Saturday, February 11, 2017

security - Is using multiple passes for wiping a disk really necessary?


To stupid people, like me, you would have thought overwriting each bit on a disk would render the data completely unrecoverable.


Why do disk wiping tools have the option for multiple passes, i.e. 3 or 5, even 7 and different methods? Surely the first pass does the job?


My question -
Is it just down to pure paranoia or should I be using multiple passes when wiping disks... and why?


Answer



It's paranoia.


The fastest way to "delete" things on a hard drive is simply to remove the references to that region of the hard drive, so the data remains there if you used a dedicated tool to recover it, the kind the police would have for example.


A much slower way to "delete" things is to write over every bit of information with a 1 or a 0, or random bits, so that even if you use aforementioned tool, all you would see is the result of this operation.


Theoretically, you can recover residual data (which is why tools have the option of using multiple passes) because the data is all stored magnetically.


If you have a clean disk, and write a 1 to it, then overwrite that 1 with a zero, the new "zero" will be slightly less "zero" than if you wrote a zero to that space on a clean disk, and even less than if you wrote a "zero" over a "zero".


I won't go too far into materials science.


It does depend why you're wiping your drive.


If you're trying to destroy the drive and never use it again. Physically bend it. This is all you have to do, no existing tool, or tool in development can read a bent drive.


Alternatively, heating up magnets completely resets their magnetism, as does passing a strong magnet over them.


If you're looking into data security on a long term basis, it is possible to buy hard drives that encrypt all data stored on them. If you change the core encryption key then all the data is completely unrecoverable, it takes a fraction of a second to do, and is more secure than repeatedly overwriting data with more data.


If you're just looking to hide your porn stash, or you are reselling your computer, a single pass of 1's will be more than enough. The actual process of rewriting every bit on a modern hard-drive (which will easily have over a TB of space) will take hours and hours.


The cost of recovering data from a zero'd out computer, to a forensics team, is well into the thousands of dollars and requires the skills of specialist computer scientists.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

hard drive - Leaving bad sectors in unformatted partition?

Laptop was acting really weird, and copy and seek times were really slow, so I decided to scan the hard drive surface. I have a couple hundr...