TMGeorge

can normal people recover a "simple" wiped HDD

Recommended Posts

Hi,

I am just curious as I have to give back a PC at work which also contains some private data and because of that I want to clear the HDD. I don’t trust our IT.

I've seen tools like DBAN etc. which offer quite some methods to wipe a hdd: different patterns, multiple iterations. I think this is even those patterns and iterations are standardized.

My question is, if I just would delete all files and create a big file over the whole partition just with 0x00 (or data from /dev/rand). Can normal people recover the data or does it have to be opened and analyzed by experts?

(BTW it’s currently a NTFS partition under XP which I would delete and create a EXT-Partition under linux. I hope this clears directory entries …)

thx n rgds

tmg

Share this post


Link to post
Share on other sites

Well freely available recovery tools can handle stuff that is deleted and not completely covered over. One quick example would be http://www.piriform.com/recuva

If you are really worried about it, do a single pass with dban and forget about it.

Share this post


Link to post
Share on other sites

No here as well.

Assuming all the files(including MBR/Parition table) get overwritten, you should be good. As mentioned Deleting/formatting by itself is not good enough...A zero fill by itself without rand should also be good for "normal people".

As for using rand type of command, look into this command: ' dd if=/dev/urandom of=/dev/sda bs=1M '

http://how-to.wikia.com/wiki/How_to_wipe_a_hard_drive_clean_in_Linux

Share this post


Link to post
Share on other sites

Even a simple full wipe over the data with all 0's will make it next to impossible to recover. I have the recovery estimates from Ontrack to prove it. :blink:

How many zeros were in that estimate or was it just a referral to the NSA? :P

Share this post


Link to post
Share on other sites

If you DBAN a harddrive then the data should be unrecoverable - especially if you use the paranoid mode with 35 overwrites.

On that note, CCleaner can also clear empty space - or delete data by overwriting several times, just in case you need to retain the OS for the IT deparment.

(I wouldn't be surprised if they claimed you broke the laptop if you DBAN it...)

Share this post


Link to post
Share on other sites
Guest russofris

My question is, if I just would delete all files and create a big file over the whole partition just with 0x00 (or data from /dev/rand). Can normal people recover the data or does it have to be opened and analyzed by experts?

The short answer is "no". Recovering data from a zero'd HDD is nearly impossible. Given an original reference file, you might be able to determine the statistical likelihood of that file having once existed on the HDD, but you would never be able to "recover data" from the drive. This is only useful if you possess a file "SecretSauce.txt" and want to determine the likelihood that the contents of "SecretSauce.txt" were ever present on a blank HDD. Writing from /dev/rand removes the possibility of this form of analysis.

The bigger obstacle is that you have to do it "right". Make certain the zero's actually make it to the disk, and not simply to the cache. If you are using the dd utility to copy from /dev/rand or /dev/zero, I believe that there are direct and fsync options.

Last note, writing zeros to disk does not wipe data from sectors in the G/P-lists. If you had extremely sensitive data on the drive and the drive has a number of newly remapped sectors, take a hammer to it.

Frank

Edited by russofris

Share this post


Link to post
Share on other sites
If you DBAN a harddrive then the data should be unrecoverable - especially if you use the paranoid mode with 35 overwrites.
As noted, hell, a single pass of 0's (or random data) is essentially 100% unrecoverable even to professionals like FADV, Ontrack, Drivesavers, etc. etc. etc.

DBAN in 7-pass mode is already overkill even if you're paranoid, and if you're so paranoid you feel like 35-passes is needed you might as well save yourself the time and energy and just take the harddisk out and feed it into a grinder, it'll be faster and use less energy. :D:P

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now