There exists various ways of destroying the data on a disk. Even simple wipes differ, some disk utilities give these options:
- Format (does not actually wipe)
- Wipe 1 time with zero
- Wipe 1 time with random bits
- Wipe 7 times with zero / random bits
- Wipe 14 times with zero / random bits
Are they implying that data can be reserved somewhere else instead of writing to the disk (even cache exists the data should go to the disk I think), or the disk is totally not trustworthy by providing such options?
Answer
First, it should be noted that these ideas apply more to Electromechanical Hard Drives due to how they work at an electrical level to store files vs. a Solid-state drive, and utilities like this might actually reduce the life span of a SSD (especially something like a cheap USB thumb drive made with low grade electrical components). The idea behind these utilities is to completely erase data on a disk as to make it unrecoverable from any means of data recovery methods (including low level scans).
When you save a file to a hard drive, the file is stored electromagnetically on the disk, this means a small charge is being held (magnetically) to maintain the state of those bytes across the various sectors on the hard drive. Retrieving the file from the disk is actually quite a complicated process, both at an electrical level and the software side. To this, most operating systems interact with the hard drive through the use of a file system, a part of which is something known as the file table, which keeps track of directory/file nodes, among various other things.
When you delete a file, some file systems won't actually remove the file from the disk (electrically), instead they will just remove the entry from the file table and leave the underlying bytes on the disk. This is why you can use some un-delete utilities to recover lost data. This holds true if you wipe a partition or do a quick format of a drive. The data is still there, even though you said to delete it, it's just the higher level links that point to where the data is on the disk that are removed. This is in part to save time and to spare the hard drives mechanical parts. Performing a normal format (vs. quick) has a similar effect to writing all 0's to the drive.
Most hard drives, have multiple layers of magnetic material to write to. So when you overwrite an area of the disk with new data, some of the old underlying data might have a chance to be around (magnetically), even though it's removed from the file table entries and there are new bytes written to that area, there are still some (expensive) methods of recovering some data (not all data, and not necessarily reliably, but a chance enough for people to try it).
To counter this paramagnetic effect, wiping utilities will overwrite the entire disk with 1's or 0's (to flip all bits on/off) and then possibly random data to ensure any underlying data is fully overwritten. It should be noted that there are various standards as to what is deemed appropriate for data removal from magnetic material by various entities. And there is some debate on whether you actually need to wipe any more than once with random data (or 1's/0's), and I won't comment on whether more is better or not as to avoid such a debate on here, but I will say that for the average user just doing the 1 time pass or a normal format is typically sufficient to destroy most of your relevant data (at least the average user won't be able to recover it).
However, if you truly want to destroy the data and not be paranoid, you would degauss the hard drive then give it a thermite bath.
No comments:
Post a Comment