Slashdot Mirror

← Back to Stories (view on slashdot.org)

Single Drive Wipe Protects Data

Posted by CmdrTaco on from the two-wipes-are-better-than-one dept.

ALF-nl writes "A forensics expert claims that wiping your hard drives with just one pass already makes it next to impossible to recover the data with an electron microscope." But that's not accounting for the super secret machines that the government has, man.

18 of 625 comments (clear)

  1. Sure... by MyLongNickName · · Score: 5, Interesting

    That's what they WANT you to think.

    In all seriousness. If the government wants to get information, they are not going to the trouble of an electron microscope to look at your hard drive. I'm sure they have other methods of extracting the information they want. While this information (about how many wipes you need) is interesting from a theoretical point of view, it is useless from a practical one.

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  2. some subject by Zironic · · Score: 4, Interesting

    I thought this would be fairly obvious from the fact there doesn't exist any recovery services that will recover zerod out data for you, at most they can usually try to recover data that has been deleted(forgotten) by the operating system.

    1. Re:some subject by rolfwind · · Score: 2, Interesting

      It relies on the fact that the delete portion of the trash doesn't actually touch the disk so much as it tells the computer those areas of disk are free to be used. I heard that Windows tends not to touch those regions for a while while Linux usually makes use of those first. But I don't remember if the issue was FAT/NTFS vs ext2/3 specific.

  3. Pre-scrambling drive by davidwr · · Score: 4, Interesting

    It says data written to a pristine drive is much easier to access.

    If drive-manufacturers wrote random data to their drives 2 or 3 times before shipping, I wonder if this would help?

    Combine this with OS-level "overwrite with random after delete" or, to allow for "oopsies," delayed-overwrite after delete but before next use, the problem of "ghost data" in unallocated drive space could mostly disappear.

    Of course, there are other issues, like data internal to a file that is no longer current, data in paged-memory files, and data on backup media, but that's outside the scope of the "I deleted the file, it should be gone but it's not" problem.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  4. If you are able to do it by JeanBaptiste · · Score: 5, Interesting

    These guys will give you 500 bucks

    which is surely worth the time and effort involved in something like this.

  5. What's it worth? by egcagrac0 · · Score: 2, Interesting

    What's it worth to you to have the data not be recovered? That's the real question here.

    If a static pattern wipe will take about an hour and a half, and that's "good enough", great. If you're willing to invest a few days in running dban on the thing, that's better.

    If you're willing to pull out a welding torch and reduce the drive to a smoking ingot, well, you're just about paranoid enough.

    It's two parallel questions, really:
    -what is the data worth to you?
    -what is it worth to you to keep anyone else from getting the data?

  6. Re:Why are we still discussing this?! by itsme1234 · · Score: 2, Interesting

    while it would theoretically take thousands of years to brute force it, random chance has them guess the right sequence on the first try (it could happen). You wipe the data though, and there is no chance for anyone to get it.

    If we are to totally forget the order of magnitude needed for random chance to guess the key at first try then we can say that by chance "they" could actually guess your data at first try! Even if you wipe the data! Even if you vaporize your hdd!

  7. Re:Why are we still discussing this?! by Kr3m3Puff · · Score: 2, Interesting

    Just to point out that we have to be abrest of the limitations of our chosen encryption scheme. Several of the IT Foresincs have started to exploit some the weaknesses that, while they may not be able to de-code infromation, might be able to identify that encrypted information is there and even what type of infromation might be encrypted.

    Legally, in some places, like the UK, you do not have the legal option to not disclose your encryption keys. Your only hope of keeping the government out of your pants is plausable deniability, which can be totally ruined if they can prove that you aren't fully disclosing your information. Also, if a non-government agency thinks you are hiding something, they don't just throw you in jail...

    --
    D.O.U.O.S.V.A.V.V.M.
  8. RoHS has fixed this problem for us. by geekmux · · Score: 3, Interesting

    I work for an electronics manufacturing company, and with damn near every consumer device "going green" and being RoHS-compliant, we won't have to worry about long-term storage anyway. Things like tin whiskering will ensure that your data will be wiped for you after a few years of use due to malfunction. After that, nothing a sandblaster or a few high-powered rifle rounds can't ensure that it's completely wiped.

    1. Re:RoHS has fixed this problem for us. by delirium+of+disorder · · Score: 4, Interesting

      I've worked in the electronics industry too. You might get tin whiskers if you use an immersion tin finish on the board and a tin solder for the assembly, but you don't need to do that to get a RoHS compliant product. There are immersion gold, immersion silver, and other leadfree solder finishes available. Modern leadfree solder alloys don't have the same kind of problems with tin whiskers as earlier ones. Reflow heating should be preformed as well. Effective conformal coating can also reduce the risk of whisker growth. Another issue is that many vendors lie or don't properly track how their components are made. Don't trust the sales people! Test your parts yourself to make sure that they comply with the specs that you ordered.

