Sign in with
Sign up | Sign in
Your question

Secure Data Removal

Tags:
  • Hard Drives
  • Storage
Last response: in Storage
Share
Anonymous
a b G Storage
December 24, 2004 4:00:38 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

I made the mistake of asking this question in alt.computer, so my
apologies for the somewhat duplicate post. I have some hard drives that
I am donating to charity. The drives contain confidential information
belonging to clients of a law firm. I have a free utility that writes
zeros on the drive, and there are commercial utilities that do multiple
writes. However, the commercial utility I found is $30, which is more
than I want to pay unless absolutely necessary. Can someone recommend a
free or less expensive multi-wipe utility for hard drives, all space,
not just empty?

More about : secure data removal

Anonymous
a b G Storage
December 24, 2004 4:00:39 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

I have used eraser in the past:
http://www.heidi.ie/eraser/
It is free and writes multiple patterns over the drive. Does it work?
Who really knows. I guess you take it on faith that it works, unless
you have the knowledge to try and get the data back after it is
overwritten.

Irwin
Anonymous
a b G Storage
December 24, 2004 7:14:11 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Previously mcp6453 <mcp6453@earthlink.net> wrote:
> I made the mistake of asking this question in alt.computer, so my
> apologies for the somewhat duplicate post. I have some hard drives that
> I am donating to charity. The drives contain confidential information
> belonging to clients of a law firm. I have a free utility that writes
> zeros on the drive, and there are commercial utilities that do multiple
> writes. However, the commercial utility I found is $30, which is more
> than I want to pay unless absolutely necessary. Can someone recommend a
> free or less expensive multi-wipe utility for hard drives, all space,
> not just empty?

Write zeros several times. After 10 times or so it should be as
secure as 2-3 random passes.

Arno
--
For email address: lastname AT tik DOT ee DOT ethz DOT ch
GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
"The more corrupt the state, the more numerous the laws" - Tacitus
Related resources
Anonymous
a b G Storage
December 24, 2004 8:04:38 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

mcp6453 wrote:
> I made the mistake of asking this question in alt.computer, so my
> apologies for the somewhat duplicate post. I have some hard drives
> that I am donating to charity. The drives contain confidential
> information belonging to clients of a law firm. I have a free utility
> that writes zeros on the drive, and there are commercial utilities
> that do multiple writes. However, the commercial utility I found is
> $30, which is more than I want to pay unless absolutely necessary.
> Can someone recommend a free or less expensive multi-wipe utility for
> hard drives, all space, not just empty?

After running one or more of these "data removal" programs, run
a few "data recovery" programs, to check nothing is there !

A data recovery company can still get data off the drive by
dismantling the drive and using specialised hardware, but if you're
that bothered, don't give the drives away, just smash the platters !

--
Mike
Anonymous
a b G Storage
December 25, 2004 12:35:43 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

On 24 Dec 2004 06:57:14 -0800, "Irwin" <ebct@hotmail.com> wrote:

>I have used eraser in the past:
>http://www.heidi.ie/eraser/
>It is free and writes multiple patterns over the drive. Does it work?
>Who really knows. I guess you take it on faith that it works, unless
>you have the knowledge to try and get the data back after it is
>overwritten.
>
>Irwin

Eraser installs a folder containing a floppy image of DBAN (Dan's Boot and
Nuke I think) which is good for sanitizing entire drives.

--
Michael Cecil
http://home.comcast.net/~macecil/
Anonymous
a b G Storage
December 25, 2004 1:03:46 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

On Fri, 24 Dec 2004 13:00:38 GMT, mcp6453 <mcp6453@earthlink.net>
wrote:

>Can someone recommend a
>free or less expensive multi-wipe utility for hard drives, all space,
>not just empty?

Darik's Boot and Nuke will do the job and it is open source:

http://dban.sourceforge.net/

Make a boot floppy, then boot from it and choose the number of passes
(from one pass of zeros to 35 passes of random data). It will nuke
everything, including the MBR, partition tables, etc., but it does
take a while to run.

Someone else suggested Eraser which is fine but it runs under Windows.
I think DBAN is the best choice for your application.

- -
Gary L.
Reply to the newsgroup only
Anonymous
a b G Storage
December 25, 2004 1:55:32 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Previously Mike Redrobe <mike@redrobe.net> wrote:
> mcp6453 wrote:
>> I made the mistake of asking this question in alt.computer, so my
>> apologies for the somewhat duplicate post. I have some hard drives
>> that I am donating to charity. The drives contain confidential
>> information belonging to clients of a law firm. I have a free utility
>> that writes zeros on the drive, and there are commercial utilities
>> that do multiple writes. However, the commercial utility I found is
>> $30, which is more than I want to pay unless absolutely necessary.
>> Can someone recommend a free or less expensive multi-wipe utility for
>> hard drives, all space, not just empty?

