Sign in with
Sign up | Sign in
Your question

erasing disk securely

Last response: in Storage
Share
Anonymous
a b G Storage
May 4, 2004 5:40:50 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

If I format a normal IDE drive using Windows XP NTFS (long) format,
what would be the odds of recovering pieces of important, tagged data
such as a password file? If the odds are better than 0%, then what
would be the cost of recovery? I just need to know if it's beyond the
range of the average hacker who buys a used hard drive from a known
HVT (high value target) specifically to recover important passwords.
I know there are lots of tools for "secure" erasing a drive, but I
want to know how much advantage they give over an ordinary NTFS long
format.

More about : erasing disk securely

Anonymous
a b G Storage
May 4, 2004 6:29:15 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

On Tue, 04 May 2004 13:40:50 GMT, Shailesh Humbad <s@mailpass.com>
wrote:

>If I format a normal IDE drive using Windows XP NTFS (long) format,
>what would be the odds of recovering pieces of important, tagged data
>such as a password file?

100 per cent.

>If the odds are better than 0%, then what
>would be the cost of recovery?

0

>I just need to know if it's beyond the
>range of the average hacker who buys a used hard drive from a known
>HVT (high value target) specifically to recover important passwords.
>I know there are lots of tools for "secure" erasing a drive, but I
>want to know how much advantage they give over an ordinary NTFS long
>format.

--
Svend Olaf
May 4, 2004 8:02:31 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

A long NTFS format will mark the beginning of each file with a '?' and
remove its entry from the File Allocation Table. When windows comes across a
sector with this '?' on it, it knows it can overwrite this sector. Until
this happens, the data is still there.

A secure wipe will overwrite all sectors with 0's or 1's. This will replace
all previous data so it cant be recovered

"Svend Olaf Mikkelsen" <svolaf@inet.uni2.dk> wrote in message
news:4097a87e.19229614@dtext.news.tele.dk...
> On Tue, 04 May 2004 13:40:50 GMT, Shailesh Humbad <s@mailpass.com>
> wrote:
>
> >If I format a normal IDE drive using Windows XP NTFS (long) format,
> >what would be the odds of recovering pieces of important, tagged data
> >such as a password file?
>
> 100 per cent.
>
> >If the odds are better than 0%, then what
> >would be the cost of recovery?
>
> 0
>
> >I just need to know if it's beyond the
> >range of the average hacker who buys a used hard drive from a known
> >HVT (high value target) specifically to recover important passwords.
> >I know there are lots of tools for "secure" erasing a drive, but I
> >want to know how much advantage they give over an ordinary NTFS long
> >format.
>
> --
> Svend Olaf
Related resources
Anonymous
a b G Storage
May 4, 2004 8:02:32 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

An NTFS format does no such thing.

"--" <tiktaq@hotmail.com> wrote in message
news:c78eqn$mr6$1@titan.btinternet.com...
> A long NTFS format will mark the beginning of each file with a '?' and
> remove its entry from the File Allocation Table. When windows comes across a
> sector with this '?' on it, it knows it can overwrite this sector. Until
> this happens, the data is still there.
>
Anonymous
a b G Storage
May 4, 2004 8:11:35 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Do a google groups search for "german magazine data recovery". You may hear
stories about how data is always recoverable, but just try to find a company
that can perform this feat, at any price. I think there are a lot of tall
tales floating around concerning data recovery.

It is widely accepted that by simply overwriting your original data with new
data, 1 single time, is enough to keep the original data from ever being
recovered. See here:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=U...

--Dan

"Shailesh Humbad" <s@mailpass.com> wrote in message
news:C3Nlc.63914$Vp5.49580@fe2.columbus.rr.com...
> If I format a normal IDE drive using Windows XP NTFS (long) format,
> what would be the odds of recovering pieces of important, tagged data
> such as a password file? If the odds are better than 0%, then what
> would be the cost of recovery? I just need to know if it's beyond the
> range of the average hacker who buys a used hard drive from a known
> HVT (high value target) specifically to recover important passwords.
> I know there are lots of tools for "secure" erasing a drive, but I
> want to know how much advantage they give over an ordinary NTFS long
> format.
Anonymous
a b G Storage
May 4, 2004 8:59:32 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Previously Eric Gisin <ericgisin@graffiti.net> wrote:
> An NTFS format does no such thing.

> "--" <tiktaq@hotmail.com> wrote in message
> news:c78eqn$mr6$1@titan.btinternet.com...
>> A long NTFS format will mark the beginning of each file with a '?' and
>> remove its entry from the File Allocation Table. When windows comes across a
>> sector with this '?' on it, it knows it can overwrite this sector. Until
>> this happens, the data is still there.
>>

Would be pretty funny, if the data in the sector itself told
the OS whether the sector was free. Beware the files that are
all "?"!

Instead that is a method of marking directory entries as unused.

Arno
--
For email address: lastname AT tik DOT ee DOT ethz DOT ch
GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
"The more corrupt the state, the more numerous the laws" - Tacitus
Anonymous
a b G Storage
May 4, 2004 11:14:49 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

dg wrote:
> Do a google groups search for "german magazine data recovery". You may hear
> stories about how data is always recoverable, but just try to find a company
> that can perform this feat, at any price. I think there are a lot of tall
> tales floating around concerning data recovery.
>
> It is widely accepted that by simply overwriting your original data with new
> data, 1 single time, is enough to keep the original data from ever being
> recovered. See here:
> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=U...
>
> --Dan
One of my clients is a physician, and he called me to ask for my
opinion on a debate he was having with his wife. They are giving away
some of their old PCs, and he was saying he could just format the XP
partition and sell it, whereas his wife was disagreeing. The drives
may contain financial passwords and other personal information.

There doesn't seem to be much easily accessible and reliable
information on this topic. The software vendors want to sell their
software, so they only hawk the security of their methodology. No one
seems to have any clue as to what are the actual costs and
probabilities involved in recovery.