      I support the adoption of RoHS in the USA because I've seen how corporations ignore the safety of their employees and customers with regard to hazardous materials such as lead. Strong democratic unions could be used to keep companies honest, but currently American unions tend to be too corrupt and weak to be able to change the industry.

      --
      ------ Take away the right to say fuck and you take away the right to say fuck the government.
  9. Re:Why are we still discussing this?! by rendermaniac · · Score: 4, Interesting

    Or a magnetic fish tank cleaner (true story - happened to my brother in law).

  10. *shakes his head* by Notabadguy · · Score: 5, Interesting

    I can't help but sit here shaking my head in some disbelief at the comments I've read on this thread. Slashdotters are a technologically savvy community for the most part, and I lost track of the number of times that I saw something to the effect of "The government probably has means/software/tools/hacks to get your info."

    Now, I've done extensive work *for* the government in the realm of computer forensics, which is as far as I'll elaborate, and the tools we use are commercially available. Were anyone so inclined, you could even attend or get notes on FBI or DoD taught digital forensics classes.

    There's nothing wrong with some good old fashioned suspicion or conspiracy theory, but the *one* area that slashdotters should be mostly competent and knowledgeable on has more of those wild ideas than anywhere else.

  11. Methology, do you know it? by imsabbel · · Score: 2, Interesting

    His chance of retrieval was trivially above the random 50%.
    You just could guess _any_ content with the same probability.

    --
    HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
  12. My wipe is better :-) by BrokenHalo · · Score: 5, Interesting

    I used to be a blacksmith, and I still have a nice little power-hammer in my workshop that delivers the clout of a 500 lb sledgehammer. I would be willing to bet that my way of disposing of my old disk drives, which involves heating it to about 800 degrees C in my forge and giving it a few taps with that mother would defeat the most earnest efforts of the NSA, since the drive comes out about the thickness of tin-foil.

    Disclaimer:
    The NSA has no jurisdiction here in Australia, (yet) and...
    They would probably be bored by the contents of my drives anyway, and...
    Yes, I am aware that that temperature will demagnetise the platters, but...
    It's good fun to do anyway: shiny hot things and lots of noise. :-)

    1. Re:My wipe is better :-) by CthulhuDreamer · · Score: 4, Interesting

      I was the sole IT guy at my last place, a financial institution that went through a large amount of defective and obsolete hard drives. Not wanting to spend the time erasing the drives, I would just take them out back and hit it with a sledge a couple times until the platters exploded.

      As a financial institution, we were subject to frequent audits, one of which dealt with our data destruction methods. I described our "process" to an auditor once, he laughed and asked what our real process was. Still not believing me, he brought up the same question to one of our VPs. Her straight-faced answer: "Ive seen him out in the parking lot with a sledgehammer a few time, I always wondered what he was using it on."

      The next year, they sent a different auditor.

  13. Re:One wipe is not enough. by Anonymous Coward · · Score: 5, Interesting

    There are many MANY reasons to want to wipe data that doesn't implicate you in a crime.

    Hiding your data is important to prove your innocense (or support, at least). Imagine they "find" some data in your "possession" (officer swears the DVD of images was on your desk). Or your soon-to-be-ex left it to settle a bitter custody dispute. Now imagine every bit of your data is encrypted beyond their comprehension. Will a jury believe that you have everything - including your inane personal diary - encased beyond their reach but left super-incriminating evidence out in the open? Unless they can tie that DVD to you via a purchase, I think you have a good case. Imagine any other instance where someone wants to manipulate your data to their advantage. Like it or not, encryption/wiping/security is to prevent implications in crimes. This is true whether or not you have committed any.

  14. Re:If it 'snot good enough for the feds... by Lars+T. · · Score: 3, Interesting

    You are overstating the case. In many instances one can make good guesses at how strongly overwritten it was. This works particularly well if the data being recovered is in some well understood format where one can look for markers. Say is there a sequence of 000s which act as a header? do we expect to see the sequence CR LF every so often?

    http://www.heise-online.co.uk/security/Secure-deletion-a-single-overwrite-will-do-it--/news/112432

    They concluded that, after a single overwrite of the data on a drive, whether it be an old 1-gigabyte disk or a current model (at the time of the study), the likelihood of still being able to reconstruct anything is practically zero. Well, OK, not quite: a single bit whose precise location is known can in fact be correctly reconstructed with 56 per cent probability (in one of the quoted examples). To recover a byte, however, correct head positioning would have to be precisely repeated eight times, and the probability of that is only 0.97 per cent. Recovering anything beyond a single byte is even less likely."

    --

    Lars T.

    To the guy who modded me down from perfect to terrible Karma - Apple haters still suck

  15. Re:I'd start with... by dreddnott · · Score: 2, Interesting

    That whole "reading between the tracks" thing hasn't been true since hard drive head actuators were powered by stepper motors (over 20 years ago). Voice coil head actuators are precise enough to eliminate this concern entirely.

    --
    I may make you feel, but I can't make you think.