> After running one or more of these "data removal" programs, run
> a few "data recovery" programs, to check nothing is there !

> A data recovery company can still get data off the drive by
> dismantling the drive and using specialised hardware, but if you're
> that bothered, don't give the drives away, just smash the platters !

That is an unconfirmed myth with modern drives. 15 years ago this was
possible. Last year the german computer magazine c't tried to get
data recoverd after a single overwrite on a HDD. All better knowen
data recovery outfits clamied that they did not have this capability,
which means that such recovery is either impossible or very expensive
(think millions).

Arno
--
For email address: lastname AT tik DOT ee DOT ethz DOT ch
GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
"The more corrupt the state, the more numerous the laws" - Tacitus
Anonymous
a b G Storage
December 27, 2004 2:09:00 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

"Arno Wagner" <me@privacy.net> wrote in message
news:333l34F3thhefU2@individual.net...
> Previously Mike Redrobe <mike@redrobe.net> wrote:
>> A data recovery company can still get data off the drive by
>> dismantling the drive and using specialised hardware, but if you're
>> that bothered, don't give the drives away, just smash the platters !
>
> That is an unconfirmed myth with modern drives. 15 years ago this was
> possible. Last year the german computer magazine c't tried to get
> data recoverd after a single overwrite on a HDD. All better knowen
> data recovery outfits clamied that they did not have this capability,
> which means that such recovery is either impossible or very expensive
> (think millions).

The theory for multiple "shred" passes on these data eraser programs:

One pass is not enough to completely erase data, the hard disk heads
won't hit the same point 100% of the time (but will be within tolerance),
a few pases will "jitter" enough to hit a wider area.

With disassembly, pros could use a more precise head mechansim to
read old versions - the deleted data.

Are you saying this recovery is now limited to electron microscopy level
only ?


--
Mike
Anonymous
a b G Storage
December 27, 2004 4:51:06 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Previously Mike Redrobe <mike@redrobe.net> wrote:

> "Arno Wagner" <me@privacy.net> wrote in message
> news:333l34F3thhefU2@individual.net...
>> Previously Mike Redrobe <mike@redrobe.net> wrote:
>>> A data recovery company can still get data off the drive by
>>> dismantling the drive and using specialised hardware, but if you're
>>> that bothered, don't give the drives away, just smash the platters !
>>
>> That is an unconfirmed myth with modern drives. 15 years ago this was
>> possible. Last year the german computer magazine c't tried to get
>> data recoverd after a single overwrite on a HDD. All better knowen
>> data recovery outfits clamied that they did not have this capability,
>> which means that such recovery is either impossible or very expensive
>> (think millions).

> The theory for multiple "shred" passes on these data eraser programs:

> One pass is not enough to completely erase data, the hard disk heads
> won't hit the same point 100% of the time (but will be within tolerance),
> a few pases will "jitter" enough to hit a wider area.

> With disassembly, pros could use a more precise head mechansim to
> read old versions - the deleted data.

> Are you saying this recovery is now limited to electron microscopy level
> only ?

I am saying that the harddrives are close to the s/n ratio of the
surface coating. There is just not enough space to squeeze two signals
into the place of one. The "imprecise positioning" will likely get
overwritten when the neighbouring tracks are written. In addition the
head-positioning has gotten extremely accurate for writes and tracks
have gotten very slim and close together. This is not floppy
technology anymore. It is quite possible that the original signal is
just not there anymore (i.e. vanished in the bachground noise) after a
single overwrite and _nothing_ can recover it.

Arno
--
For email address: lastname AT tik DOT ee DOT ethz DOT ch
GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
"The more corrupt the state, the more numerous the laws" - Tacitus
Anonymous
a b G Storage
December 27, 2004 7:22:58 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Considering that the track pitch in modern drives is about 100 nm (and bit
length half of that), it's a miracle that they work at all!

"Arno Wagner" <me@privacy.net> wrote in message
news:33aiaaF3qthesU1@individual.net...
>
>> Are you saying this recovery is now limited to electron microscopy level
>> only ?
>
> I am saying that the harddrives are close to the s/n ratio of the
> surface coating. There is just not enough space to squeeze two signals
> into the place of one. The "imprecise positioning" will likely get
> overwritten when the neighbouring tracks are written. In addition the
> head-positioning has gotten extremely accurate for writes and tracks
> have gotten very slim and close together. This is not floppy
> technology anymore. It is quite possible that the original signal is
> just not there anymore (i.e. vanished in the bachground noise) after a
> single overwrite and _nothing_ can recover it.
>
> Arno
> --
> For email address: lastname AT tik DOT ee DOT ethz DOT ch
> GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
> "The more corrupt the state, the more numerous the laws" - Tacitus
>
>
Anonymous
a b G Storage
December 27, 2004 7:22:59 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