Anyway, as you (Dan) suggest, I am going to advise them to do a single
pass over-write of the entire drive. I know that, at the very least,
no software-only solution will be able to recover from this. Once the
data is overwritten with zeros, recovering it again probably requires
highly specialized and ridiculously expensive hardware. If
overwritten once with random data, then it is probably totally
impossible. What is the point of making multiple passes I have no
idea, although most software offers this option. Just to waste time I
guess.
Anonymous
a b G Storage
May 4, 2004 11:14:50 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Shailesh Humbad wrote:

> dg wrote:
>> Do a google groups search for "german magazine data recovery". You may
>> hear stories about how data is always recoverable, but just try to find a
>> company
>> that can perform this feat, at any price. I think there are a lot of
>> tall tales floating around concerning data recovery.
>>
>> It is widely accepted that by simply overwriting your original data with
>> new data, 1 single time, is enough to keep the original data from ever
>> being
>> recovered. See here:
>>
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=U...
241o56r1%241%40ID-2964.news.dfncis.de&rnum=1&prev=/groups%3Fas_q%3Dgerman
2520magazine%2520data%2520recovery%26safe%3Dimages%26ie%3DUTF-8%26oe
3DUTF-8%26lr%3D%26hl%3Den
>>
>> --Dan
> One of my clients is a physician, and he called me to ask for my
> opinion on a debate he was having with his wife. They are giving away
> some of their old PCs, and he was saying he could just format the XP
> partition and sell it, whereas his wife was disagreeing. The drives
> may contain financial passwords and other personal information.
>
> There doesn't seem to be much easily accessible and reliable
> information on this topic. The software vendors want to sell their
> software, so they only hawk the security of their methodology. No one
> seems to have any clue as to what are the actual costs and
> probabilities involved in recovery.
>
> Anyway, as you (Dan) suggest, I am going to advise them to do a single
> pass over-write of the entire drive. I know that, at the very least,
> no software-only solution will be able to recover from this. Once the
> data is overwritten with zeros, recovering it again probably requires
> highly specialized and ridiculously expensive hardware. If
> overwritten once with random data, then it is probably totally
> impossible. What is the point of making multiple passes I have no
> idea, although most software offers this option. Just to waste time I
> guess.

There is a specific government requirement for the procedure to be used to
erase classified information, that involves multiple passes. That's why
it's there in the software, with options in case (a) that changes, or (b)
it's being used somewhere where the Powers That Be require different
procedure.

How secure you need to be depends on how valuable the data is and to whom it
is valuable--if it's really, really valuable to a First World government
then the only _sure_ bet is to melt the drive down or grind it to chips.

Don't assume that the commercial data recovery services define the state of
the art--it's not cost effective to go after a drive with electron
microprobes and scanning tunnelling microscopes to recover commercial
data--any organization large enough to have data that valuable will have it
backed up, RAIDed, off-site archived, server-mirrored, hot-sited, and
anything else you can think of--the people who need the data recovery
services are the small shops that haven't yet learned that it's cheaper to
protect than to recover and the occasional midsize outfit that has run into
a disaster beyond what they planned for. Consider the amount that such a
business can spend on the recovery, then consider the resources brought to
bear if George Bush says to the Director of the NSA "get the data and hang
the expense". But the likelihood of that sort of resource being brought to
bear on your client, unless he turns out to be a spy, major crime figure,
or international terrorist, is vanishingly small.


--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)
Anonymous
a b G Storage
May 5, 2004 1:03:08 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

"Shailesh Humbad" <s@mailpass.com> wrote in message
news:C3Nlc.63914$Vp5.49580@fe2.columbus.rr.com...
> If I format a normal IDE drive using Windows XP NTFS (long) format,
> what would be the odds of recovering pieces of important, tagged data
> such as a password file? If the odds are better than 0%, then what
> would be the cost of recovery? I just need to know if it's beyond the
> range of the average hacker who buys a used hard drive from a known
> HVT (high value target) specifically to recover important passwords.
> I know there are lots of tools for "secure" erasing a drive, but I
> want to know how much advantage they give over an ordinary NTFS long
> format.

One has to use a disk wipe program or a disk diagnostic to write the whole
disk surface. That technique will clear everything that an average hacker
could ever recover but will not always clear everything a sophisticated
hacker might be able to recover. The data in flawed sectors may still have
some useful data in it and the sophisticated might be able to get that. The
odds of there be anything useful there are low.

Very sophisticated techniques(national technical means and not simple data
recovery services) may be able to recover data that has been over wriiten.
But not data overwritten(erased) as many times as Rosemary Woods did it<g>.
Anonymous
a b G Storage
May 5, 2004 4:03:32 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Shailesh Humbad <s@mailpass.com> wrote:
>
> One of my clients is a physician, and he called me to ask for
> my opinion on a debate he was having with his wife. They are
> giving away some of their old PCs, and he was saying he could
> just format the XP partition and sell it, whereas his wife was
> disagreeing. The drives may contain financial passwords and
> other personal information.
>
> There doesn't seem to be much easily accessible and reliable
> information on this topic. The software vendors want to sell
> their software, so they only hawk the security of their
> methodology. No one seems to have any clue as to what are the
> actual costs and probabilities involved in recovery.
>
> Anyway, as you (Dan) suggest, I am going to advise them to do
> a single pass over-write of the entire drive. I know that, at
> the very least, no software-only solution will be able to
> recover from this. Once the data is overwritten with zeros,
> recovering it again probably requires highly specialized and
> ridiculously expensive hardware. If overwritten once with
> random data, then it is probably totally impossible. What is
> the point of making multiple passes I have no idea, although
> most software offers this option. Just to waste time I guess.


I think it is all to do with what is called magnetic shadow data.
People like Peter Gutman (who signs himself on his website as a
Professional paranoid) suggest that a properly secure way of
erasing data from hard drives is to write to them with randon data
as many as 35 times.

http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.h...

