How well will running a strong magnet over the disk work?
Ooh! Or maybe stick it in an MRI for a couple of hours?
An MRI would clean the drive up. It would probably also completely destroy the hard drive. Those things are strong.
I foresee a near-future where hard drives will cease to exist at all as permanent items. Already memory is so cheap and so high-density that it should be easy to create a “disposable " HD–sort of like merging the HD with the disk drive. All software is stored on the internet, like a Yahoo! briefcase. The computer holds a 50GB drive disk that’s made of biodegradeable corn-starch. Every day you eject the drive and eat it.
[Homer Simpson]
Mmmmmmmm…datalicious…”
[/Homer Simpson]
Actually, tell me if this WOULD work: if you kept all your incriminating data on a zip or jaz disk instead of the HD, and at the end of your session you ejected the disk and kept it in your underwear, with the idea that if the feds cam knocking you could rip open the disk and swallow the soft platter.
Assuming that the data never lived on the HD at all, you would be safe–yes?
A slight hijack, if I may. And this is regardless of whether I care about the data being retrieved, I’m just asking for clarification. The following is not to scale of course, merely for demonstration.
Say I have a drive with 100 files on it, and it is now full (assuming all files are the same size). I delete 50 of those files.
I have now freed up half the drive space, correct, and can save 50 more files? The new files will be written over the ‘deleted’ files? And barring aggressive recovery efforts, after I have overwritten the 50 deleted files several times,
they will be difficult to recover?
I am trying to put what I read into very simple layman’s terms, how close did I get?
Yes, they will be difficult to recover. But not impossible.
I will try and keep this simple, so it might not be absolutely technically correct.
The file system on your computer breaks up your available storage space into chunks. Each chunk has a fixed size. When data is saved, it will use a number of these chunks [think of it as putting a paper file into a cabinet; if the file is big enough, you may need to put some of the file into a second drawer]. Using fixed-sized chunks makes it easier for your operating system to index and search through data for particular files when you need them.
If you then overwrite that data with another file, it may be a different size. Say you had one data file that used two memory chunks, and the file you used to overwrite it uses one and a half chunks. That half chunk is not overwritten. It can be retrieved by specialist forensic software packages like EnCase or Vogon.
You may use a package to completely overwrite all of these chunks (or ‘clusters’) with randomly-generated data. This will help. However, as ftg and Bricker mention above, it may still be possible to recover data. Bricker mentions the swap file in Windows operating systems. This ‘boosts’ your computer’s temporary memory (i.e. the memory used for actually doing things and keeping a track of changes before you save them, not for long-term storage) by using some of the hard disk space. It may be possible to recover data from the space used by this swap file.
ftg mentions the fact that as your computer ages, it will not work with quite the same degree of precision. This may lead to a situation where the hardware used to write your data to the hard disk has changed very slightly over time, and is writing to a very slightly different part of the physical disk [this is not an area I have experience with, so I apologise if this is an inaccurate summary]. An expert might be able to retrieve the data that was originally written to the hard disk at an earlier time, since any data now being stored is being stored in a very slightly different location.
A large, memory intensive operation (eg some of the more complicated fannying around options in Photoshop, or a 3D rendering program such as 3D Studio Max or a texture rendering suite like Bryce or Mara) would need a big (in some cases, actually GINORMOUS) swap file. By asking for a large swap file, data in the swap file space from the last time will most likely be rewritten.
So, if you want to really delete stuff, best do some heavy duty 3D rendering afterwards. Plus, graphic design software is just ultra-cool and generally r0xx0rs. It ain’t cheap though. If you stole it, you’d then have to cover up the fact that you stole it on top of the original covering up of dodgy data. What a wicked web we weave.
I could be completely wrong here, but it’s just what came to mind when thinking about really big swap files.
If the data never was on the hard drive, then yes. But if you’re viewing something and you save it to disk, it might end up in your OS’s swap file, which is on disk.
If the data never was on the hard drive, then yes. But if you’re viewing something and you save it to disk, it might end up in your OS’s swap file, which is on disk.