In article <CFWzd.10853$9j5.1688@newsread3.news.pas.earthlink.net>,
Alexander Grigoriev <alegr@earthlink.net> wrote:
>Considering that the track pitch in modern drives is about 100 nm (and bit
>length half of that), it's a miracle that they work at all!
>
>"Arno Wagner" <me@privacy.net> wrote in message
>news:33aiaaF3qthesU1@individual.net...
>>
>>> Are you saying this recovery is now limited to electron microscopy level
>>> only ?
>>
>> I am saying that the harddrives are close to the s/n ratio of the
>> surface coating. There is just not enough space to squeeze two signals
>> into the place of one. The "imprecise positioning" will likely get
>> overwritten when the neighbouring tracks are written. In addition the
>> head-positioning has gotten extremely accurate for writes and tracks
>> have gotten very slim and close together. This is not floppy
>> technology anymore. It is quite possible that the original signal is
>> just not there anymore (i.e. vanished in the bachground noise) after a
>> single overwrite and _nothing_ can recover it.
>>
>> Arno
>> --
>> For email address: lastname AT tik DOT ee DOT ethz DOT ch
>> GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
>> "The more corrupt the state, the more numerous the laws" - Tacitus
>>
>>
>
>


IMO the non-classified articles that described use of electron
microscope techniques are now several years old and disk capacities
have gone from the maybe 2GB to 200GB over that time. It's safe to
assume that the issues assiciated with forensic data recovery have
changed, and it's probably harder, much harder.

IBM developed much if the head and surface technology that made our
disks possible. A google for "disk proximal recording" will get you
some information.

I have no access to any seecrreet information.

--

a d y k e s @ p a n i x . c o m

Don't blame me. I voted for Gore.
December 27, 2004 9:03:11 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

"mcp6453" <mcp6453@earthlink.net> wrote in message
news:WpUyd.96$aM4.57755@twister.southeast.rr.com...
>I made the mistake of asking this question in alt.computer, so my apologies
>for the somewhat duplicate post. I have some hard drives that I am donating
>to charity. The drives contain confidential information belonging to
>clients of a law firm. I have a free utility that writes zeros on the
>drive, and there are commercial utilities that do multiple writes. However,
>the commercial utility I found is $30, which is more than I want to pay
>unless absolutely necessary. Can someone recommend a free or less expensive
>multi-wipe utility for hard drives, all space, not just empty?

<http://msn.pcworld.com/downloads/file_description/0,fid...;

This page has the ultimate boot PC. It has a tool, along with several, that
will erase a disk to DOD specs. You will need to burn the iso to a CD.
This will also take some time.
Anonymous
a b G Storage
December 27, 2004 9:22:16 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Previously Al Dykes <adykes@panix.com> wrote:
> In article <CFWzd.10853$9j5.1688@newsread3.news.pas.earthlink.net>,
> Alexander Grigoriev <alegr@earthlink.net> wrote:
>>Considering that the track pitch in modern drives is about 100 nm (and bit
>>length half of that), it's a miracle that they work at all!
>>
>>"Arno Wagner" <me@privacy.net> wrote in message
>>news:33aiaaF3qthesU1@individual.net...
>>>
>>>> Are you saying this recovery is now limited to electron microscopy level
>>>> only ?
>>>
>>> I am saying that the harddrives are close to the s/n ratio of the
>>> surface coating. There is just not enough space to squeeze two signals
>>> into the place of one. The "imprecise positioning" will likely get
>>> overwritten when the neighbouring tracks are written. In addition the
>>> head-positioning has gotten extremely accurate for writes and tracks
>>> have gotten very slim and close together. This is not floppy
>>> technology anymore. It is quite possible that the original signal is
>>> just not there anymore (i.e. vanished in the bachground noise) after a
>>> single overwrite and _nothing_ can recover it.
>>>
>>> Arno
>>> --
>>> For email address: lastname AT tik DOT ee DOT ethz DOT ch
>>> GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
>>> "The more corrupt the state, the more numerous the laws" - Tacitus
>>>
>>>
>>
>>


> IMO the non-classified articles that described use of electron
> microscope techniques are now several years old and disk capacities
> have gone from the maybe 2GB to 200GB over that time. It's safe to
> assume that the issues assiciated with forensic data recovery have
> changed, and it's probably harder, much harder.

Yes, and that is my point. The other is that if you cannot buy this
service commercially, and more so nobody admits being able to do it,
means that it is very expensive (no way to amortize the R&D cost over
a larger set of customers). You also have to keep in mind that before
recovery, it is not knowen to the attacker whether a specific disk is
worth the effort. In most cases it will not be, makeing it entirely
unlikely the advandec techniques needed (if they exist) will be used
on drives given to charity.