Quote:
"Data overwritten once or twice may be recovered by
subtracting what is expected to be read from a storage location
from what is actually read. Data which is overwritten an
arbitrarily large number of times can still be recovered provided
that the new data isn't written to the same location as the
original data (for magnetic media), or that the recovery attempt is
carried out fairly soon after the new data was written (for RAM).
For this reason it is effectively impossible to sanitise storage
locations by simple overwriting them, no matter how many overwrite
passes are made or what data patterns are written. However by
using the relatively simple methods presented in this paper the
task of an attacker can be made significantly more difficult, if
not prohibitively expensive." [UNQUOTE]

There is software available which claims to work to Gutman's
recommendations such as apm-Schredder (sic). Others are not sure
that Gutman's method works well:

Quote:
"Peter Gutman of the University of Auckland speculated ...
that overwriting a drive 35 times with varying hexadecimal values
may force the write head to vary magnetic effect on the iron oxide
particles to such an extent as to remove the shadow data. Still,
there is no guarantee that software solutions will effectively wipe
out all this information because the process relies on the drive's
controller, which is not suited for this purpose." [UNQUOTE]

http://www.forensics-intl.com/art15.html
Anonymous
a b G Storage
May 5, 2004 6:44:46 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Previously Shailesh Humbad <s@mailpass.com> wrote:
> dg wrote:
>> Do a google groups search for "german magazine data recovery". You may hear
>> stories about how data is always recoverable, but just try to find a company
>> that can perform this feat, at any price. I think there are a lot of tall
>> tales floating around concerning data recovery.
>>
>> It is widely accepted that by simply overwriting your original data with new
>> data, 1 single time, is enough to keep the original data from ever being
>> recovered. See here:
>> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=U...
>>
>> --Dan
> One of my clients is a physician, and he called me to ask for my
> opinion on a debate he was having with his wife. They are giving away
> some of their old PCs, and he was saying he could just format the XP
> partition and sell it, whereas his wife was disagreeing. The drives
> may contain financial passwords and other personal information.

> There doesn't seem to be much easily accessible and reliable
> information on this topic. The software vendors want to sell their
> software, so they only hawk the security of their methodology. No one
> seems to have any clue as to what are the actual costs and
> probabilities involved in recovery.

> Anyway, as you (Dan) suggest, I am going to advise them to do a single
> pass over-write of the entire drive. I know that, at the very least,
> no software-only solution will be able to recover from this. Once the
> data is overwritten with zeros, recovering it again probably requires
> highly specialized and ridiculously expensive hardware. If
> overwritten once with random data, then it is probably totally
> impossible. What is the point of making multiple passes I have no
> idea, although most software offers this option. Just to waste time I
> guess.

Not in all cases. E.g. for floppies you need multiple overwrites. The
critical characteristic of the medium is how far the used capacity
approaches the maximum possible capacity (as derived from s/n ratio
and minimal track size). A standard floppy can store a lot more than
the 2MB (unformatted) it is normally used at. A HDD cannot. The thing
is that in order for data that was overwritten to be recoverable at
all, the medium must be able to hold both old and new data. (Even if
the hdd can only read the new data, the old one must actually be
present.). I suspect that with modern HDDs this is impossible, since
they are close to the media limit in normal operation, i.e. an
overwriten signal vanisches in the medium noise.

I believe the reason for multiple overwrites is that older HDDs
actually did not manage to get close to the medium limit and
recovery from one or even more overwrites was possible then.
The problem was mostly that HDD head technology was behind what
the used hdd platter coating could do. It is not anymore.

Additional fact: The german computer magazine c't tried some
time ago to get a file recoverd that was overwritten once on a
modern HDD. All commercial data recovery companies asked said
they could not do this.

And a comment on the long format: Without being rally sure it
overwrites all, it is unusable. Thet is the real problem: You
actually do not know what it does in detail.

Arno

--
For email address: lastname AT tik DOT ee DOT ethz DOT ch
GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
"The more corrupt the state, the more numerous the laws" - Tacitus
Anonymous
a b G Storage
May 5, 2004 8:52:07 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

The current counter argument to these articles is that they are nowhere near
as sloppy today, compared to 1996 article, when it comes to wasted space on
a hard drive platter now. The data density is so much greater that these
concepts no longer hold true. The theory that is, im not saying that the
articles arent true.

--Dan

"Mark M" <MarkM_csiphsCANT_RECEIVE_MAIL@yahoo.co.uk> wrote in message
news:Xns94E099810473A75@64.62.191.85...
> Shailesh Humbad <s@mailpass.com> wrote:
> >
> > One of my clients is a physician, and he called me to ask for
> > my opinion on a debate he was having with his wife. They are
> > giving away some of their old PCs, and he was saying he could
> > just format the XP partition and sell it, whereas his wife was
> > disagreeing. The drives may contain financial passwords and
> > other personal information.
> >
> > There doesn't seem to be much easily accessible and reliable
> > information on this topic. The software vendors want to sell
> > their software, so they only hawk the security of their
> > methodology. No one seems to have any clue as to what are the
> > actual costs and probabilities involved in recovery.
> >
> > Anyway, as you (Dan) suggest, I am going to advise them to do
> > a single pass over-write of the entire drive. I know that, at
> > the very least, no software-only solution will be able to
> > recover from this. Once the data is overwritten with zeros,
> > recovering it again probably requires highly specialized and
> > ridiculously expensive hardware. If overwritten once with
> > random data, then it is probably totally impossible. What is
> > the point of making multiple passes I have no idea, although
> > most software offers this option. Just to waste time I guess.
>
>
> I think it is all to do with what is called magnetic shadow data.
> People like Peter Gutman (who signs himself on his website as a
> Professional paranoid) suggest that a properly secure way of
> erasing data from hard drives is to write to them with randon data
> as many as 35 times.
>
> http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.h...
>
>
Quote:
"Data overwritten once or twice may be recovered by
> subtracting what is expected to be read from a storage location
> from what is actually read. Data which is overwritten an
> arbitrarily large number of times can still be recovered provided
> that the new data isn't written to the same location as the
> original data (for magnetic media), or that the recovery attempt is
> carried out fairly soon after the new data was written (for RAM).
> For this reason it is effectively impossible to sanitise storage
> locations by simple overwriting them, no matter how many overwrite
> passes are made or what data patterns are written. However by
> using the relatively simple methods presented in this paper the
> task of an attacker can be made significantly more difficult, if
> not prohibitively expensive." [UNQUOTE]
>
> There is software available which claims to work to Gutman's
> recommendations such as apm-Schredder (sic). Others are not sure
> that Gutman's method works well:
>
>
Quote:
"Peter Gutman of the University of Auckland speculated ...
> that overwriting a drive 35 times with varying hexadecimal values
> may force the write head to vary magnetic effect on the iron oxide
> particles to such an extent as to remove the shadow data. Still,
> there is no guarantee that software solutions will effectively wipe
> out all this information because the process relies on the drive's
> controller, which is not suited for this purpose." [UNQUOTE]
>
> http://www.forensics-intl.com/art15.html
Anonymous
a b G Storage
May 5, 2004 1:19:06 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Mark M <MarkM_csiphsCANT_RECEIVE_MAIL@yahoo.co.uk> wrote:

>Data which is overwritten an
>arbitrarily large number of times can still be recovered

Nonsense.
Anonymous
a b G Storage
May 5, 2004 1:47:37 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

"Ron Reaugh" <ron-reaugh@att.net> wrote:

>Very sophisticated techniques(national technical means and not simple data
>recovery services) may be able to recover data that has been over wriiten.
>But not data overwritten(erased) as many times as Rosemary Woods did it<g>.

Did you ever change your opinion on the last few generations of IBM
harddrive, Ron? You used to be quite an ardent supporter of IBM, if I
recall correctly...
Anonymous
a b G Storage
May 6, 2004 2:55:01 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Previously chrisv <chrisv@nospam.invalid> wrote:
> Mark M <MarkM_csiphsCANT_RECEIVE_MAIL@yahoo.co.uk> wrote:

>>Data which is overwritten an
>>arbitrarily large number of times can still be recovered

> Nonsense.

Indeed. There is a base-level of noise on any magnetic madium. As
soon as a signal has been weakened enough to be somewhat below this
noise level, it is just not there anymore in the stong (mathematical)
sense. A loose upper bound can be found with Shanon's channel
chapacity, since a moving magnetic media can be regarded as a channel:

http://www.sciencedaily.com/encyclopedia/shannon_limit

Bandwidth has to be derived from closest bit-distance and medium
speed. S/N-ratio is what the best theoretical reading head could do.

In order to recover one overwriting, the medium has to have enough
bandwidth to store the overwritten signal and the overwriting
signal. If it does not have that, there is no way for both sets of
data to be on the medium.

One aspect that makes things a little fuzzy is that this limit
actually applies after data compression. So in theory overwriting with
badly compressable true randomness is more secure than overwriting
with zeros. In practice older signals will just be to weak to be seen
in the background noise. HDD heads, modulation and electonics are very
close to the medium limit today. That was not allways the case.

Arno
--
For email address: lastname AT tik DOT ee DOT ethz DOT ch
GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
"The more corrupt the state, the more numerous the laws" - Tacitus
Anonymous
a b G Storage
May 6, 2004 7:55:50 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Arno Wagner <me@privacy.net> wrote in news:c7brc4$25rpq$1@ID-2964.news.uni-
berlin.de:

> One aspect that makes things a little fuzzy is that this limit
> actually applies after data compression. So in theory overwriting with
> badly compressable true randomness is more secure than overwriting
> with zeros. In practice older signals will just be to weak to be seen
> in the background noise. HDD heads, modulation and electonics are very
> close to the medium limit today. That was not allways the case.

Did anyone mention these devices yet?

http://www.tecchannel.com/security/client/418/
http://www.tecchannel.com/security/client/418/9.html
Anonymous
a b G Storage
May 6, 2004 9:04:47 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

"Mr. Grinch" <grinch@hatespam.yucky> wrote in message
news:Xns94E0DF23EF8DEgrinchhatespamyucksh@24.71.223.159...
> Arno Wagner <me@privacy.net> wrote in
news:c7brc4$25rpq$1@ID-2964.news.uni-
> berlin.de:
>
> > One aspect that makes things a little fuzzy is that this limit
> > actually applies after data compression. So in theory overwriting with
> > badly compressable true randomness is more secure than overwriting
> > with zeros. In practice older signals will just be to weak to be seen
> > in the background noise. HDD heads, modulation and electonics are very
> > close to the medium limit today. That was not allways the case.
>
> Did anyone mention these devices yet?
>
> http://www.tecchannel.com/security/client/418/
> http://www.tecchannel.com/security/client/418/9.html

Such a degausser seems like a waste of money. Shred the drive or heat it
above the Currie temperature seems better.
Anonymous
a b G Storage
May 6, 2004 4:06:02 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Ron Reaugh wrote:
> "Mr. Grinch" <grinch@hatespam.yucky> wrote in message
> news:Xns94E0DF23EF8DEgrinchhatespamyucksh@24.71.223.159...
>
>>Arno Wagner <me@privacy.net> wrote in
>
> news:c7brc4$25rpq$1@ID-2964.news.uni-
>
>>berlin.de:
>>
>>
>>>One aspect that makes things a little fuzzy is that this limit
>>>actually applies after data compression. So in theory overwriting with
>>>badly compressable true randomness is more secure than overwriting
>>>with zeros. In practice older signals will just be to weak to be seen
>>>in the background noise. HDD heads, modulation and electonics are very
>>>close to the medium limit today. That was not allways the case.
>>
>>Did anyone mention these devices yet?
>>
>>http://www.tecchannel.com/security/client/418/
>>http://www.tecchannel.com/security/client/418/9.html
>
>
> Such a degausser seems like a waste of money. Shred the drive or heat it
> above the Currie temperature seems better.
>
>

Interesting point.

