Stroller wrote:
> On 2 Feb 2006, at 11:28, Alexander Skwar wrote:
>>>
>>> This is not what normally (or at least, _always_) happens when you
>>> format a hard-drive.
>>
>> Well, depends on the definition of "format". If you
>> define format as "overwrite partition table", than
>> you're right. But that's hardly what I'd call "format".
>
> I was referring to the definition of "format" generally used by the
> authors & suppliers of formatting utilities. If you format a disk in
> Windows, or certainly if you "quick format" it, it doesn't run a
> quick call to `dd if=/dev/zero of=/de/hdX`; it merely overwrites the
> partition table so the data IS often recoverable after a format.
Yes, that's correct, as you are referring to quick format.
> If you were merely formatting a disk for your own use, had no
> expectation that it would fall into anyone else's hands, and were in
> a hurry to use the disk with its new filesystem on it, you would
> surely be wasting time were you to insist on blanking every single
> bit on the device - it's simply not necessary.
But with normal hardware, you cannot be sure that you
overwrite every single bit on the harddrive when
you "shred" it with some software tool. I'm referring
to mapped away bad sectors. Those sectors might contain
interesting data. But with normal tools, you won't be
able to ever get to those sectors.
> I am not qualified to comment on recovery of data from a disk that
> has been wiped with zeros in the way you describe, nor from one which
> has been shredded properly with repeated iterations of random & non-
> random bits, but there certainly does seem to be a lot of hearsay on
> the subject.
Yes, that's absolutely correct. And, once again, it totally
baffles me, that there are so extremely few reports of
overwritten data being recovered. Be it once with "0",
be it multiple times with a Gutman algorithm.
> I would consider the a disk that's been comprehensively
> overwritten once to be unrecoverable from the practical perspective
> of the original discussion (a mate in the pub) but do consider a disk
> that's been over-written with shred to be unrecoverable as far as my
> customers' commercial data is concerned.
Well. If you believe in data recovery to be possible, than
you cannot be sure that a shredded disk is not recoverable.
I most certainly do agree, that a shredded disk is not
recoverable - but IMO even a drive overwritten once with
0 is not recoverable, if we disregard mapped away sectors.
> Whilst writing this I looked up `info shred` which claims:
>
> If you have sensitive data, you may want to be sure that recovery
> is not possible by actually overwriting the file with non-sensitive
> data. However, even after doing that, it is possible to take the
> disk back to a laboratory and use a lot of sensitive (and expensive)
> equipment to look for the faint "echoes" of the original data
> underneath the overwritten data. If the data has only been
> overwritten
> once, it's not even that hard.
How old is that? I don't think that this is still true wrt.
modern drives.
> The best way to remove something irretrievably is to destroy the
> media it's on with acid, melt it down, or the like.
Yep.
> The info page references Peter Gutmann's paper `Secure Deletion of
> Data from Magnetic and Solid-State Memory'.
Which is *extremely* old now and refers to technologies
that are long gone. Modern drives don't resemble MFM much
anymore. Because of that, I've got my doubts about how much
of the Gutman paper is still valid.
> I'm not qualified to
> assess this paper fully, and hard-drives have progressed considerably
> in the last decade,
Exactly. Development in hard drive technology has progressed
enourmously.
> I state once again that I'm not really qualified to comment on the
> subject to this depth,
Me neither.
> I would be grateful if you refrained in any future responses
> from the sneering manner you have employed in those to date.
Pardon?
Alexander Skwar
--
"What was the worst thing you've ever done?"
"I won't tell you that, but I'll tell you the worst thing that
ever happened to me... the most dreadful thing."
-- Peter Straub, "Ghost Story"
--
gentoo-user@gentoo.org mailing list