The other thing is that if, e.g., the NSA can do this, they would not
admit it because the method would then loose its value. I guess that
anything short of a planned terrorist activity would not justify
taking action on information gained with such a top secret forensic
method and thereby possibly compromising the method (i.e. making
people aware that it can be done). That means if you have evidence of
having, say, rapedn and killed a child on your hdd, wiping it several
times should put you in the clear, _even_ if they can recover it,
because they cannot admit being able to recover it for such a
''minor'' crime. (Of course if you are guilty of such a crime, I hope
they get you by other means and usually they do...)

Also for those being concerned about low grade trade secrets: Assume
it costs, say, 100.000 USD to recover a disk. Don't you think that
100.000 USD in bribes would get you the information without the risk
of not finding anything valuable on a disk?

For high-grade trade secrets, (i.e. information only stored on
computers in safe rooms and definitely not connected to any
network that leads outside of that room), by all means go for
physical destruction. I think that only very few computer
HDDs fall into this class and that it is generally not a
concern.

Arno
--
For email address: lastname AT tik DOT ee DOT ethz DOT ch
GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
"The more corrupt the state, the more numerous the laws" - Tacitus
Anonymous
a b G Storage
December 27, 2004 9:22:17 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

In article <33b26oF3vcn7nU1@individual.net>,
Arno Wagner <me@privacy.net> wrote:
>Previously Al Dykes <adykes@panix.com> wrote:
>> In article <CFWzd.10853$9j5.1688@newsread3.news.pas.earthlink.net>,
>> Alexander Grigoriev <alegr@earthlink.net> wrote:
>>>Considering that the track pitch in modern drives is about 100 nm (and bit
>>>length half of that), it's a miracle that they work at all!
>>>
>>>"Arno Wagner" <me@privacy.net> wrote in message
>>>news:33aiaaF3qthesU1@individual.net...
>>>>
>>>>> Are you saying this recovery is now limited to electron microscopy level
>>>>> only ?
>>>>
>>>> I am saying that the harddrives are close to the s/n ratio of the
>>>> surface coating. There is just not enough space to squeeze two signals
>>>> into the place of one. The "imprecise positioning" will likely get
>>>> overwritten when the neighbouring tracks are written. In addition the
>>>> head-positioning has gotten extremely accurate for writes and tracks
>>>> have gotten very slim and close together. This is not floppy
>>>> technology anymore. It is quite possible that the original signal is
>>>> just not there anymore (i.e. vanished in the bachground noise) after a
>>>> single overwrite and _nothing_ can recover it.
>>>>
>>>> Arno
>>>> --
>>>> For email address: lastname AT tik DOT ee DOT ethz DOT ch
>>>> GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
>>>> "The more corrupt the state, the more numerous the laws" - Tacitus
>>>>
>>>>
>>>
>>>
>
>
>> IMO the non-classified articles that described use of electron
>> microscope techniques are now several years old and disk capacities
>> have gone from the maybe 2GB to 200GB over that time. It's safe to
>> assume that the issues assiciated with forensic data recovery have
>> changed, and it's probably harder, much harder.
>
>Yes, and that is my point. The other is that if you cannot buy this
>service commercially, and more so nobody admits being able to do it,
>means that it is very expensive (no way to amortize the R&D cost over
>a larger set of customers). You also have to keep in mind that before
>recovery, it is not knowen to the attacker whether a specific disk is
>worth the effort. In most cases it will not be, makeing it entirely
>unlikely the advandec techniques needed (if they exist) will be used
>on drives given to charity.
>
>The other thing is that if, e.g., the NSA can do this, they would not
>admit it because the method would then loose its value. I guess that
>anything short of a planned terrorist activity would not justify
>taking action on information gained with such a top secret forensic
>method and thereby possibly compromising the method (i.e. making
>people aware that it can be done). That means if you have evidence of
>having, say, rapedn and killed a child on your hdd, wiping it several
>times should put you in the clear, _even_ if they can recover it,
>because they cannot admit being able to recover it for such a
>''minor'' crime. (Of course if you are guilty of such a crime, I hope
>they get you by other means and usually they do...)
>
>Also for those being concerned about low grade trade secrets: Assume
>it costs, say, 100.000 USD to recover a disk. Don't you think that
>100.000 USD in bribes would get you the information without the risk
>of not finding anything valuable on a disk?
>
>For high-grade trade secrets, (i.e. information only stored on
>computers in safe rooms and definitely not connected to any
>network that leads outside of that room), by all means go for
>physical destruction. I think that only very few computer
>HDDs fall into this class and that it is generally not a
>concern.
>
>Arno
>--

Agreed.

I'll add that for the kind of national security case this
capability would be used for, they don't expect to recover large
chunks of email or documents intact.