Cooking the HD sounds simple enough. Do you know what the coating
materials are for current HD platters? Do you know what the Curie
temps are for those materials? Do you know where to buy industrial
ovens, for modest prices, that will work at those temps?

Cobalt, for example, has a Curie temp of 1388 deg.K, which is about
1115 deg.C or 2040 deg.F. I don't think my kitchen oven will get
the job done <g>.
--
Cheers, Bob
Anonymous
a b G Storage
May 6, 2004 4:06:03 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

In article <KSpmc.32350$_41.2619146@attbi_s02>,
Bob Willard <BobwBSGS@TrashThis.comcast.net> wrote:
>Ron Reaugh wrote:
>> "Mr. Grinch" <grinch@hatespam.yucky> wrote in message
>> news:Xns94E0DF23EF8DEgrinchhatespamyucksh@24.71.223.159...
>>
>>>Arno Wagner <me@privacy.net> wrote in
>>
>> news:c7brc4$25rpq$1@ID-2964.news.uni-
>>
>>>berlin.de:
>>>
>>>
>>>>One aspect that makes things a little fuzzy is that this limit
>>>>actually applies after data compression. So in theory overwriting with
>>>>badly compressable true randomness is more secure than overwriting
>>>>with zeros. In practice older signals will just be to weak to be seen
>>>>in the background noise. HDD heads, modulation and electonics are very
>>>>close to the medium limit today. That was not allways the case.
>>>
>>>Did anyone mention these devices yet?
>>>
>>>http://www.tecchannel.com/security/client/418/
>>>http://www.tecchannel.com/security/client/418/9.html
>>
>>
>> Such a degausser seems like a waste of money. Shred the drive or heat it
>> above the Currie temperature seems better.
>>
>>
>
>Interesting point.
>
>Cooking the HD sounds simple enough. Do you know what the coating
>materials are for current HD platters? Do you know what the Curie
>temps are for those materials? Do you know where to buy industrial
>ovens, for modest prices, that will work at those temps?
>
>Cobalt, for example, has a Curie temp of 1388 deg.K, which is about
>1115 deg.C or 2040 deg.F. I don't think my kitchen oven will get
>the job done <g>.

Assuming the Curie temps are right, I think the substrate materials
will melt, first. Aluminum melts at 1220F.

I just put the disk on a concrete floor and give it a shot with the
sledge hammer that I a keep in the computer room. It also serves
to intimidate the servers.

If I have to return a disk for warranty replacement I'll eat the cost
of the disk if the risk of loosing the data exceeds the cost of the
disk from business risk point of view. The decision is easy for a
$150 disk.









--
Al Dykes
-----------
adykes at p a n i x . c o m
Anonymous
a b G Storage
May 6, 2004 4:06:04 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

adykes@panix.com (Al Dykes) wrote:

>I just put the disk on a concrete floor and give it a shot with the
>sledge hammer that I a keep in the computer room. It also serves
>to intimidate the servers.

That's the best plan, IMO.
Anonymous
a b G Storage
May 6, 2004 7:34:38 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

On Thu, 06 May 2004 09:05:56 -0500, chrisv <chrisv@nospam.invalid>
wrote:

>adykes@panix.com (Al Dykes) wrote:
>
>>I just put the disk on a concrete floor and give it a shot with the
>>sledge hammer that I a keep in the computer room. It also serves
>>to intimidate the servers.
>
>That's the best plan, IMO.

LOL, yeah I've had a good sledgehammer on my shopping list for awhile
now too ;) 

That'll pretty much take care of the dumpster divers.
Anonymous
a b G Storage
May 7, 2004 6:11:01 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Previously Mr. Grinch <grinch@hatespam.yucky> wrote:
> Arno Wagner <me@privacy.net> wrote in news:c7brc4$25rpq$1@ID-2964.news.uni-
> berlin.de:

>> One aspect that makes things a little fuzzy is that this limit
>> actually applies after data compression. So in theory overwriting with
>> badly compressable true randomness is more secure than overwriting
>> with zeros. In practice older signals will just be to weak to be seen
>> in the background noise. HDD heads, modulation and electonics are very
>> close to the medium limit today. That was not allways the case.

> Did anyone mention these devices yet?

> http://www.tecchannel.com/security/client/418/
> http://www.tecchannel.com/security/client/418/9.html

Very risky without detailed study. 1T might not be enough for
modern drives.

For mass destruction, shred or melt the drives.

Arno
--
For email address: lastname AT tik DOT ee DOT ethz DOT ch
GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
"The more corrupt the state, the more numerous the laws" - Tacitus
Anonymous
a b G Storage
May 7, 2004 6:12:39 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Previously anonymous <anon@nowhere.com> wrote:
> On Thu, 06 May 2004 09:05:56 -0500, chrisv <chrisv@nospam.invalid>
> wrote:

>>adykes@panix.com (Al Dykes) wrote:
>>
>>>I just put the disk on a concrete floor and give it a shot with the
>>>sledge hammer that I a keep in the computer room. It also serves
>>>to intimidate the servers.
>>
>>That's the best plan, IMO.

> LOL, yeah I've had a good sledgehammer on my shopping list for awhile
> now too ;) 

> That'll pretty much take care of the dumpster divers.

On the other hand, it is mostly useless for actually destroing the
data. It will just make it hard to access. Still a very good method
for low-to-medium level security.

--
For email address: lastname AT tik DOT ee DOT ethz DOT ch
GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
"The more corrupt the state, the more numerous the laws" - Tacitus
Anonymous
a b G Storage
May 7, 2004 6:12:40 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

In article <2g09knF2ut7jU3@uni-berlin.de>, Arno Wagner <me@privacy.net> wrote:
>Previously anonymous <anon@nowhere.com> wrote:
>> On Thu, 06 May 2004 09:05:56 -0500, chrisv <chrisv@nospam.invalid>
>> wrote:
>
>>>adykes@panix.com (Al Dykes) wrote:
>>>
>>>>I just put the disk on a concrete floor and give it a shot with the
>>>>sledge hammer that I a keep in the computer room. It also serves
>>>>to intimidate the servers.
>>>
>>>That's the best plan, IMO.
>
>> LOL, yeah I've had a good sledgehammer on my shopping list for awhile
>> now too ;) 
>
>> That'll pretty much take care of the dumpster divers.
>
>On the other hand, it is mostly useless for actually destroing the
>data. It will just make it hard to access. Still a very good method
>for low-to-medium level security.
>

hard to access ?

