Slashdot Mirror

← Back to Stories (view on slashdot.org)

Single Drive Wipe Protects Data

Posted by CmdrTaco on from the two-wipes-are-better-than-one dept.

ALF-nl writes "A forensics expert claims that wiping your hard drives with just one pass already makes it next to impossible to recover the data with an electron microscope." But that's not accounting for the super secret machines that the government has, man.

34 of 625 comments (clear)

  1. One wipe is not enough. by htnmmo · · Score: 5, Funny

    One wipe is never enough.

    Didn't your mommy teach you anything?

    Especially true after Taco Bell.

    1. Re:One wipe is not enough. by Gerzel · · Score: 5, Informative

      Evidence of what?

      You know it is often important to hide data that isn't involved with anything illegal. For example: Credit Card numbers, social security numbers and other personal information, trade secrets, personal journals and diaries that you don't want other people reading. There are many MANY reasons to want to wipe data that doesn't implicate you in a crime.

    2. Re:One wipe is not enough. by Anonymous Coward · · Score: 5, Interesting

      There are many MANY reasons to want to wipe data that doesn't implicate you in a crime.

      Hiding your data is important to prove your innocense (or support, at least). Imagine they "find" some data in your "possession" (officer swears the DVD of images was on your desk). Or your soon-to-be-ex left it to settle a bitter custody dispute. Now imagine every bit of your data is encrypted beyond their comprehension. Will a jury believe that you have everything - including your inane personal diary - encased beyond their reach but left super-incriminating evidence out in the open? Unless they can tie that DVD to you via a purchase, I think you have a good case. Imagine any other instance where someone wants to manipulate your data to their advantage. Like it or not, encryption/wiping/security is to prevent implications in crimes. This is true whether or not you have committed any.

  2. Why are we still discussing this?! by MartinG · · Score: 5, Insightful

    Just use encryption (of your whole drive or partition) and forget about wiping it.

    It's not that hard. For example, several modern Linux distros support encrypting your entire installation out of the box.

    --
    -- MartinG To mail me: echo kewyjlcxyzvjfxbqwh | tr bcefhjklqvwxyz .@adgimnoprstu
    1. Re:Why are we still discussing this?! by postbigbang · · Score: 5, Funny

      Sadly, it's best just to physically destroy the drive after use. I suggest a two-year old child just after its nap ought to do the trick.

      --
      ---- Teach Peace. It's Cheaper Than War.
    2. Re:Why are we still discussing this?! by dmdavis · · Score: 5, Insightful
      You encrypt it, and someone can still potentially get it, even if the probability is miniscule. Maybe the algorithm is discovered to be flawed, or they see you type your password, or they install a hardware key-logger, or while it would theoretically take thousands of years to brute force it, random chance has them guess the right sequence on the first try (it could happen). You wipe the data though, and there is no chance for anyone to get it.

      Encrypting it is definitely a good idea, but not as a replacement for wiping it.

    3. Re:Why are we still discussing this?! by Z00L00K · · Score: 5, Informative

      Add a wipe to the encryption and you may be safe.

      The old problem with multiple wipes depended on the fact that there were rather large tolerances, but modern drives are very close to limits caused by physics, which means that it's a lot harder to extract wiped data.

      If the data also was encrypted it will probably be impossible to re-create since there always is a level of loss even at recovery. For unencrypted data this may not be a big problem and it can be rectified by hand, but for encrypted data it will upset the whole packet that was encrypted.

      But in a majority of cases a single wipe will be sufficient when the hardware is sold as surplus, since it's not easy to track and find out if a certain drive contains anything of interest.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    4. Re:Why are we still discussing this?! by zappepcs · · Score: 5, Funny

      I dismantle mine and make those cool clocks out of them for xmas gifts. A couple have it where the platters are mounted on a spindle also over a mirror, and move counter-clockwise. So far, only two epileptics have succumbed to the effects.

      --
      Support NYCountryLawyer RIAA vs People
    5. Re:Why are we still discussing this?! by Hinhule · · Score: 5, Funny

      You sure dismantling two-year olds is entierly legal? Not to mention making clocks out of the remains.

    6. Re:Why are we still discussing this?! by jonadab · · Score: 5, Funny

      I prefer wiping the drive eleven times with cryptographically-sound random data, then grinding the entire computer to a fine talcum-powder consistency, mixing it thoroughly with twenty pounds of dry powdered cement, then stir in the water and gravel to make concrete. When it starts to get thick, start stirring in the ten pounds of small rare-earth magnets, one at a time. Let it set, then dip it repeatedly in molten steel. Finally, use a high-powered electromagnet to lift and drop the resulting brick into the hot part of an active volcano, then push the planet it's on into the nearest star.

      I suppose an attacker *might* not be able to recover the data if you skipped the last step, but why take chances?

