better yet, let’s quote from Bruce Schneier’s Practical Cryptography:
He cites this research paper, which, being from 1996, is probably somewhat dated.
It’s also an imperfect analog process. When you overwrite A with B, A is strongly attenuated, not completely erased.
I have always heard about this. How the data is never really gone.
When is this used? Because I doubt it is easy to do. Or if it is easy why was this not recovered.
Big Mistake
There may be more to the story, and maybe reformats are different. But I doubt he wiped it the 7 times necessary to effectively hide all the data. Granted it was Microsoft and Dell called in to fix the issue.
You would think at least Microsoft would have the resources to recover the data.
Are all those wipes really necessary?
BTW I use about 10 overwrites myself.
I can’t find a huge amount of detail, but if the data was on a RAID volume (where the data is spread across multiple disks) the problem goes up exponentially, because you are looking at overwritten data on multiple drives in a pattern that may not be obvious (even to the manufacturers). and all the drive toreances are different. Plus, if the drive was reused, the really important bits (directory and file table information) get overwritten hard and fast.
Low level Data recovery takes a really long time - if you really, really need to have the data, and you probably need an idea of what and where you are looking. Modern hard drives with 10s and 100s of gigabyes (in the same form factor as last decades 10s and 100s of megabytes) just take too long to scan completely (and the leakage domains are so much smaller). You have to scan the drive (at maybe 50% off center), see if your data stream makes sense, then do it again at 60% to see if you get more sense. You may never get sense. You can’t scan the drive once and see all the historic data. For the alaskans, it wasn’t worth it, if it was possible. For the NSA tracking a terrorist, maybe - but it could still be a waste of time.
Si
Does the disk need to spin to be read? How about a .30 cal bullet through the platters?
No. There are special microscopes that can sense the magnetic fields on the surface of the platters.
Melt it down, it’s the only way to be sure.
Nuke it from…Never mind. 
Nah, if you really want to be sure, you toss it into a black hole.
Indeed. There’s a DoD spec which requires all drives with classified data on them to be destroyed. Remember, just because we lack the technology to read a massively overwritten disk today, doesn’t mean we won’t figure it out tomorrow.
No way, I don’t want my evil self from another dimension reading my hard drive data.
Just on the side of realism: While it may be “possible” to reconstruct data, doing so would probably take a group of techies several years to do so, and some impressive scanning hardware and software. And in the end, probably the files they were able to repair will have been a random selection.
So while it may be true that if you want to be “really certain” that you need to overwrite the whole disk several times, for anyone who isn’t expecting to have a major government steal his hard drive any time soon, you’re fine to just overwrite it once.
I never actually delete any data, I just erase its location from the NTFS table and leave it mostly recoverable. Which is a good thing.
Just a few days ago I opened a doc template from the web and started writing my 3600 paper , saving diligently. I never realized that the document was in my browser’s Temp folder and later on, I was shocked to find it had disappeared, nowhere to be found.
Undelete plus saved my butt (it’s freeware so I can pimp it). Thank you magnetic properties!
The consulting firm I work for has a group that specializes in computer forensics.
If you simply delete the data from your hard drive, we can restore it in a matter of hours. Everyone probably knows that.
Even if you format the hard drive multiple times, we can probably still extract viewable data (or outsource it to someone who’s kung fu is stronger).
If you use software to overwrite the drive with random 0s and 1s, now it gets a bit more interesting. Maybe the tech guys can restore it with special tools that measure the magnetism. I’m not sure. But I do know that would be relatively expensive. The quality of the data would also be in question. It’s one thing to be able to recover some bits and bytes from the drive. It’s quite another to reconstruct them into an actual Word or Excel document or email PST. It wouldn’t take “years”, as **Sage Rat ** said, but it would be time consuming, expensive and you still might not recover anything that can be used in a court of law.
Forensic analysis of overwritten drives is unlikely to be able to recover all of the data just some of it.
The DOD or whomever needs to have all the data gone. Say they have a big data base of all the foreign agents or what not. It can be very damaging to have some of those names to get out even if the whole list is not recoverable. Alaska on the other hand needs the whole database recovering some of it it not all that helpful they still need to do the work to recreate the whole thing.