Looking for a Disc eraser

Our "pub" where you can post about things completely Off Topic or about non-silent PC issues.

Moderators: NeilBlanchard, Ralf Hutter, sthayashi, Lawrence Lee

Post Reply
K.Murx
Posts: 177
Joined: Tue Mar 17, 2009 10:26 am
Location: Germany

Post by K.Murx » Thu Aug 06, 2009 9:25 am

Couple of things:
A format is quite easy to recover because it changes the file system structure, but not the actual contents of the disk.

Overwriting the disk with a homogenous signal is not quite safe, because you present a curious investigator with a known final state, so any differences found in e.g. a STM/AFM investigation (which is extremely slow and rather costly, btw) can be attributed to you "current" date.
This is to a lesser extent also true if you fill the HDD with e.g. cat /dev/random > $file until overflow. This does make the process significantly more difficult, though.
However, if you overwrite the disk with multiple passes of random data, there is no good way to atttribute differences found at the domain level to any state. Therefore, this is quite safe. If you do multiple passes with zeros, you simply make the differences smaller but do not make them go away.

Personally, I simply encrypt my more or less "interesting" data (which is mandated by my emplyer's rules anyway) and do one overwrite with zeros, which will thwart all non-professionals. And if the latter are interested in my letters to my grandma... well, then they can waste their time reading them ;)
Top
nick705
Posts: 1162
Joined: Tue Mar 23, 2004 3:26 pm
Location: UK

Post by nick705 » Thu Aug 06, 2009 12:51 pm

K.Murx wrote: Personally, I simply encrypt my more or less "interesting" data (which is mandated by my emplyer's rules anyway) and do one overwrite with zeros, which will thwart all non-professionals. And if the latter are interested in my letters to my grandma... well, then they can waste their time reading them ;)
The implication here is that "professionals" might not be thwarted by a single overwrite with zeros - you say that overwriting a disk with a homogenous signal is "not quite safe" but, again, is there a single documented real-world example of useful data *ever* having been recovered in such a situation?

You may be aware of the recent "Zero Fill Challenge" (the website seems to have been taken down now), which invited data recovery companies to retrieve a single encrypted file on a HDD which had been overwritten by a one-pass zero fill (Linux dd command). I'm sure the advertising potential resulting from success would have been considerable, but the challenge was never taken up, and at least one firm responded by saying that the task was completely impossible with known recovery techniques.

I'm by no means an expert on the subject, and I'm more than happy to be proven wrong, but all the evidence I've seen so far indicates that after a single-pass overwrite, all HDD data is gone beyond any realistic hope of recovery...
Top
Shamgar
Posts: 454
Joined: Wed Oct 22, 2008 8:49 am
Location: Where I Am

Post by Shamgar » Thu Aug 06, 2009 8:46 pm

There is a white paper at ActionFront on the subject of data recovery. Read the articles in the links too: some free and helpful information in the Data Emergency Guides and some background information in the Tech Articles.

nick705, this may help answer your and other users' question of Can Overwritten Data Be Recovered?
Top
Post Reply

Return to “Off Topic”