They attempt to recover 512 byte blocks> Each block is examined for
something that looks like a phone number, a name, or a bank account
number. In other words just short byte strings. Any of these can
assciate the disk (and it's owner) with someone else in a major case.
Some of these fragments might be a "crib" used to attack a backlog of
encrypted messages, kept for just such a break.

Our governemnt has computers full of as-yet uncrackable messages,
waiting for just such a break.

--

a d y k e s @ p a n i x . c o m

Don't blame me. I voted for Gore.
Anonymous
a b G Storage
December 27, 2004 10:11:31 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

On Fri, 24 Dec 2004 17:04:38 GMT, "Mike Redrobe" <mike@redrobe.net>
wrote:


>A data recovery company can still get data off the drive by
>dismantling the drive and using specialised hardware, but if you're
>that bothered, don't give the drives away, just smash the platters !

No, they cannot. They cannot even read a disk that was not overwritten
at all.
--
Svend Olaf
Anonymous
a b G Storage
December 27, 2004 10:13:24 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

On Fri, 24 Dec 2004 22:03:46 GMT, Gary L. <nospam@sbcglobal.net>
wrote:

>On Fri, 24 Dec 2004 13:00:38 GMT, mcp6453 <mcp6453@earthlink.net>
>wrote:
>
>>Can someone recommend a
>>free or less expensive multi-wipe utility for hard drives, all space,
>>not just empty?
>
>Darik's Boot and Nuke will do the job and it is open source:
>
>http://dban.sourceforge.net/
>
>Make a boot floppy, then boot from it and choose the number of passes
>(from one pass of zeros to 35 passes of random data). It will nuke
>everything, including the MBR, partition tables, etc., but it does
>take a while to run.
>
>Someone else suggested Eraser which is fine but it runs under Windows.
>I think DBAN is the best choice for your application.
>
>- -
> Gary L.
> Reply to the newsgroup only

And, if a disk manager was used?
--
Svend Olaf
Anonymous
a b G Storage
December 27, 2004 10:13:57 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Arno Wagner wrote:
> Previously Al Dykes <adykes@panix.com> wrote:
>>Mike Redrobe mike@redrobe.net wrote
>>
>>> Are you saying this recovery is now limited to electron
>>> microscopy level only ?

>> IMO the non-classified articles that described use of electron
>> microscope techniques are now several years old and disk capacities
>> have gone from the maybe 2GB to 200GB over that time. It's safe to
>> assume that the issues assiciated with forensic data recovery have
>> changed, and it's probably harder, much harder.

Yes, harder, and possibly /currently/ out of price range of commercial
services, but in time technology moves on ...smash those disks now to
be sure ;) 

> Yes, and that is my point. The other is that if you cannot buy this
> service commercially, and more so nobody admits being able to do it,
> means that it is very expensive

OK, but technology has a habit of becoming faster cheaper and more
accurate, just as a 1024bit RSA key might have seemed uncrackable in
the past.

I'll accept it may not be possible at commercial level at the
moment to recover overwritten sectors, that doesn't mean it will never
be feasible to recover such data from current disks.

The OP was just donating some old disks to a charity after all, so only
really needed protection from the next owner using software data
recovery tools, so a software disk eraser is fine.

Physical destruction is still safer IMO ;) 

>
> Also for those being concerned about low grade trade secrets: Assume
> it costs, say, 100.000 USD to recover a disk. Don't you think that
> 100.000 USD in bribes would get you the information without the risk
> of not finding anything valuable on a disk?

That 100,000 may be less in future, as technology moves on ...in, say 5
years time, with the sensitive info still on a current technology 40Gb disk

--
Mike
Anonymous
a b G Storage
December 27, 2004 10:16:45 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Svend Olaf Mikkelsen wrote:
> On Fri, 24 Dec 2004 17:04:38 GMT, "Mike Redrobe" <mike@redrobe.net>
> wrote:
>
>
>> A data recovery company can still get data off the drive by
>> dismantling the drive and using specialised hardware, but if you're
>> that bothered, don't give the drives away, just smash the platters !
>
> No, they cannot. They cannot even read a disk that was not overwritten
> at all.

Huh?

Its relatively cheap to get data back if it hasn't been overwrittem, even if
there is a drive controller failure!

--
Mike
Anonymous
a b G Storage
December 27, 2004 10:27:38 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

On Mon, 27 Dec 2004 19:16:45 GMT, "Mike Redrobe" <mike@redrobe.net>
wrote:

>Huh?
>
>Its relatively cheap to get data back if it hasn't been overwrittem, even if
>there is a drive controller failure!