      --
      Cut that out, or I will ship you to Norilsk in a box.
    7. Re:Why are we still discussing this?! by hack++slash · · Score: 5, Funny

      Your brother in law got wiped by a magnetic fish tank cleaner?

      --
      To do something right, you often have to roll up your sleeves and get busy.
    8. Re:Why are we still discussing this?! by bgerlich · · Score: 5, Funny

      Johnny "magnetic fish tank" Staccone, a cleaner for the Gambino family

  3. If it 'snot good enough for the feds... by davidwr · · Score: 5, Insightful

    1) next to impossible != impossible
    2) if the feds require multi-pass wipes for non-classified data and media destruction for classified data, why should I settle for anything less?

    OK, maybe this guy is right and maybe the feds are behind the times, but I'd like to see multiple independent studies come out and say this before I'm getting rid of my drive sanitizers. I mean, we all know what happens to societies when they get rid of their equipment sanitizers, don't we?

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    1. Re:If it 'snot good enough for the feds... by Talderas · · Score: 5, Insightful

      Unless you work for the government or military, no one would be interested enough in the data on your drives to go through the effort and cost of doing the forensic investigation to find out what was on your hard drive before the wipe.

      For those of you in Rio Linda, nobody cares about you, or your data, unless you work for the government or military.

      --
      "Lack of speed can be overcome. In the worst case by patience." --Znork
    2. Re:If it 'snot good enough for the feds... by Thaelon · · Score: 5, Insightful

      1) next to impossible != impossible
      2) if the feds require multi-pass wipes for non-classified data and media destruction for classified data, why should I settle for anything less?

      Because the government is rife with paranoid, bureaucratic nitwits with more motivation to be "safe" than is scientifically prudent, and far more motivation to further their own careers?

      And I add bureaucratic for very pointed reasons. In the beginning, suppose they had a competent CS guy deciding the policies for HD erasure, he probably figures a single zeroing is sufficient. And at the time (perhaps now too) he's correct. Then his successor wants to make in impression and put some bullet points on his resume, so he makes a big stink about "increasing security through a continuing commitment to data erasure" or some buzzword nonsense. Let's say this guy was a friend or relative of the previous guy - and not necessarily as competent. Now this did fuck all for actually making the data any harder to get at, but it furthered his career just a tiny bit. Now add 3-4 repetitions of this to the mix and you can see how the policies got to be so ridiculous. Now I am making all this up, but to me, this seems far more plausible than recovering overwritten data on a hard drive. How many times have you had trouble with your drive accidentally reading previous data from it? You know, with a drive head that was designed, redesigned, and improved over 50 years to read data from that disk.

      I don't get why people often think that the US government has super awesome technology that borders on magic in the field of computer science. In my experience they were 30+ years behind the times in some areas. Some better, some worse.

      The government is just made up of people. Like everyone else, so there's lots of human error. And since they get paid through taxes and don't have to worry about profits, they have little to no motivation to do a good job if their superior doesn't make them. It's why the government is into contracting these days, they get the job done quicker and better for less money because (in most cases) they have competition.

      --

      Question everything

    3. Re:If it 'snot good enough for the feds... by Anonymous Coward · · Score: 5, Funny

      > Anyone who posts on /. has, by definition, no data the NSA, KGB, Gestapo or any other such entity could possibly be interested in.

      I am Osama Bin Laden, you insensitive clCARRIER LOST

    4. Re:If it 'snot good enough for the feds... by Gordonjcp · · Score: 5, Informative

      There is *no* way to recover the data on a modern drive after a single wipe. It is actually impossible. It cannot be done.

      The reason is simple - although you may be able to detect a tiny tiny bit of data from the previous recording, you've no idea how strongly overwritten it is. Now, with old drives which used simple on/off pulses to write data to the disk, it would be possible to see if the bit you're looking at is a little higher or lower than it should be, and infer the previous value from that. Modern drives use a system similar to QAM - quadrature amplitude modulation - to pack more bits of data into each transition on the disk. Since the signal is essentially analogue, you'd need to know how badly degraded the print-through was. You can't do this, so you can't recover data after it's been overwritten even once.

  4. Data destruction advice of the week by sakdoctor · · Score: 5, Funny

    I thought a few weeks ago we were supposed to drill holes in the drive platters and fill the case with thermite, then drop the whole computer into the fires of mount doom.

    This week, a one pass wipe is enough.

    1. Re:Data destruction advice of the week by tuffy · · Score: 5, Insightful

      It's the difference between what slashdotters enjoy doing to old hard drives and what's actually required to securely destroy the data on them.

      --

      Ita erat quando hic adveni.

    2. Re:Data destruction advice of the week by necro81 · · Score: 5, Funny

      The thermite isn't necessary for wiping out your data, it's just there because it's freakin' AWESOME!

  5. Sure... by MyLongNickName · · Score: 5, Interesting

    That's what they WANT you to think.

