Limitations of (All) Overwriting to Secure Data

[Inquirer]

1. The following seems to be accepted as fact, should it be?:

While there is no method of overwriting data which can render it truly
impossible to recover, the expertise, cost and time required to
recover data which has been thoroughly overwritten makes this
possibility so remote as to be statistically irrelevant for the
overwhelming majority of people.

2. How remote a possibility is it that a discarded, sold or donated
HD could eventually end-up in the hands of a data-recovery-expert who
already has the requisite equipment and, as a hobby, enjoys seeing
what he can find on HDs which come his way?

Perhaps the time required would make it prohibitive for someone
currently working in the data-recovery field to do this without
renumeration but what about someone now retired?

Just wondering.

3. Would literally burning in fire a HD or other media (CD, FD,
flash-drive, Zip, etc.) release toxic fumes?

4. How do military and gov. entities physically destroy media
containing sensitive data?

 

[Paul]

1. The following seems to be accepted as fact, should it be?:

While there is no method of overwriting data which can render it truly
impossible to recover, the expertise, cost and time required to
recover data which has been thoroughly overwritten makes this
possibility so remote as to be statistically irrelevant for the
overwhelming majority of people.

2. How remote a possibility is it that a discarded, sold or donated
HD could eventually end-up in the hands of a data-recovery-expert who
already has the requisite equipment and, as a hobby, enjoys seeing
what he can find on HDs which come his way?

Perhaps the time required would make it prohibitive for someone
currently working in the data-recovery field to do this without
renumeration but what about someone now retired?

Just wondering.

3. Would literally burning in fire a HD or other media (CD, FD,
flash-drive, Zip, etc.) release toxic fumes?

4. How do military and gov. entities physically destroy media
containing sensitive data?

This doc is a reasonable primer.

http://www.rcmp-grc.gc.ca/tsb/pubs/it_sec/g2-003_e.pdf

Paul

 

[VWWall]

This doc is a reasonable primer.

http://www.rcmp-grc.gc.ca/tsb/pubs/it_sec/g2-003_e.pdf

Paul

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01
Transitional//EN"><html><head><title></title></head><body></body></html>

You didn't give it enough overwrite random passes!! (

 

[kony]

1. The following seems to be accepted as fact, should it be?:

While there is no method of overwriting data which can render it truly
impossible to recover, the expertise, cost and time required to
recover data which has been thoroughly overwritten makes this
possibility so remote as to be statistically irrelevant for the
overwhelming majority of people.

No, it doesn't seem to be accepted as fact at all, quite the
contrary.

There is no amount of expertise, cost or time that has been
demonstrated effective in recovering data if a sufficient #
of random overwrite passes are performed. The biggest
debate is how many passes are sufficient so most go
overboard, to excess to err on the safe side.

2. How remote a possibility is it that a discarded, sold or donated
HD could eventually end-up in the hands of a data-recovery-expert who
already has the requisite equipment and, as a hobby, enjoys seeing
what he can find on HDs which come his way?

You are probably wasting your time, there's no reasonable
way to calculate this for any one drive though obviously the
possiblity can be considered extremely unlikely, unless your
prior activities somehow targeted you for investigation.

Perhaps the time required would make it prohibitive for someone
currently working in the data-recovery field to do this without
renumeration but what about someone now retired?

You're still assuming it is only a matter of time or money.
So far no amount of time or money has been able to recover
data prudently overwritten, let the first proof if it
surface before making any assumption that it is possible at
all, ever, in any kind of scenario.



I wonder if you are just trolling, looking to incite flaming
arguments because you have already made false conclusions
that completely invalidate your entire post. Don't rely on
urban legends, seek actual proof that a drive with
sufficient passes of random overwrites has been recovered
one single time in the history of mankind. Anybody can make
some random theory about how they would TRY to do it, or why
it MIGHT be possible, but they are only considering very
very basic concepts at that stage, have no reliable proof
that it can be done without it actually being done.