Do you have a reliable source that indicates that someone today can
read a disk platter in anything else than the original disk?
--
Svend Olaf
Anonymous
a b G Storage
December 27, 2004 11:16:15 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Previously Mike Redrobe <mike@redrobe.net> wrote:
> Arno Wagner wrote:
>> Previously Al Dykes <adykes@panix.com> wrote:
>>>Mike Redrobe mike@redrobe.net wrote
>>>
[...]
> That 100,000 may be less in future, as technology moves on ...in, say 5
> years time, with the sensitive info still on a current technology 40Gb disk

I doubt it. In 5 years the commercial recovery providers will offer
services based on the disks in use then. They will not have a large
market for recovery of overwritten information on 7..10 year or so
old disks. In fact there may not be any market at all, since most
commercial information is worth nothing after 5 years. The occasional
fammily photographs lost to overwrites are unlikely to justify
the investment into researching the technology. That is, of course,
if it is at all possible to do this recovery in any meaningful way.

My personal guess is that recovery of overwritten data on magnetic
HDDs will never again be commercialy interesting. I also somewhat
doubt that the intelligence community is investing heavily into this
technology, since it is far quicker to physically destroy a hdd than
to wipe it. Overwriting, e.g., a current 40GB drive a single time
takes around 20 minutes. In that time people will have opened the
drive and blow-torched the platters several times over. No chance of
recovery at all if the Curie-temperature is reached.

Still, there might be enough stupid terrorists around.

BTW, "smashing" is not a good idea. That mode of destruction
may be relatively easy (just expensive) to recover from. It may
even be withing the capacity of commercial recovery companies,
since the magnetic information stays intact.

Arno
--
For email address: lastname AT tik DOT ee DOT ethz DOT ch
GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
"The more corrupt the state, the more numerous the laws" - Tacitus
Anonymous
a b G Storage
December 27, 2004 11:19:44 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Previously Svend Olaf Mikkelsen <svolaf@partitionsupport.com> wrote:
> On Mon, 27 Dec 2004 19:16:45 GMT, "Mike Redrobe" <mike@redrobe.net>
> wrote:

>>Huh?
>>
>>Its relatively cheap to get data back if it hasn't been overwrittem, even if
>>there is a drive controller failure!

> Do you have a reliable source that indicates that someone today can
> read a disk platter in anything else than the original disk?

There is some indication that as soon as the platter mounting
is opened it is extremely hard to re-center the disks enough to
read them. Still, that would be in the very-expensive-but-feasible
range, I think. On the other hand this type of recovery task
must be rare, so not commercially interesting at all.

Arno
--
For email address: lastname AT tik DOT ee DOT ethz DOT ch
GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
"The more corrupt the state, the more numerous the laws" - Tacitus
Anonymous
a b G Storage
January 4, 2005 12:36:39 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

"Arno Wagner" <me@privacy.net> wrote in message news:33b930F3v3uqjU2@individual.net
> Previously Svend Olaf Mikkelsen <svolaf@partitionsupport.com> wrote:
> > On Mon, 27 Dec 2004 19:16:45 GMT, "Mike Redrobe" <mike@redrobe.net>
> > wrote:
>
> > > Huh?
> > >
> > > Its relatively cheap to get data back if it hasn't been overwrittem, even if
> > > there is a drive controller failure!
>
> > Do you have a reliable source that indicates that someone today can
> > read a disk platter in anything else than the original disk?
>
> There is some indication that as soon as the platter mounting
> is opened

So Arnie Redrobe, how exactly does one open "a platter mounting"?

> it is extremely hard to re-center the disks enough to
> read them. Still, that would be in the very-expensive-but-feasible
> range, I think. On the other hand this type of recovery task
> must be rare, so not commercially interesting at all.
>
> Arno
Anonymous
a b G Storage
January 10, 2005 5:05:58 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

<http://www.computer.org/security/v1n1/garfinkel.htm&gt;


--
A host is a host from coast to coast.................wb8foz@nrk.com
& no one will talk to a host that's close........[v].(301) 56-LINUX
Unless the host (that isn't close).........................pob 1433
is busy, hung or dead....................................20915-1433
Anonymous
a b G Storage
January 10, 2005 9:43:34 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Previously David Lesher <wb8foz@panix.com> wrote:



> <http://www.computer.org/security/v1n1/garfinkel.htm&gt;

Yes, that one is pretty cool. I guess most are due to people that
believe dragginf files to the trash and then emtying the trash does
actually delete anything.

