Saturday, August 07, 2004

Scrubbing the hard disk.

This article from last year talks about recovering data from disks that the former owners thought were clean. Two parts that I found interesting were these:
Many people maintain that shadowy organizations such as the National Security Agency can retrieve data from a hard drive even after that data has been overwritten with a random pattern. Some say that you need to overwrite a hard drive not once, but seven or even 22 times.

In fact, there is no unclassified evidence that data on a modern hard drive can be recovered after it has been overwritten with just a single pass of random information. Some have made such claims, but no such recovery has ever been demonstrated in public.
The paranoid will say that they can do it, but they don't want you to know they can. Even if that's not the case, one could argue that just because it's not possible now does not mean it won't be possible later.

I'm comfortable enough scribbling on the hard drive just once to get my incriminating evidence off of it.

Two ways to burn down the disk under Linux:
  1. dd if=/dev/zero of=/dev/hdxx
  2. dd if=/dev/urandom of=/dev/hdxx
I can tell you from experience that using /dev/zero is a lot faster.

When I wanted to "secure delete" a lot of data under Windows (before passing the computer back to my employer, who owned it), I came up with a crude way to clobber the files I'd deleted. I opened a file on the disk and wrote to it until the disk was full. Satisfied that I'd occupied every block that had once had other files, I deleted the file.

No comments: