• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Hard Drive erasing progarm?

Originally posted by: fishjie
question: does doing a format of the hard drive not gurantee deletion of all data?
Click to expand...

Correct. Most format software will simply remove the file lookup table information and leave the blocks alone. When you actually go to write to a new block of data, it will then actually format that block at that time. As such, if the disk was previously formated and had data stored on the disk, that data will still be accessible from forensic disk analyzer software and can be reconstructed and retrieved.

You need to use a format program that actually writes and re-writes to all data blocks when it actually does the format command. The reason most new format utilities do not do this is because it would take a long time to format the large sized disks.
 
Originally posted by: Fallen Kell
Originally posted by: fishjie
question: does doing a format of the hard drive not gurantee deletion of all data?
Click to expand...

Correct. Most format software will simply remove the file lookup table information and leave the blocks alone. When you actually go to write to a new block of data, it will then actually format that block at that time. As such, if the disk was previously formated and had data stored on the disk, that data will still be accessible from forensic disk analyzer software and can be reconstructed and retrieved.

You need to use a format program that actually writes and re-writes to all data blocks when it actually does the format command. The reason most new format utilities do not do this is because it would take a long time to format the large sized disks.
Click to expand...

Most format tools (including the ones that Windows comes with) have the option to do a "full" format (or else they will have an option for a "quick" format, which will do what you described above, and deselecting that option will do a full format). A "full" format or zero fill (sometimes erroneously called a "low level format") will make it impossible to use data reconstruction software on the drive. For most people, this is plenty good.

However, even a zero fill of the drive may leave some data that can still be read by disassembling the drive and reading the platters with higher-resolution magnetic scanners. Writing multiple passes of random data (like DBAN does) is better, but due to things like track alignment error, there may still be some readable data on the drive afterwards.

If the data on the drive is sensitive enough that you think someone might be willing to spend many thousands of dollars to acquire it (corporate/military secrets, etc.), then the only real option is to destroy the drive.
 
"Hard Drive erasing progarm?"

Topic Title

I also wanted to say next time please use the search function I've seen plenty of these threads
 
I've played with Mac OS X, and noticed that when you want to format a HD it has the option to write zeroes to the HD, and has another option to do that seven times. I wonder why MS didn't include that option on their OS.

Not taking sides for Apple or MS, I like both.
 
Originally posted by: Matthias99
Originally posted by: Fallen Kell
Originally posted by: fishjie
question: does doing a format of the hard drive not gurantee deletion of all data?
Click to expand...

Correct. Most format software will simply remove the file lookup table information and leave the blocks alone. When you actually go to write to a new block of data, it will then actually format that block at that time. As such, if the disk was previously formated and had data stored on the disk, that data will still be accessible from forensic disk analyzer software and can be reconstructed and retrieved.

You need to use a format program that actually writes and re-writes to all data blocks when it actually does the format command. The reason most new format utilities do not do this is because it would take a long time to format the large sized disks.
Click to expand...

Most format tools (including the ones that Windows comes with) have the option to do a "full" format (or else they will have an option for a "quick" format, which will do what you described above, and deselecting that option will do a full format). A "full" format or zero fill (sometimes erroneously called a "low level format") will make it impossible to use data reconstruction software on the drive. For most people, this is plenty good.

However, even a zero fill of the drive may leave some data that can still be read by disassembling the drive and reading the platters with higher-resolution magnetic scanners. Writing multiple passes of random data (like DBAN does) is better, but due to things like track alignment error, there may still be some readable data on the drive afterwards.

If the data on the drive is sensitive enough that you think someone might be willing to spend many thousands of dollars to acquire it (corporate/military secrets, etc.), then the only real option is to destroy the drive.
Click to expand...

Correct, which is why for when a government facility is getting rid of a disk used to store classified material they go through a wipe process which involves using a program to randomly write a a full sized block of random 1's and 0's to each and every block of data on the disk, including the hidden/reserved data blocks that are held for use when sectors are marked bad. I believe the current standard is 5 complete runs of that utility before the disk can be gotten rid of. If the disk has failed they will destroy them in either an acid bath or a degauser which litterally rips the magnetic coating off the glass substrates.
 
Originally posted by: Fallen Kell
Originally posted by: Matthias99
Originally posted by: Fallen Kell
Originally posted by: fishjie
question: does doing a format of the hard drive not gurantee deletion of all data?
Click to expand...

Correct. Most format software will simply remove the file lookup table information and leave the blocks alone. When you actually go to write to a new block of data, it will then actually format that block at that time. As such, if the disk was previously formated and had data stored on the disk, that data will still be accessible from forensic disk analyzer software and can be reconstructed and retrieved.

You need to use a format program that actually writes and re-writes to all data blocks when it actually does the format command. The reason most new format utilities do not do this is because it would take a long time to format the large sized disks.
Click to expand...

Most format tools (including the ones that Windows comes with) have the option to do a "full" format (or else they will have an option for a "quick" format, which will do what you described above, and deselecting that option will do a full format). A "full" format or zero fill (sometimes erroneously called a "low level format") will make it impossible to use data reconstruction software on the drive. For most people, this is plenty good.

However, even a zero fill of the drive may leave some data that can still be read by disassembling the drive and reading the platters with higher-resolution magnetic scanners. Writing multiple passes of random data (like DBAN does) is better, but due to things like track alignment error, there may still be some readable data on the drive afterwards.

If the data on the drive is sensitive enough that you think someone might be willing to spend many thousands of dollars to acquire it (corporate/military secrets, etc.), then the only real option is to destroy the drive.
Click to expand...

Correct, which is why for when a government facility is getting rid of a disk used to store classified material they go through a wipe process which involves using a program to randomly write a a full sized block of random 1's and 0's to each and every block of data on the disk, including the hidden/reserved data blocks that are held for use when sectors are marked bad. I believe the current standard is 5 complete runs of that utility before the disk can be gotten rid of. If the disk has failed they will destroy them in either an acid bath or a degauser which litterally rips the magnetic coating off the glass substrates.
Click to expand...

I've actually heard that disks that ever contained "Top Secret" classification data are always destroyed (by degaussing, or being literally shredded; I doubt an acid bath would be an effective disposal technique, and is awfully messy/dangerous).

Disks that contained less sensitive information (e.g. financial or personal data) would probably just be wiped quite thoroughly, as you described. There is a DOD (Department of Defense) specification for wiping hard drives; it is along those lines.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top