"Robert Thompson Jr." <rthompson@xxxxxxxxxxxxxxxx> wrote: > If you have ever done any form of data recovery, you will see how much > information is recoverable, with just basic tools off of the internet. It's just that way, if you don't take any care deleting your data. > with a free demo and take a hard drive, catalog it, format it (after > backing up what you need of course) then recover it. Watch how much > information you retrieve. Should be all of it, and then some. This is not the case, if you follow a proper procedure. The effect of "formatting" a harddisk is grossly overestimated by the average user - probably due to its historic effect on floppy disks. The same is true for "deleting". Both operations usually only change a very small part of the harddisk. For efficiency reasons. Formatting usually only deletes tables of free blocks, root directory and some management information. Deleting usually only removes the directory linkage and evetually frees up the disk space, if no hardlinks are present, but doesn't touch the data itself. However, while it is pretty hard to securely delete data on modern filesystems, if the filesystems were not designed to do this themselves, it is relatively easy to destroy almost any data when wiping entire drives. Try your above experiment after you have not merely "formatted" the disk, but rather wiped it with even a single pass of dd if=/dev/zero of=/dev/[harddiskdevice] This will render almost any attempt of software recovery useless. The only data that should be recoverable by software tools is old weak data from mapped out sectors and the like. This requires specialized software that talks to the drives on a pretty low level, but is doable. Of course, only very small amounts of data should be recoverable. Just look at the mapped out sector counts from the SMART data of old harddisks. You'd be lucky, if you find a few hundred sectors. > I recall the first time I ever did a recovery from a hard drive that had > something off happen to it. I pulled up information on that drive from > back when it was first used. YEARS before... Sure. But that data was never deleted in a secure manner. > With wiping/sanitizing of your hard drives, you have elimiated having to > worry about any mediocre programs doing any data recovery, but "good" > programs or hardware recovery is still an option. Any software recovery of a properly wiped drive will only have very limited success. > Now imagine what a hardware based recovery could pull off? IMHO: Not so much more. Modern harddisks have such a high density, that those "off track reading" and "remanent magnetism" arguments don't quite hold. If the signal from there were useable with a reasonable amount of hardware cost, it would be used to put more data on the media. Are there any public studies about what commercial data recovery providers can achieve after a harddisk was overwritten with a single sweep of zeroes? > I would recommend using the sanitizing products as they will help keep > the people that don't have the time or money from locating anything on > your box, but for those out there that have the money or have the time, > they will be able to get just about anything off of your disk. I doubt that, but if you think your data is valueable enough to make such an attack feasible, I'd rather not recommend your choices: > To keep your drives completely secure, you have two choices: either > don't use them, ever... OR physically destroy them when you are > finished. but recommend to encrypt your sensitive data. Reason: If you data is valueable enough to spend a few thousand dollars to pull it off a discarded harddrive, it is almost certain, that you need to spend less and gain more by getting the drive right from your office while it is still in use and no deletion has been attempted. Kind regards, Andreas Beck -- Andreas Beck http://www.bedatec.de/
