A note about the reality of wiping drives. Most of us forensic professionals using the best, most effective or expensive software, but just software, are not going to be able to recover data that has been overwritten by a wiping program, even with just one pass. Period.
It is true that the head does not pass exactly over the same location on any given pass, so its possible for the "edges" of the data previously written on the disk to remain -- described in one analogy like the snow that piles up on the side of the street when the snowplow passes by. Multiple pass wipes are supposed to solve this by allowing the head to have some statistical chance of flying over one of those edges on a subsequent pass. However, multi-pass wiping is only necessary to defeat electro-magnetic microscopy, or similar hardware techniques. For anything short of a clean room and (very) expensive equipment, one pass is enough. That is, one pass with a wiping utility renders the overwritten data UNRECOVERABLE to anyone using a software recovery tool. >From the perspective of a "wipe" program, or any standard forensics application, >there would be no difference between one pass with a wiping utility and a hundred >passes. If the wiping program is genuinely capable of overwrite data on a cluster, >no recovery program will be able to see "under" the data. All the programs can do is >interpret what the hard drive passes them, and if hard drives did not consistently >return what was last written on them no one would use them. While it is potentially true that someone will have enough determination and money, it is not at all probable. Unless, for some reason, you believe an entire government is interested in recovering your donated drive. So, in reality and very pragmatically speaking: 1. It is a waste of time to wipe with more than one pass, and 2. Companies that claim their data recovery software can recover wiped data are being disingenuous, and 3. You can use any of the suggested wiping tool with confidence before donating your drive. I wipe *every* drive that leaves our shop, and I sleep just fine at night :) Dan Gallivan PS: With thanks to Troy Larson and James N. -----Original Message----- From: Sullivan, Glenn [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 11, 2003 8:02 AM To: '[EMAIL PROTECTED]' Subject: RE: Suggestions on free XP hard drive wiping utilities? Frankly, and this will sound sarcastic but it is really the only "thorough" option: A revolver. Any software product made will not wipe out data that someone with enough determination (and money) can't get back. Glenn Sullivan, MCSE+I MCDBA David Clark Company Inc. -----Original Message----- From: Champion, Steve [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 4:34 PM To: '[EMAIL PROTECTED]' Subject: Suggestions on free XP hard drive wiping utilities? > Would someone please throw out a URL and suggestions for free Windows XP, > hard drive wiping utility's? Something that will wipe a drive to a > machine that's going to be donated or thrown away? > > Preferably something thorough? > > Thank You > Steve Champion > Sr. Data Security Analyst > The Methodist Hospital. > [EMAIL PROTECTED]