Arno
--
For email address: lastname AT tik DOT ee DOT ethz DOT ch
GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
"The more corrupt the state, the more numerous the laws" - Tacitus
Anonymous
a b G Storage
January 11, 2005 3:21:48 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Arno Wagner wrote:

> Previously Mike Redrobe <mike@redrobe.net> wrote:
>> mcp6453 wrote:
>>> I made the mistake of asking this question in alt.computer, so my
>>> apologies for the somewhat duplicate post. I have some hard drives
>>> that I am donating to charity. The drives contain confidential
>>> information belonging to clients of a law firm. I have a free utility
>>> that writes zeros on the drive, and there are commercial utilities
>>> that do multiple writes. However, the commercial utility I found is
>>> $30, which is more than I want to pay unless absolutely necessary.
>>> Can someone recommend a free or less expensive multi-wipe utility for
>>> hard drives, all space, not just empty?
>
>> After running one or more of these "data removal" programs, run
>> a few "data recovery" programs, to check nothing is there !
>
>> A data recovery company can still get data off the drive by
>> dismantling the drive and using specialised hardware, but if you're
>> that bothered, don't give the drives away, just smash the platters !
>
> That is an unconfirmed myth with modern drives. 15 years ago this was
> possible. Last year the german computer magazine c't tried to get
> data recoverd after a single overwrite on a HDD. All better knowen
> data recovery outfits clamied that they did not have this capability,
> which means that such recovery is either impossible or very expensive
> (think millions).

The trouble with c't's approach is that they did not ask government
forensics agencies. We know what commercial outfits can do at reasonable
cost, we don't know what governments can do if they badly want the data.
>
> Arno

--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)
Anonymous
a b G Storage
January 11, 2005 3:26:18 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Svend Olaf Mikkelsen wrote:

> On Fri, 24 Dec 2004 22:03:46 GMT, Gary L. <nospam@sbcglobal.net>
> wrote:
>
>>On Fri, 24 Dec 2004 13:00:38 GMT, mcp6453 <mcp6453@earthlink.net>
>>wrote:
>>
>>>Can someone recommend a
>>>free or less expensive multi-wipe utility for hard drives, all space,
>>>not just empty?
>>
>>Darik's Boot and Nuke will do the job and it is open source:
>>
>>http://dban.sourceforge.net/
>>
>>Make a boot floppy, then boot from it and choose the number of passes
>>(from one pass of zeros to 35 passes of random data). It will nuke
>>everything, including the MBR, partition tables, etc., but it does
>>take a while to run.
>>
>>Someone else suggested Eraser which is fine but it runs under Windows.
>>I think DBAN is the best choice for your application.
>>
>>- -
>> Gary L.
>> Reply to the newsgroup only
>
> And, if a disk manager was used?

Then it gets wiped too.


--
--John
Reply to jclarke at ae tee tee global dot net
(was jclarke at eye bee em dot net)
Anonymous
a b G Storage
January 12, 2005 4:18:31 AM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

Previously J. Clarke <jclarke@nospam.invalid> wrote:
> Arno Wagner wrote:

>> Previously Mike Redrobe <mike@redrobe.net> wrote:
>>> mcp6453 wrote:
>>>> I made the mistake of asking this question in alt.computer, so my
>>>> apologies for the somewhat duplicate post. I have some hard drives
>>>> that I am donating to charity. The drives contain confidential
>>>> information belonging to clients of a law firm. I have a free utility
>>>> that writes zeros on the drive, and there are commercial utilities
>>>> that do multiple writes. However, the commercial utility I found is
>>>> $30, which is more than I want to pay unless absolutely necessary.
>>>> Can someone recommend a free or less expensive multi-wipe utility for
>>>> hard drives, all space, not just empty?
>>
>>> After running one or more of these "data removal" programs, run
>>> a few "data recovery" programs, to check nothing is there !
>>
>>> A data recovery company can still get data off the drive by
>>> dismantling the drive and using specialised hardware, but if you're
>>> that bothered, don't give the drives away, just smash the platters !
>>
>> That is an unconfirmed myth with modern drives. 15 years ago this was
>> possible. Last year the german computer magazine c't tried to get
>> data recoverd after a single overwrite on a HDD. All better knowen
>> data recovery outfits clamied that they did not have this capability,
>> which means that such recovery is either impossible or very expensive
>> (think millions).

> The trouble with c't's approach is that they did not ask government
> forensics agencies. We know what commercial outfits can do at reasonable
> cost, we don't know what governments can do if they badly want the data.

True. But there is an other side to it: For a government to "badly"
want the data, it has to be massively important to national security.
Ordinary law enforcement will not qualify. Anything high-volume does
not qualify. Individuel recoveries will be quite expensive.

There is also the second angle that once this capability is publicly
known, it looses a significant part of its value since people will
delete more securely. That means it will be done sparingly, not many
people will know about this capability and results will not be used in
court.

Example: Harsh as it sounds, if somebody raped a kid to death and has
an overwritten video of this on disk, the government will likely
not want the data badly enough to even try such a recovery. (Still
I hope that in these cases the police will do fine with other
evidence and usually it does.)

If, on the other hand, evidence of terrorist activity is on that
disk in overwritten form and the right government gets hold of
that disk and suspects what was on it, they might be able to recover
from an overwrite. But they would want to not admit having been
able to do that, because then the terrorists will go for physical
destruction and this intelligence source will be gone.