I'd like to hear how someone with an unlimited budget can read a
platter that is bent like a pretzel and way way out of balance such
that it can't be spun, not to mention damage to parts of the magnetic
surface.

I'd assume the FBI/NSA folks can read parts of the data with an
electron microsocope, and that may be useful for a National Security
case where the recovery of even a few blocks of data can disclose a
hint at a crypto key that can unlock other data. In the commercial
world I consider major mechanical deformation adequate. And I've
handled crypto material at one of the largest banks in the world.

You didn't ask how big the sledgehammer is, or how much satisfaction I
get out smashing a disk that's just caused me grief.

One advantage of physical destruction is that your boss, and your
security office can see the damage. With disc erasure software
who knows what's happening.

--
Al Dykes
-----------
adykes at p a n i x . c o m
Anonymous
a b G Storage
May 7, 2004 6:44:34 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

I think, like CD shredders, we'll see HDD shredders soon. Some machinery to
turn a HDD to a pile of shaves.

"Al Dykes" <adykes@panix.com> wrote in message
news:c7ess5$h30$1@panix2.panix.com...
> In article <2g09knF2ut7jU3@uni-berlin.de>, Arno Wagner <me@privacy.net>
wrote:
> >Previously anonymous <anon@nowhere.com> wrote:
> >> On Thu, 06 May 2004 09:05:56 -0500, chrisv <chrisv@nospam.invalid>
> >> wrote:
> >
> >>>adykes@panix.com (Al Dykes) wrote:
> >>>
> >>>>I just put the disk on a concrete floor and give it a shot with the
> >>>>sledge hammer that I a keep in the computer room. It also serves
> >>>>to intimidate the servers.
> >>>
> >>>That's the best plan, IMO.
> >
> >> LOL, yeah I've had a good sledgehammer on my shopping list for awhile
> >> now too ;) 
> >
> >> That'll pretty much take care of the dumpster divers.
> >
> >On the other hand, it is mostly useless for actually destroing the
> >data. It will just make it hard to access. Still a very good method
> >for low-to-medium level security.
> >
>
> hard to access ?
>
> I'd like to hear how someone with an unlimited budget can read a
> platter that is bent like a pretzel and way way out of balance such
> that it can't be spun, not to mention damage to parts of the magnetic
> surface.
>
> I'd assume the FBI/NSA folks can read parts of the data with an
> electron microsocope, and that may be useful for a National Security
> case where the recovery of even a few blocks of data can disclose a
> hint at a crypto key that can unlock other data. In the commercial
> world I consider major mechanical deformation adequate. And I've
> handled crypto material at one of the largest banks in the world.
>
> You didn't ask how big the sledgehammer is, or how much satisfaction I
> get out smashing a disk that's just caused me grief.
>
> One advantage of physical destruction is that your boss, and your
> security office can see the damage. With disc erasure software
> who knows what's happening.
>
> --
> Al Dykes
> -----------
> adykes at p a n i x . c o m
Anonymous
a b G Storage
May 7, 2004 12:40:00 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

"Ron Reaugh" <ron-reaugh@att.net> wrote:

> "Mr. Grinch" <grinch@hatespam.yucky> wrote in message
> news:Xns94E0DF23EF8DEgrinchhatespamyucksh@24.71.223.159...
>> Arno Wagner <me@privacy.net> wrote in
>> news:c7brc4$25rpq$1@ID-2964.news.uni- berlin.de:
>>
>> > One aspect that makes things a little fuzzy is that this
>> > limit actually applies after data compression. So in theory
>> > overwriting with badly compressable true randomness is more
>> > secure than overwriting with zeros. In practice older
>> > signals will just be to weak to be seen in the background
>> > noise. HDD heads, modulation and electonics are very close
>> > to the medium limit today. That was not allways the case.
>>
>> Did anyone mention these devices yet?
>>
>> http://www.tecchannel.com/security/client/418/
>> http://www.tecchannel.com/security/client/418/9.html
>
> Such a degausser seems like a waste of money. Shred the drive
> or heat it above the Currie temperature seems better.


Or throw it into a hot curry? :-)
Anonymous
a b G Storage
May 7, 2004 5:32:56 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Previously Al Dykes <adykes@panix.com> wrote:
> In article <2g09knF2ut7jU3@uni-berlin.de>, Arno Wagner <me@privacy.net> wrote:
>>Previously anonymous <anon@nowhere.com> wrote:
>>> On Thu, 06 May 2004 09:05:56 -0500, chrisv <chrisv@nospam.invalid>
>>> wrote:
>>
>>>>adykes@panix.com (Al Dykes) wrote:
>>>>
>>>>>I just put the disk on a concrete floor and give it a shot with the
>>>>>sledge hammer that I a keep in the computer room. It also serves
>>>>>to intimidate the servers.
>>>>
>>>>That's the best plan, IMO.
>>
>>> LOL, yeah I've had a good sledgehammer on my shopping list for awhile
>>> now too ;) 
>>
>>> That'll pretty much take care of the dumpster divers.
>>
>>On the other hand, it is mostly useless for actually destroing the
>>data. It will just make it hard to access. Still a very good method
>>for low-to-medium level security.
>>

> hard to access ?

> I'd like to hear how someone with an unlimited budget can read a
> platter that is bent like a pretzel and way way out of balance such
> that it can't be spun, not to mention damage to parts of the magnetic
> surface.

Magnetic microscopy may be able to do it. May cost tens of millions
for a single HDD. And there is ECC on HDDs, so you do not need to read
every bit.

