A co-worker made a statement that data is recoverable from a hard drive even
after you write zeros to all sectors of the hard drive. I was always under
the impression that once you wrote zeros to all sectors that any data that
was there is impossible to recover. Does anyone have any thoughts on this?
Thanks!

There are techniques where you can retrieve some data because if a place on
the disk had a "1" for a long period of time, theoretically, then changed
to a "0" (you wiped the disk) there would be a "shadow" of a "1" left. You
have to write a combo of zeros and ones many, many times say 10,000
times....

Imhotep

Doofus McFly wrote:

--
*************************************
Pass a Net Neutrality Law in the US!!!!

Save the Internet:
http://www.savetheinternet.com/

Its our net:
http://www.itsournet.org/

*************************************

On Tue, 13 Jun 2006 18:30:08 -0700, "Doofus McFly"
<DMcFly@aol.com> wrote:


Merely overwriting it once with the same digit will allow a
professional with specialized equipment to recover "some" if
not all of the data, at great cost (computer repair shop or
the like could not do it).

Random overwriting with a couple of passes makes it MUCH
more difficult, practically impossible. The prior poster is
incorrect about 10,000 passes, a couple of random passes is
sufficient but prudence with sensitive data would suggest at
least 3 or 4 passes.

Not impossible but very unlikely without access to the proper equipment and
having the necessary skills. It may take a little longer but it is a good
idea to erase to DOD standards or better which most erase programs will
allow you to do. With XP Pro or Windows 2003 you can use cipher /w to do a
decent quick job of overwriting data. A sledge hammer and bucket of
sulphuric acid is probably the most secure solution for permanent
destruction of data but should not be attempted by amateurs. What I find
shocking is the lack of simple security procedures being used such as the
idiot that had a disk with sensitive data on all military retires at his
home unsecured with no encryption. --- Steve


"Doofus McFly" <DMcFly@aol.com> wrote in message
news:e5URTI1jGHA.1324@TK2MSFTNGP04.phx.gbl...

kony wrote:

The randomness isn't needed either. Zeros will do as well.

Steven L Umbach wrote:
If you read the documentation on how the SDelete utility from
Sysinternals works (same applies to the utility Eraser), then you might
understand that file system cache, harddrive cache, journaling (which is
common on NTFS) and data relocation pose a very real threat to such
simple methods, making them fail so blatantly when not carefully considered.

And even then you should be aware of bad sector relocations of your
harddrive. At least SCSI 2 always and SATA optionally, but not IDE
allows you to retrieve a list of bad sectors that are normally hidden
from the view. Still you won't be able to see their data content or to
overwrite them.

Sebastian Gottschalk wrote:
The randomness IS necessary. If the recovery specialist knows that the
data was zeroed, then he has a better chance of getting recoverable
data. The ones would make themselves known. But if the pattern is
random, the task becomes much harder.

paulmd@efn.org wrote:

The new data has no significant, if any influence on how its noise
cancels out rest signals of old data. Actually in modern harddisks
there's hardly any difference between zeros and ones without knowing the
context, doing a very careful signal estimation and utilizing a lot of
error correction codes - a short glimpse at the signal would essentially
show you no difference to a noisy sinus wave.

On Wed, 14 Jun 2006 07:47:45 +0200, Sebastian Gottschalk
<seppi@seppig.de> wrote:

No, 0 or 1 is only an absolute based on a threshold. If one
doesn't "round off" to a threshold but takes absolute values
the signature from a same-bit fill can distinguish the prior
data.

Now, if you were to continually overwrite the same areas,
over and over again with zeros, this would work better, but
not ideally, and why would one want to do that several more
times than it would take to write randomly? There would be
no reason to do it.

On Wed, 14 Jun 2006 10:05:30 +0200, Sebastian Gottschalk
<seppi@seppig.de> wrote:


We're not talking about a short glimpse, rather someone who
is experienced and _trying_ to recover the data with the
correct equipment.

kony wrote:

You may or may not notice that just signal evaluation in a normal read
process today is just about recover. If there were any significant
redundancies left, we'd exploit them to store more data.

kony wrote:

This is just bullshit argumentation.

As the rest signal is independent from the new data, there's essentially
no difference with what exactly you overwrite.

On Tue, 13 Jun 2006 22:06:43 -0500, "Steven L Umbach"
<n9rou@n0-spam-for-me-comcast.net> wrote:

I often hear of these excessive methods and just pass it off
as overkill but effective.

It isn't really effective at all. If one has done the
random-overwrite the data is already gone- end of story.
If one has not done the random overwrite and intends to
remove the drive for later destruction, it is only
subjecting the drive to more potential for it to fall into
the wrong hands, hands that would obviously be willing to go
to extremes to get it... if they're a problem making
ultimate destruction of data important in the first place.

Attended and immediate multiplass overwrite at the moment
the data is wished destroyed is the most safe method. Any
extra time spent physically destroying the medium is
probably better spent just standing around, watching those
around you for suspicious activity.

On Thu, 15 Jun 2006 02:04:17 +0200, Sebastian Gottschalk
<seppi@seppig.de> wrote:


In a cheap-to-make, mass produced drive this would be true.
In a spare-no-expense, recover-valuable-data scenerio, the
minor differences are what is important.

On Thu, 15 Jun 2006 02:06:09 +0200, Sebastian Gottschalk
<seppi@seppig.de> wrote:


Every single article on the subject disagrees with you.
Read a few.

kony wrote:
A very optimistic estimation gives that you can recover bits with a
median certainty of 50.4% correctly. And random overwrites don't change
anything about that,

kony wrote:

Strange enough Mr. Gutmanm fully agrees with me. I haven't found any
scientific article disagreeing. Can you point me to one?

On Thu, 15 Jun 2006 08:44:23 +0200, Sebastian Gottschalk
<seppi@seppig.de> wrote:

You don't bother to reference this "Gutmanm" and yet I am
supposed to find articles for you? It is well known, the
WHOLE PURPOSE of the random overwrite strategy used
countless times by anyone, anywhere (everywhere).

I suppose you mean Peter Gutman, but are you referring to
his work a decade ago (when HDD densities were a fraction of
what they are now) or something more recent? You need to
provide a specific quote, WITH the context, if you want to
claim Gutman is in agreement with what you claim TODAY...
because back then he was of the opinion that the goal was to
flip the bits back and forth unpredictably, in a random
pattern, not pseudo-random and NOT all zeros as you suggest.

kony wrote:

It is well known to the uninitiated, but not in any scientific context.

Read Gutman's article and try to understand the content. He told that
his ideas exactly apply to any modern drives and about any future drive
with the same technology, and that only special cases of old, really
low-density drives must be considered carefully.

No. He was the opinion that doing so is absolutely unnecessary and just
added for safety, which also applies to the large number of passes. Now
RTFA.

On Thu, 15 Jun 2006 13:20:04 GMT, Leythos <void@nowhere.lan>
wrote:


It is always the case that we are re-inventing the wheel it
seems. There has always been the acknowledgement that only
overwriting the same digit (0 or 1) leaves a remnant, the
signature of the prior bit. This has actually been shown
detectable. AFAIK, it has never been shown that any data
was recoverable after a very few passes of (true) random
write.

Can the DOD go overboard? Of course, who can't? Far easier
to suggest that someone else goes to extra trouble do to
the unknown... there was a time when sailors thought they
might sail off the edge of the earth too but later we
realized it was round, not flat.