I've challenged others to supply proof and they can't, will
make any excuse instead. There is no reason to believe it's
possible, only that those claiming it are thinking it
possible based on only limited information, conceptually,
then begin arguing when they can't resolve the rest of the
information needed to do it. I could claim I can jump up
and land on the moon if we only think in such limited ways,
ignoring other factors like gravity.

 

[Rod Speed]

1. The following seems to be accepted as fact, should it be?:
Yep.

While there is no method of overwriting data
which can render it truly impossible to recover,

Thats always been a mindless myth.

the expertise, cost and time required to recover data which has
been thoroughly overwritten makes this possibility so remote as
to be statistically irrelevant for the overwhelming majority of people.

Its actually rather safer than that.

2. How remote a possibility is it that a discarded, sold or donated
HD could eventually end-up in the hands of a data-recovery-expert
who already has the requisite equipment and, as a hobby, enjoys
seeing what he can find on HDs which come his way?

If you do the proper DOD secure wipe, he'll just be wasting his time.

Perhaps the time required would make it prohibitive for someone
currently working in the data-recovery field to do this without
renumeration but what about someone now retired?

Still wasting his time.

Just wondering.

3. Would literally burning in fire a HD or other media
(CD, FD, flash-drive, Zip, etc.) release toxic fumes?

Not toxic in the sense that its any worse than burning anything.

4. How do military and gov. entities physically
destroy media containing sensitive data?

Varys. Usually its melted down. And thats done just because
its cheap and eliminates any possibility of recovery.

 

[paulmd]

1. The following seems to be accepted as fact, should it be?:

While there is no method of overwriting data which can render it truly
impossible to recover, the expertise, cost and time required to
recover data which has been thoroughly overwritten makes this
possibility so remote as to be statistically irrelevant for the
overwhelming majority of people.

An ordinary 3 pass wipe makes it very difficult for most pracitial
purposes. A Quick format is worthless, but a full format might keep the
honest folks honest.

2. How remote a possibility is it that a discarded, sold or donated
HD could eventually end-up in the hands of a data-recovery-expert who
already has the requisite equipment and, as a hobby, enjoys seeing
what he can find on HDs which come his way?

Perhaps the time required would make it prohibitive for someone
currently working in the data-recovery field to do this without
renumeration but what about someone now retired?

Just wondering.


3. Would literally burning in fire a HD or other media (CD, FD,
flash-drive, Zip, etc.) release toxic fumes?

Yes. So does burning ordinary Wood. the fire would have to be pretty
hot to destroy a hard drive platter, but would probably work on tapes,
floppies, CDS, and zips.

 

[Alan Kakareka]

Usual wipe tool, like this

http://hddguru.com/content/en/software/2006.04.13-HDD-Wipe-Tool/

is good enough for regular user, however there are techniques which CAN
recover data from low level formatted HDD. It is possible because HDD is not
100% accurate mechanism and heads are not placed 100% at the center of the
track, eventually, heads are writing information a little bit off-track and
old information could be left "underneath"

3. Would literally burning in fire a HD or other media (CD, FD,
flash-drive, Zip, etc.) release toxic fumes?

I don't know about toxic fumes, but putting a CD into microwave for a few
seconds is very effective way to destroy data on it.

4. How do military and gov. entities physically destroy media
containing sensitive data?

They destroy media physically and if government is selling any computer in
auction - HDD is missing.

--
Alan Kakareka
Data Recovery Service
786-253-8286 cell
http://www.247recovery.com
--

 

[paulmd]

Usual wipe tool, like this

http://hddguru.com/content/en/software/2006.04.13-HDD-Wipe-Tool/

is good enough for regular user, however there are techniques which CAN
recover data from low level formatted HDD. It is possible because HDD is not
100% accurate mechanism and heads are not placed 100% at the center of the
track, eventually, heads are writing information a little bit off-track and
old information could be left "underneath"


I don't know about toxic fumes, but putting a CD into microwave for a few
seconds is very effective way to destroy data on it.


They destroy media physically and if government is selling any computer in
auction - HDD is missing.

I think this only applies to classified info. As my orginisation has
recieved lots of computers from government agencies with intact (and
*almost* always) wiped HDD. (We wipe all hard drives we get anyway with
DBAN, so no biggie)