> I'd assume the FBI/NSA folks can read parts of the data with an
> electron microsocope, and that may be useful for a National Security
> case where the recovery of even a few blocks of data can disclose a
> hint at a crypto key that can unlock other data. In the commercial
> world I consider major mechanical deformation adequate. And I've
> handled crypto material at one of the largest banks in the world.

I agree, unless the data on the HDD is worth many millions or billions,
(which can happen in a commercial setting, but is unlikely) and
an attacker can have strong indication that the HDD is a worthwhile
target. That means for allmost all cases, and certainly for all private
use, bending the platter gives as good as absolute security.

> You didn't ask how big the sledgehammer is, or how much satisfaction I
> get out smashing a disk that's just caused me grief.

That _is_ an additional benefit of the hammer-method, agreed.

> One advantage of physical destruction is that your boss, and your
> security office can see the damage. With disc erasure software
> who knows what's happening.

Yes. I did not mean to say that the hammer method is bad. I quite like
it. The statement of it not being perfect was more a theoretical
observation of little practical impact. I am sorry if this was not
clear.

Arno
--
For email address: lastname AT tik DOT ee DOT ethz DOT ch
GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
"The more corrupt the state, the more numerous the laws" - Tacitus
Anonymous
a b G Storage
May 8, 2004 12:50:18 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Arno Wagner <me@privacy.net> wrote in news:2g09hlF2ut7jU2@uni-berlin.de:

> Previously Mr. Grinch <grinch@hatespam.yucky> wrote:
>
>> Did anyone mention these devices yet?
>
>> http://www.tecchannel.com/security/client/418/
>> http://www.tecchannel.com/security/client/418/9.html
>
> Very risky without detailed study. 1T might not be enough for
> modern drives.
>
> For mass destruction, shred or melt the drives.
>
> Arno


Yep, it seems expensive to me. I only mention it because at one place I
worked, this was the "corporate standard" method of treating magnetic media
before handing it over to another company paid to destroy it (cook it, shred
it, not sure what happened next).

Just curious that no one had mentioned it yet. Another factor might be that
we use a lot more optical media today that wouldn't even be affected by this.
Might be hard to justify the cost of multiple media erasing methods when a
single method can work for everything.
Anonymous
a b G Storage
May 8, 2004 1:40:48 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

> Yep, it seems expensive to me. I only mention it because at one place I
> worked, this was the "corporate standard" method of treating magnetic media
> before handing it over to another company paid to destroy it (cook it, shred
> it, not sure what happened next).
>
> Just curious that no one had mentioned it yet. Another factor might be that
> we use a lot more optical media today that wouldn't even be affected by this.
> Might be hard to justify the cost of multiple media erasing methods when a
> single method can work for everything.
>

I think no one mentioned it because my original post was for home
users, not big corporations or secret government agencies. The
destruction methods employed by the latter sure are fun to talk about,
but not all that practical.

Anyway, can it be safe to conclude, for the average home user selling
off an old hard drive, the statements below?

A. Simply formatting (conventional NTFS Quick/Long or FAT32) the hard
drive is insufficient to be sure no data remains on the drive.
B. For modern drives, lets say > 500MB, over-writing the entire drive
once with zeros using a special utility should be employed.
C. For older drives under 500MB, writing with random data at least
three times should be employed.

Make whatever qualifications needed to enhance the above statements.
Anonymous
a b G Storage
May 8, 2004 2:57:08 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Shailesh Humbad <s@mailpass.com> wrote in
news:AnTmc.1120$GL4.155@fe2.columbus.rr.com:

> Anyway, can it be safe to conclude, for the average home user selling
> off an old hard drive, the statements below?
>
> A. Simply formatting (conventional NTFS Quick/Long or FAT32) the hard
> drive is insufficient to be sure no data remains on the drive.
> B. For modern drives, lets say > 500MB, over-writing the entire drive
> once with zeros using a special utility should be employed.
> C. For older drives under 500MB, writing with random data at least
> three times should be employed.
>
> Make whatever qualifications needed to enhance the above statements.

I would qualify it by saying that only the individual can decide how
important or valuble their data is, but for many people, the above steps are
enough. In many cases these are adequate deterrents such that any data
recovery would likely cost more than the value of the data.

But that's just me. I'm sure someone will say otherwise ;-)
Anonymous
a b G Storage
May 8, 2004 3:13:12 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

"Arno Wagner" <me@privacy.net> wrote in message news:2g1hg8F3gvpeU1@uni-berlin.de...
> Previously Al Dykes <adykes@panix.com> wrote:
>> In article <2g09knF2ut7jU3@uni-berlin.de>, Arno Wagner <me@privacy.net> wrote:
> >>Previously anonymous <anon@nowhere.com> wrote:
>>>> On Thu, 06 May 2004 09:05:56 -0500, chrisv <chrisv@nospam.invalid> wrote:
>>>>> adykes@panix.com (Al Dykes) wrote:
>>>>>> I just put the disk on a concrete floor and give it a shot with the
>>>>>> sledge hammer that I a keep in the computer room. It also serves
>>>>>> to intimidate the servers.
>>>>>
>>>>> That's the best plan, IMO.
>>>
>>>> LOL, yeah I've had a good sledgehammer on my shopping list for awhile
>>>> now too ;) 
>>>
>>>> That'll pretty much take care of the dumpster divers.
>>>
>>> On the other hand, it is mostly useless for actually destroing the
>>> data. It will just make it hard to access. Still a very good method
>>> for low-to-medium level security.
>>>
>
>> hard to access ?
>
>> I'd like to hear how someone with an unlimited budget can read a
>> platter that is bent like a pretzel

You think that platters will bend like pretzels, do you?

>> and way way out of balance such that it can't be spun,

Certainly not when they're shattered like a mirror.

>> not to mention damage to parts of the magnetic surface.
>
> Magnetic microscopy may be able to do it. May cost tens of millions
> for a single HDD.

After the platters have been glued together again.