Top on the list of Jobs I Want is that of the data security guy from (insert name of client). His job involves wiping old hard disks, formatting them, and then *smashing them to pieces with a massive ***ing sledgehammer. Job satisfaction or what?
Even this method is not absolutely secure… but the cost of the specialised hardware you’d need to read the hard drive’s platters afterwards probably exceeds the commercial value of whatever data you might recover.
Well, the easiest way to clean out your Windows swap file is to change the drive that it lives on, i.e. within your properties screen of the My Computer icon, change the swap file from drive C: to drive D:, and then run your erasure software on the C: drive. You can then switch it back if you like, or leave it there.
If total security is what you need, disassemble the drive in question, and take out the platters. They are an aluminum alloy with a ferrous coating consisting of tiny particles secured onto the surface. After removing the disks, kick start your belt sander, and grind both sides thoroughly. Once you are down to bare white metal, you are done!
Next time on This Old PC: Making attractive jewelry from your old 386 and 486 chips…
O
As I’ve dealt with those data recovery guys, I can attest they seem pretty confident that they’ll have a shot as long is there isn’t physical destruction.
The best analogy for it, though, was from a recent article – in Scientific American? – that described a read-write operation as “raindrops covering other raindrops.”, since the magnetic information is actually a blob on your hard drive platter, the blobs are rarely completely uniform when they overwrite each other and recoverable traces remain.
I think the magnet theory has play, however. Suppose I were to get an industrial magnet, or make one out of electrical coil. Since this is a field, and not a digital representation of same, wouldn’t this zap my disks to a completely pristine state?
Any E. Engineers want to theorize some specs? I’ll happily make one and if there’s a recovery specialist lurking, we can test the theory!
Crusoe brings up Yet Another Reason Why Lobsang shouldn’t go into the computer security business: partially re-written clusters.
When I do a file system check, and get lost chains converted into files, I take a peek at them to see what they were and if I should try to salvage them. Since the system doesn’t know the original size of the file it always rounds up the cluster size. I have found parts of remarkably old files lurking in the tail of the last cluster of these files.
(I have tried peeking beyond the end of files on Unix systems. But on compliant OSs, "0"s are written when the first byte of a cluster is allocated. Nice.)
You should assume that there’s cruft all over your disk. The safest thing to do is to always encrypt sensitive stuff. And then you still have to be careful with swap files, application temp space, and such. Try browsing thru the temp directories on a public Win9x system sometime. Fun fun fun. Also look for those “{” files from word processing progs.
I am not a gearhead, more of an OS guy, but my understanding is that unless you physically destroy a drive it is very possible to recover data from a drive no matter how many times the clusters have been over written.
The thinking behind the data recovery crowd seems to be that a) the data is placed somewhat offset from the tracks on the platter b) the magnetic material of the platter is a couple layers thick and c) the newer heads used in hard drives are more sensitive than the older heads. Given those three factors it is probably possible to yank data from just about any drive that is not physically damaged.
If you really need to kill data, take the drive apart and shatter then burn the platters.
Then again I could be wrong but I don’t think I am. I imagine that some hackers-NSA people out there are thinking about data recovery very hard and have a good idea about how to do it.
Slee
Every time you write to the drive, you change some of the phyisical properties of the drive and not just to the magnetic media of the drive either, and that change can be viewed. I seem to recall someone theorizing that using some of the new ‘magnifying’ methods of visualizing ultrasmall surfaces, it might actually be possible to figure out when point A was a 1 in relation to point B (digging for fossils in the substrate as it were.) Mind you, this would be **very[/v] expensive. I was told that you can do something similar with EEPROM/Flash ram. Basically here you examine each memory bit, and since each bit is actually multiple memory cells (From the chip layout that I have on my wall, each bit in an EEPROM is at least six memcells.) By looking at each of the six memory cells, you can figure out what was in the memory bit at whatever point in time. This is because the act of writing to a nonvolitile ram is destructive by the very nature of why it is nonvolitile.