1 |
On 2 Feb 2006, at 11:28, Alexander Skwar wrote: |
2 |
>> |
3 |
>> This is not what normally (or at least, _always_) happens when you |
4 |
>> format a hard-drive. |
5 |
> |
6 |
> Well, depends on the definition of "format". If you |
7 |
> define format as "overwrite partition table", than |
8 |
> you're right. But that's hardly what I'd call "format". |
9 |
|
10 |
I was referring to the definition of "format" generally used by the |
11 |
authors & suppliers of formatting utilities. If you format a disk in |
12 |
Windows, or certainly if you "quick format" it, it doesn't run a |
13 |
quick call to `dd if=/dev/zero of=/de/hdX`; it merely overwrites the |
14 |
partition table so the data IS often recoverable after a format. |
15 |
|
16 |
If you were merely formatting a disk for your own use, had no |
17 |
expectation that it would fall into anyone else's hands, and were in |
18 |
a hurry to use the disk with its new filesystem on it, you would |
19 |
surely be wasting time were you to insist on blanking every single |
20 |
bit on the device - it's simply not necessary. |
21 |
|
22 |
I am not qualified to comment on recovery of data from a disk that |
23 |
has been wiped with zeros in the way you describe, nor from one which |
24 |
has been shredded properly with repeated iterations of random & non- |
25 |
random bits, but there certainly does seem to be a lot of hearsay on |
26 |
the subject. I would consider the a disk that's been comprehensively |
27 |
overwritten once to be unrecoverable from the practical perspective |
28 |
of the original discussion (a mate in the pub) but do consider a disk |
29 |
that's been over-written with shred to be unrecoverable as far as my |
30 |
customers' commercial data is concerned. |
31 |
|
32 |
Whilst writing this I looked up `info shred` which claims: |
33 |
|
34 |
If you have sensitive data, you may want to be sure that recovery |
35 |
is not possible by actually overwriting the file with non-sensitive |
36 |
data. However, even after doing that, it is possible to take the |
37 |
disk back to a laboratory and use a lot of sensitive (and expensive) |
38 |
equipment to look for the faint "echoes" of the original data |
39 |
underneath the overwritten data. If the data has only been |
40 |
overwritten |
41 |
once, it's not even that hard. |
42 |
|
43 |
The best way to remove something irretrievably is to destroy the |
44 |
media it's on with acid, melt it down, or the like. |
45 |
|
46 |
The info page references Peter Gutmann's paper `Secure Deletion of |
47 |
Data from Magnetic and Solid-State Memory'. I'm not qualified to |
48 |
assess this paper fully, and hard-drives have progressed considerably |
49 |
in the last decade, but my naive reading of the conclusion seems to |
50 |
support the suggestion that a single write may not be sufficient to |
51 |
thwart a determined attacker: |
52 |
|
53 |
Data overwritten once or twice may be recovered by subtracting what |
54 |
is expected to be read from a storage location from what is actually |
55 |
read... it is effectively impossible to sanitise storage locations |
56 |
by simple overwriting them, no matter how many overwrite passes are |
57 |
made or what data patterns are written. However by using the |
58 |
relatively simple methods presented in this paper the task of an |
59 |
attacker can be made significantly more difficult, if not |
60 |
prohibitively |
61 |
expensive. |
62 |
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html which |
63 |
concludes: |
64 |
|
65 |
I state once again that I'm not really qualified to comment on the |
66 |
subject to this depth, so I offer these references merely for your |
67 |
perusal. I would be grateful if you refrained in any future responses |
68 |
from the sneering manner you have employed in those to date. |
69 |
|
70 |
Stroller. |
71 |
|
72 |
|
73 |
|
74 |
-- |
75 |
gentoo-user@g.o mailing list |