> And there is ECC on HDDs, so you do not need to read every bit.

Of course you do if it is to be of any use.

>
>> I'd assume the FBI/NSA folks can read parts of the data with an
>> electron microsocope, and that may be useful for a National Security
>> case where the recovery of even a few blocks of data can disclose a
>> hint at a crypto key that can unlock other data. In the commercial
>> world I consider major mechanical deformation adequate. And I've
>> handled crypto material at one of the largest banks in the world.
>
> I agree, unless the data on the HDD is worth many millions or billions,
> (which can happen in a commercial setting, but is unlikely) and
> an attacker can have strong indication that the HDD is a worthwhile
> target. That means for allmost all cases, and certainly for all private
> use,

> bending the platter gives as good as absolute security.

Sure, after you heated it up to red hot glow, probably.
Of course, bending it at that point doesn't add anything to it anymore.

>
>> You didn't ask how big the sledgehammer is, or how much satisfaction
>> I get out smashing a disk that's just caused me grief.
>
> That _is_ an additional benefit of the hammer-method, agreed.
>
>> One advantage of physical destruction is that your boss, and your
>> security office can see the damage. With disc erasure software
>> who knows what's happening.
>
> Yes. I did not mean to say that the hammer method is bad. I quite like
> it. The statement of it not being perfect was more a theoretical
> observation of little practical impact. I am sorry if this was not clear.
>
> Arno
Anonymous
a b G Storage
May 8, 2004 5:19:52 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Previously Shailesh Humbad <s@mailpass.com> wrote:
[...]
> Anyway, can it be safe to conclude, for the average home user selling
> off an old hard drive, the statements below?

> A. Simply formatting (conventional NTFS Quick/Long or FAT32) the hard
> drive is insufficient to be sure no data remains on the drive.
> B. For modern drives, lets say > 500MB, over-writing the entire drive
> once with zeros using a special utility should be employed.
> C. For older drives under 500MB, writing with random data at least
> three times should be employed.

> Make whatever qualifications needed to enhance the above statements.

A. Is likely true. There are enough tools borderline idiots can use
to get data of a quick format. It is unclear (and probably not
worthwhile finding out) what a long format actually deletes.

B./C. Since we are talking home users here, unless there is
something with national security implications on the drive,
I would say that overwriting once with anything is enough.
The border below which (an expensive) recovery becomes
possible might be more in the 20GB-range, but that does not
really matter, since nobody will spend tens of thousands or
more on a drive bought cheaply.

It is something else, if you want to destroy data somebody
is actually looking for. If it is worth investing, say,
>10.000 Euro/USD for a recovery attempt, and the attacker
is likely to know that, then you should probably destroy
the drive.

Commercial settings are different. Still 4 random overwrites
or the like should be enough for stuff that was not too sensitive.
Getting this type of info by bribing some employees is possibly
a lot cheaper.

Arno
--
For email address: lastname AT tik DOT ee DOT ethz DOT ch
GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
"The more corrupt the state, the more numerous the laws" - Tacitus
Anonymous
a b G Storage
May 8, 2004 12:28:12 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

"Arno Wagner" <me@privacy.net> wrote in message
news:2g2qtoF3ui5oU1@uni-berlin.de...
>
> A. Is likely true. There are enough tools borderline idiots can use
> to get data of a quick format. It is unclear (and probably not
> worthwhile finding out) what a long format actually deletes.
>
It has been explained several times. Quick and long format write exactly the
same sectors.
Anonymous
a b G Storage
June 22, 2004 12:02:04 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

On Fri, 07 May 2004 21:40:48 GMT, Shailesh Humbad <s@mailpass.com> wrote:

~> Yep, it seems expensive to me. I only mention it because at one place I
~> worked, this was the "corporate standard" method of treating magnetic media
~> before handing it over to another company paid to destroy it (cook it, shred
~> it, not sure what happened next).
~>
~> Just curious that no one had mentioned it yet. Another factor might be that
~> we use a lot more optical media today that wouldn't even be affected by this.
~> Might be hard to justify the cost of multiple media erasing methods when a
~> single method can work for everything.
~>
~
~I think no one mentioned it because my original post was for home
~users, not big corporations or secret government agencies. The
~destruction methods employed by the latter sure are fun to talk about,
~but not all that practical.
~
~Anyway, can it be safe to conclude, for the average home user selling
~off an old hard drive, the statements below?
~
~A. Simply formatting (conventional NTFS Quick/Long or FAT32) the hard
~drive is insufficient to be sure no data remains on the drive.
~B. For modern drives, lets say > 500MB, over-writing the entire drive
~once with zeros using a special utility should be employed.
~C. For older drives under 500MB, writing with random data at least
~three times should be employed.
~
~Make whatever qualifications needed to enhance the above statements.

Look for a freeware applet called eraser. http://www.heidi.ie/eraser/ You can
overwrite files, clustertips, directory entries and freespace using default
overwrite profiles or your own custom profiles. I have tested the basic
functionality of Eraser using Disk Inspector http://www.theabsolute.net/sware/
to look for files that I erased using different custom patterns. In every test
the directory entry and file were erased. I tested this using a small partition
and created a file that contained a unique searchable string. I then used Disk
Investigator to find the file by searching for the string. I noted the address
of the file and used Eraser to delete the file. I then used Eraser to overwrite
the file using the US DoD 3x overwrite. When I looked at the specific addresses
there was nothing but random data. I tried a variety of tests against specific
files and against freespace and at no time could I find any trace of the
original file.

I have high confidence in Eraser, however I cannot test the advanced techniques
that use signal processing to predict what the Nth generation bit might have
been. I did indirectly verify that overwrite X times does perform as stated by
creating a custom overwrite with specific bit patterns, running this overwrite
and cancelling it before it completed. I then inspect the file address on the
disk to see what bit patterns are in evidence and how they correlate to the
order of the bit patterns in my test case.

Be careful beating old platters with a hammer. Some manufactures switched to
glass platters a few years back. No point in getting shards of glass in your
eye.
!