How many times to overwrite to REALLY delete a file?

Discussion in 'Computers, Hardware, and Operating Systems' started by WA3LKN, Oct 8, 2011.

Thread Status:
Not open for further replies.
ad: L-HROutlet
ad: l-assoc
ad: l-sarc
ad: l-rl
ad: L-Geochron
ad: L-rfparts
ad: l-Waters
ad: l-innov
ad: l-gcopper
  1. WA3LKN

    WA3LKN Ham Member QRZ Page

    I use the free program "CCleaner" to scrub any files I delete. I have to option of over-writing a deleted file 1,3,7, and 35 times.

    You would think once would do it. Is 35 really that much more secure?

    Does it depend on what type of file? Is a word file easier to delete than an image file, for example?
     
  2. G4ILO

    G4ILO Ham Member QRZ Page

    Once is enough to prevent anyone using a PC to recover the data. A forensic laboratory using special equipment could still detect the magnetization. It depends whether what's on your drive is interesting enough to attract that kind of attention. ;)

    Many years ago I worked for a government organization that handled classified data and hard drives were sent to be melted down after replacement.
     
  3. N0BOX

    N0BOX Ham Member QRZ Page

    Normally, when a computer "deletes" a file, all it does is mark the area of the drive that the file physically occupies as "free to be used for other stuff. The data might still be there for the life of the drive if the computer never decides to write over that spot in the future. Anyone with the software to look at the drive at the block level could find the data later.

    There are techniques involving extremely expensive lab equipment that can be used to recover data, even if it has been overwritten. Maybe even if it's been written over several times. If you absolutely need to get rid of some top-secret data, you'll want to nuke it as many times as you can. You'll actually have to overwrite every single file you delete several times, since chunks of files are routinely moved around when the drive is automatically defragmented in Vista/7.

    I think the Dept. of Defense standard for a drive wipe is a 7-pass random-byte rewrite, probably with a few passes being a reset to all 0s or all 1s. Not completely sure, but 7-pass sticks out in my mind. 35 is probably considered completely unrecoverable using today's technology.
     
  4. WA9SVD

    WA9SVD Ham Member QRZ Page

    It will depend upon just how "clean" you want the hard drive to be. Simply "deleting" or "erasing" files, as stated above, merely makes the file area available for re-use, but does not actually destroy the date.
    In the past, Norton and some manufacturers offered utilities that would do several passes through a hard drive, writing various combinations of all "1's," then all "0's," and so on for a few cycles, to hopefully remove all evidence of previous data; some even claimed to "write between the tracks" to even erase residual magnetism.
    A t least in the past, Norton Utilities has an option that would comply with DoD erasure, but was a long process, as it had to overwrite the disk several times.
    Despite any or all software solutions, there are ($$$$) recovery methods that can (ostensibly) retrieve data that involve disassembly of drives in a "clean room" and physically trying to read data on equipment designed to detect very weak magnetic signals not able to be detected by ordinary hardware.
    The question is, how valuable is your data? Your typical credit card thief isn't going to go through dozens or hundreds of hours looking for access numbers. On the other hand, if a hard drive contains National Security level data, physical destruction of the drive (or at least the magnetic platters) is the only sure way to prevent retrieval of data.

    When working on client's computers, and they have sensitive data on a failed hard drive, I usually disassemble the drive, place the platters under a BIG auto speaker magnet for a few days, and then return the platters to them. Some clients have made the platters into wind chimes...
     
  5. AC0H

    AC0H Premium Subscriber QRZ Page

    This is correct.
    I have used a utility called DBan (Dariks Boot and Nuke) for a few years that will allow you to scub the drive to DoD standards.
    7 passes will leave a drive completely devoid of old data.

    I learned about this while doing contract work for a company bringing itself into Sarbanes/Oxley compliance.
    Any drive that contained company financial or customer data had to have the drives scrubbed to DoD before being re-tasked somewhere else in the company.
     
