As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

On deleting things from HDDs and SSDs

ImaPiranhaImaPiranha Registered User regular
My questions concern permanent deletion of files from both kinds of media.
I'm aware that in order to truly remove things from a hard disk drive you need to somehow overwrite the data as erasing it doesn’t actually get rid of it but just marks the space as free. I also know that even overwriting it once may nto be enough, depending on the grade of data recovery tool used.
Once upon a time I had a program run from a floppy (yeah that old) that would format and write zeroes over and over again for about 8 hours (on a 20 gig drive) but from what I see on Google there are programs that will basically do that without a full format, they'll just wipe the data for the file(s). So I’m wondering for one if this really works and if you have any recommendations. I'm hoping for something free and while doing the low-level format is an option, I'd rather not - I'd rather just clean it up and know that all the data I don’t' want in someone else's hands is gone.
Secondly, I have some solid state media (SD cards, USB drives and an SSD) that I want to erase as well. I haven't really found anything conclusive about SSDs and whether or not the data on them can be recovered or not. It seems like it's harder but still possible and I want to make it not possible. Since solid state media has a limited number of write cycles on it I wouldn’t think that the zero-writing process would be a good idea. Seems like it would burn out the drive faster but again, I don't want there to be data that someone savvy can pull off this gear.
In both cases I’d like it to be literally impossible by any mortal means (short of a Wish, Limited Wish or Miracle)to recover the data from these devices. I've got a bunch of stuff I’m getting rid of as I upgrade the office and I don't my company information, customer credit card information, personal information or anything else for that matter to be recoverable by whomever gets this equipment.

Posts

  • bowenbowen How you doin'? Registered User regular
    If you can recover data from one, you can recover it from the other. SSDs are a bit more protectable because once they're physically damaged it becomes harder to recover data, but not impossible. The partition table and file/directory table are still the same between drives, the only thing that differs is how the controller converts their form of physical media into something the computer understands as a hard drive. So since computers don't really "care" about the difference between the two, any method will still work.

    http://eraser.heidi.ie/ is what I use at work.

    Keep in mind, the more you use a drive, the shorter its lifespan becomes. Theoretically a single pass should wipe out the data.

    Just get a USB adapter for hard drives and go to town.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • zagdrobzagdrob Registered User regular
    There are a number of different programs that will perform a zero fill (or random fill) and effectively make the data on a given drive irretrievable. Most of the tools offer the ability to do multiple passes, and the extremely paranoid will generally do three to ten passes on a given drive. After one pass it's going to be effectively impossible for anyone like an identity thief to recover even snippets of data using the original hardware, and multiple passes are basically overkill.

    However, academically, the only way to truly remove data is physically destroying the drive and completely destroy the platter surfaces. Even after multiple zero / random fills, there are techniques that skilled forensic technicians with the right equipment can use to recover data. It would be incomplete / garbled, but there probably would be enough to match something like a deleted document / image to a reference document / image.

    Basically, each bit on a drive is a tiny magnetized area. The orientation of the magnet determines if the bit is a 0 or 1, but the idea of a 0 or 1 is an approximation - the bit is the average magnetism of that area, which is close enough for our purposes. If a bit is written to (1) and then you do a zero wipe, there will be some residual magnetism compared to a bit that was never written to, and that can be detected with very precise and sensitive tools.

    Additionally, the heads don't always align perfectly with the platters, and sometimes will write to the areas in between tracks / sectors, or portions of other sectors. Normally you can't do much with these areas using system tools and the hardware alone, but a forensic expert can also use certain tools to read the platters and recover data.

    But unless you're an FBI Most Wanted, in Al Qaeda, or a KGB spy, a single zero fill should be more than enough.

    bowenEssee
  • bowenbowen How you doin'? Registered User regular
    edited November 2013
    SSDs don't deal with this issue and don't rely on quantum mechanics to read data. Building off what zagdrob is saying, you're safer with a 0 wipe on them, for instance.

    Removing the platters and melting them into a puddle is your only real chance at destroying magnetic drive data reliably.

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • ImaPiranhaImaPiranha Registered User regular
    Alright so basically unless I'm super paranoid (and I'm really not) a single pass of zeroes is sufficient on either mechanical or solid state but technically on a mechanical drive you can't ever be totally sure without destroying it but on solid state media a single pass of zeroes really does wipe it clean?

    zagdrobEcho
  • bowenbowen How you doin'? Registered User regular
    As far as I am aware, yep, that's all.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • SmokeStacksSmokeStacks The Myth, the Legend, the Bowman, the Shambler FuckerRegistered User regular
    ImaPiranha wrote: »
    I've got a bunch of stuff I’m getting rid of as I upgrade the office and I don't my company information, customer credit card information, personal information or anything else for that matter to be recoverable by whomever gets this equipment.

    I've purchased equipment from office environments before, and it's not unusual for it to be sold without hard drives due to security reasons.

    The safest way is a zero write followed up by a power drill. Three to four holes directly through the casing and platters will annihilate any future use of the drive. The nuclear option is to remove the casing of the drive itself and use sandpaper on the platters.

    The downside is you lose the value of the hard drives and your equipment will see a slightly lower resale amount as a result, but conventional hard drives are cheap these days, and the upside is you'll never have to worry about your customer data being compromised and you'll get some cool magnets as a result.

    Honestly though, unless the person you're worried about works for the NSA and has access to a cleanroom environment and extremely specialized equipment you won't have to worry about your data falling into the wrong hands after a zero write.

    gRAhjXV.gif
    bowenTofystedeth
  • ImaPiranhaImaPiranha Registered User regular
    I'm just worried about someone savvy. I used to use a program called GetDataBack or (something like that) that could get stuff even a couple formats old - though not after zero writing - so I figure that things have improved over the years and wasn't sure by how much.
    I'm not worried about the NSA, just people who might think they can pull data off of a company's drives and score credit card info or something.
    All this has gotten me thinking more about encryption and security on my own systems though. I did a little digging around on my own and TrueCrypt seem pretty solid but it makes a fully encrypted volume. I'd rather be able to encrypt individual files or folders so I can put them off site, or on a USB drive or something. Anyone got any recommendations?

  • bowenbowen How you doin'? Registered User regular
    The reason you were able to get stuff after a format, is because formats don't change the data, they just modify the file allocation/master file part of the partition.

    A format won't erase data, just that table.

    So a smart enough program can go sector by sector and reassamble pretty much every file that still existed in the empty space.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • bowenbowen How you doin'? Registered User regular
    Also, TrueCrypt can work as a container encryption. You create a container, it's a self contained file on a drive or disk like your USB drive. You then mount that file, with the cipher/password you designated, and it acts like a drive at that point.

    Or you can do whole drive encryption if you want.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • InvisibleInvisible Registered User regular
    Ccleaner has an option for this.

  • ImaPiranhaImaPiranha Registered User regular
    Yeah I got the container thing all figured out and I can use that, just upload and download it when I want to but I was thinking of something that will lock up a single file or folder instead of creating a volume like that. From what I can tell it's not really as secure though because TureCrypt does everything in RAM so it's never even on the drive. Where as if I encrypted a single file or folder and then put it elsewhere someone could still come along and get the original unencrypted version from the drive yes? And yes, i know that's absurdly paranoid, I'm really just hypothesizing here.
    I'm just starting to wrap my brain around the whole encryption thing.

Sign In or Register to comment.