Slashdot Mirror
Single Drive Wipe Protects Data
ALF-nl writes "A forensics expert claims that wiping your hard drives with just one pass already makes it next to impossible to recover the data with an electron microscope." But that's not accounting for the super secret machines that the government has, man.
Add a wipe to the encryption and you may be safe.
The old problem with multiple wipes depended on the fact that there were rather large tolerances, but modern drives are very close to limits caused by physics, which means that it's a lot harder to extract wiped data.
If the data also was encrypted it will probably be impossible to re-create since there always is a level of loss even at recovery. For unencrypted data this may not be a big problem and it can be rectified by hand, but for encrypted data it will upset the whole packet that was encrypted.
But in a majority of cases a single wipe will be sufficient when the hardware is sold as surplus, since it's not easy to track and find out if a certain drive contains anything of interest.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
That'd probably be this challenge from further up the page - $500 at the moment, and apparently three companies have turned it down after the dd command was mentioned because they 'know' it isn't possible.
The source of the claim seems Gutmann's 1996 article: http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/index.html where he says: "Data overwritten once or twice may be recovered by subtracting what is expected to be read from a storage location from what is actually read. Data which is overwritten an arbitrarily large number of times can still be recovered provided that the new data isn't written to the same location as the original data (for magnetic media), or that the recovery attempt is carried out fairly soon after the new data was written (for RAM)." It was challenged already in 2003 http://www.nber.org/sys-admin/overwritten-data-guttman.html where Feenberg writes: "Surveying all the references, I conclude that Gutmann's claim belongs in the category of urban legend." As usual, this story shows that individual claims have to be checked by independent parties. Even the claim that it can not be done.
There is *no* way to recover the data on a modern drive after a single wipe. It is actually impossible. It cannot be done.
The reason is simple - although you may be able to detect a tiny tiny bit of data from the previous recording, you've no idea how strongly overwritten it is. Now, with old drives which used simple on/off pulses to write data to the disk, it would be possible to see if the bit you're looking at is a little higher or lower than it should be, and infer the previous value from that. Modern drives use a system similar to QAM - quadrature amplitude modulation - to pack more bits of data into each transition on the disk. Since the signal is essentially analogue, you'd need to know how badly degraded the print-through was. You can't do this, so you can't recover data after it's been overwritten even once.
Evidence of what?
You know it is often important to hide data that isn't involved with anything illegal. For example: Credit Card numbers, social security numbers and other personal information, trade secrets, personal journals and diaries that you don't want other people reading. There are many MANY reasons to want to wipe data that doesn't implicate you in a crime.