In a country that respects human rights and due process of law that
makes even minor terrorists (e.g. small time supporters) reasonably
safe with a single overwrite. In other countries anything can happen
to you, but "they" would likely just do that to you anyways even if
they did not get the evidence from your disk. The real risk in such
countries is that others might be implicated by the overwritten
data. Again not a problem unless you are a member of a criminal
or terrorist organisation or the like.

Which exact countries respect dues process and human rights is left as
an excercise to the reader.

Arno
--
For email address: lastname AT tik DOT ee DOT ethz DOT ch
GnuPG: ID:1E25338F FP:0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
"The more corrupt the state, the more numerous the laws" - Tacitus
Anonymous
a b G Storage
January 12, 2005 4:02:43 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

In article <34jc76F4aq5c1U1@individual.net>,
Arno Wagner <me@privacy.net> wrote:
>Previously J. Clarke <jclarke@nospam.invalid> wrote:
>> Arno Wagner wrote:
>
>>> Previously Mike Redrobe <mike@redrobe.net> wrote:
>>>> mcp6453 wrote:
>>>>> I made the mistake of asking this question in alt.computer, so my
>>>>> apologies for the somewhat duplicate post. I have some hard drives
>>>>> that I am donating to charity. The drives contain confidential
>>>>> information belonging to clients of a law firm. I have a free utility
>>>>> that writes zeros on the drive, and there are commercial utilities
>>>>> that do multiple writes. However, the commercial utility I found is
>>>>> $30, which is more than I want to pay unless absolutely necessary.
>>>>> Can someone recommend a free or less expensive multi-wipe utility for
>>>>> hard drives, all space, not just empty?
>>>
>>>> After running one or more of these "data removal" programs, run
>>>> a few "data recovery" programs, to check nothing is there !
>>>
>>>> A data recovery company can still get data off the drive by
>>>> dismantling the drive and using specialised hardware, but if you're
>>>> that bothered, don't give the drives away, just smash the platters !
>>>
>>> That is an unconfirmed myth with modern drives. 15 years ago this was
>>> possible. Last year the german computer magazine c't tried to get
>>> data recoverd after a single overwrite on a HDD. All better knowen
>>> data recovery outfits clamied that they did not have this capability,
>>> which means that such recovery is either impossible or very expensive
>>> (think millions).
>
>> The trouble with c't's approach is that they did not ask government
>> forensics agencies. We know what commercial outfits can do at reasonable
>> cost, we don't know what governments can do if they badly want the data.
>
>True. But there is an other side to it: For a government to "badly"
>want the data, it has to be massively important to national security.
>Ordinary law enforcement will not qualify. Anything high-volume does
>not qualify. Individuel recoveries will be quite expensive.
>


For national security purposes getting just one block (512 bytes) off
a disk will be valuable if it has a name, a phone number, or something
that looks like an account code for an unidentified bank, since these
bits may dovetail wil other facts to make an investigation move
forward or connect the suspect to someone else, or as a crib to crack
a backlog of encrypted messages.

In the civilian or business world, such fragments of information would
probably not be very useful.

--

a d y k e s @ p a n i x . c o m

Don't blame me. I voted for Gore.
Anonymous
a b G Storage
January 12, 2005 10:04:47 PM

Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)

On Tue, 11 Jan 2005 12:26:18 -0500, "J. Clarke"
<jclarke@nospam.invalid> wrote:

>Svend Olaf Mikkelsen wrote:
>
>> On Fri, 24 Dec 2004 22:03:46 GMT, Gary L. <nospam@sbcglobal.net>
>> wrote:
>>
>>>On Fri, 24 Dec 2004 13:00:38 GMT, mcp6453 <mcp6453@earthlink.net>
>>>wrote:
>>>
>>>>Can someone recommend a
>>>>free or less expensive multi-wipe utility for hard drives, all space,
>>>>not just empty?
>>>
>>>Darik's Boot and Nuke will do the job and it is open source:
>>>
>>>http://dban.sourceforge.net/
>>>
>>>Make a boot floppy, then boot from it and choose the number of passes
>>>(from one pass of zeros to 35 passes of random data). It will nuke
>>>everything, including the MBR, partition tables, etc., but it does
>>>take a while to run.
>>>
>>>Someone else suggested Eraser which is fine but it runs under Windows.
>>>I think DBAN is the best choice for your application.
>>>
>>>- -
>>> Gary L.
>>> Reply to the newsgroup only
>>
>> And, if a disk manager was used?
>
>Then it gets wiped too.

Too? Why do you think the data would be wiped? I did not check
recently, but last time I checked the data would not be wiped, as far
as I remember.
--
Svend Olaf
!