    In all seriousness. If the government wants to get information, they are not going to the trouble of an electron microscope to look at your hard drive. I'm sure they have other methods of extracting the information they want. While this information (about how many wipes you need) is interesting from a theoretical point of view, it is useless from a practical one.

    --
    See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
  6. We need mythbusters! by dbIII · · Score: 5, Funny

    Myhtbusters need to look at this. Then they should do a wipe that would really suit their style - a shock wave through the drive will raise the temperature at the wave front above that where the material is magenetic (curie temperature). In other words - explosives!

    1. Re:We need mythbusters! by Drakkenmensch · · Score: 5, Funny
      *cue the super slow-motion shot of Buster holding a hard drive being blown up with a hundred pounds of C4, followed by Jamie picking up a blackened twisted shred of metal casing*

      "Well there's your problem!"

  7. Lies by Renderer+of+Evil · · Score: 5, Funny

    Last month my grandma asked for a new laptop and prior to putting her old HP on ebay I wiped it via Gutmann 35-Pass method, way above DoD and NATO standards, so her ultra-secret vanilla cake recipe could remain a household secret.

    1. Re:Lies by jimicus · · Score: 5, Funny

      Using a Gutmann 35-pass wipe is like cleaning your sink with bleach, shampoo, baby wipes, ammonia, laundry detergent, insecticide, paint remover, furniture polish, glass cleaner, body wash, whiteboard cleaner, and gasoline.

      Oh, so you've seen my sink?

  8. If you are able to do it by JeanBaptiste · · Score: 5, Interesting

    These guys will give you 500 bucks

    which is surely worth the time and effort involved in something like this.

  9. Re:Tag this "itsatrap" by IBBoard · · Score: 5, Informative

    That'd probably be this challenge from further up the page - $500 at the moment, and apparently three companies have turned it down after the dd command was mentioned because they 'know' it isn't possible.

  10. origin of urban myth by e**(i+pi)-1 · · Score: 5, Informative

    The source of the claim seems Gutmann's 1996 article: http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/index.html where he says: "Data overwritten once or twice may be recovered by subtracting what is expected to be read from a storage location from what is actually read. Data which is overwritten an arbitrarily large number of times can still be recovered provided that the new data isn't written to the same location as the original data (for magnetic media), or that the recovery attempt is carried out fairly soon after the new data was written (for RAM)." It was challenged already in 2003 http://www.nber.org/sys-admin/overwritten-data-guttman.html where Feenberg writes: "Surveying all the references, I conclude that Gutmann's claim belongs in the category of urban legend." As usual, this story shows that individual claims have to be checked by independent parties. Even the claim that it can not be done.

  11. Learned it on "Red Dwarf" by Anonymous Coward · · Score: 5, Funny

    "One up, one down, one to polish."

    Dave Lister

  12. *shakes his head* by Notabadguy · · Score: 5, Interesting

    I can't help but sit here shaking my head in some disbelief at the comments I've read on this thread. Slashdotters are a technologically savvy community for the most part, and I lost track of the number of times that I saw something to the effect of "The government probably has means/software/tools/hacks to get your info."

    Now, I've done extensive work *for* the government in the realm of computer forensics, which is as far as I'll elaborate, and the tools we use are commercially available. Were anyone so inclined, you could even attend or get notes on FBI or DoD taught digital forensics classes.

    There's nothing wrong with some good old fashioned suspicion or conspiracy theory, but the *one* area that slashdotters should be mostly competent and knowledgeable on has more of those wild ideas than anywhere else.

  13. Conflict of interests in article by xant · · Score: 5, Insightful

    The guy's a forensics expert. Of course he's going to tell you one wipe is enough. If you do more than that, he might be out of a job.

    I'm surprised he didn't say "It's cool man, just write 'DELETED' in sharpie on the case and your drive will never function again. *snicker*"

    --
    It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
  14. My wipe is better :-) by BrokenHalo · · Score: 5, Interesting

    I used to be a blacksmith, and I still have a nice little power-hammer in my workshop that delivers the clout of a 500 lb sledgehammer. I would be willing to bet that my way of disposing of my old disk drives, which involves heating it to about 800 degrees C in my forge and giving it a few taps with that mother would defeat the most earnest efforts of the NSA, since the drive comes out about the thickness of tin-foil.

    Disclaimer:
    The NSA has no jurisdiction here in Australia, (yet) and...
    They would probably be bored by the contents of my drives anyway, and...
    Yes, I am aware that that temperature will demagnetise the platters, but...
    It's good fun to do anyway: shiny hot things and lots of noise. :-)

    1. Re:My wipe is better :-) by Baton+Rogue · · Score: 5, Funny

      I used to be a blacksmith too, but then I switched to jewelcrafting.

    2. Re:My wipe is better :-) by lenester · · Score: 5, Funny

      Ehh, JC's good for the cash, but engineering is the best way to carry a joke too far.