  6. VK2AKG

    VK2AKG Ham Member QRZ Page

    rapid HDD erasure

    Glad I'm doing something right - any hard drives I dispose of get a quick touch of the gas axe.

    image001.jpg

    I first started doing this when I had to erase a large quantity of hard drives for a SK friend and quickly discovered how slow it was going to be to properly wipe his entire stash of hard drives using software.

    I erased his CDs in the microwave oven.

    image007.jpg

    Looks pretty enough to be "art"

    73 Frank vk2akg
     
  7. AF6LJ

    AF6LJ Ham Member QRZ Page

    This is a good utility I use it.
    One thing that needs to be taken into consideration; if you have a hidden restore partition on the drive that is to be wiped it will wipe that partition also. DBAN will wipe the whole drive.

    Goes to show some of the best software is FREE :)
     
  8. WA9SVD

    WA9SVD Ham Member QRZ Page

    Of course, if the hard drive has experienced hardware failure, "electronic" erasure isn't an option, anyway. You then have to resort to physical (or magnetic) destruction. The real issue is if the hard drive is to be "redeployed," but the data must be completely removed first.
     
  9. AC2EV

    AC2EV XML Subscriber QRZ Page

    Without disassembling the drive and removing the platters to read the data 3 wipes, preferably all 1s, all 0s and then random is all that is necessary. 7 passes is unnecessary and just wastes time.
     
  10. KB4QAA

    KB4QAA XML Subscriber QRZ Page

    The DOD standard is 7 passes each alternating of 1 and 0's. "CC Cleaner" is a free app that will do security wipes. I've been using it for several years. It gets regular updates.
     
  11. G4COE

    G4COE Ham Member QRZ Page

    Tell ya a story:
    I accidentally reformatted a slave drive with all my pcb cad and jpegs on amongst other files. I got them all back thanks to a program I had to buy. So What!

    Well, this got me thinking, I clones a spare hard drive and had to reformat it three times before I couldn't get any data from it, this is with XP pro.

    The best way I can describe is the magnetic head prints are like footprints in the snow always a wee bit bigger. I use CC cleaner along with Privacy Guardian. You think Crap Cleaner cleans all the files - Ya wrong! It doesn't delete Macro Media files unless configured, these are the most dangerous because they store just about every site you go to even your banking transaction!.... not once but twice, there are two folders - these aren't deleted when you do a 'clear out'.

    See this, http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/ and another one here which ought make your hair stand up http://www.sevenmilesearch.com/2011/01/15/ebay-paypal-and-amazon-secretly-track-you/.

    This is how you configure Crap Cleaner to clean these files, http://techtrickz.com/how-to/completely-remove-flash-cookies-with-ccleanaer-how-to/

    If you delete the .sol file you'll delete the Macro Media settings, you can delete the Macromedia folder, it'll just keep coming back though!

    Thought I'd give it a mention, sorry I couldn't see the link button.

    Dave
     
  12. KC2UGV

    KC2UGV Ham Member QRZ Page

    7 pass, using a 1 random, one all zero, repeating; is good for FIPS-140 drive erasure.
     
  13. WA9SVD

    WA9SVD Ham Member QRZ Page


    Just the point! Many attempts (even multiple "erase" utilities) don't remove all traces of data, regardless of their "name," or claims. And having to configure such programs to ostensibly clear all data makes then somewhat less than what they advertise.

    IF the data is to be completely destroyed from a FAILED drive, the only solution is physical or magnetic destruction. if the drive is to be re-used, there's no "quick and dirty" software solution; it WILL take an utility many passes that take many hours (even dozens of hours) to totally wipe a drive clean. Claims to the contrary (of "quick and dirty" removal of data) are, shall we say, "vapourware" and cannot deliver the efficiency they promise.
    While nice to consider, there's really NO accurate way (from a standard PC) to totally eliminate data from single files, folders, or partitions (without potentially damaging other files;) there will always be SOME "overlap" that could be recovered, unless the entire disk is completely "nuked."
     
Thread Status:
Not open for further replies.

Share This Page