Re: Hard Drive scrub
From: Nog (nognog_at_adelphia.net)
Date: Tue, 21 Jun 2005 20:03:18 -0400
"Unruh" <email@example.com> wrote in message
> "nemo_outis" <firstname.lastname@example.org> writes:
>>"someone2" <email@example.com> wrote in
>>> "nemo_outis" <firstname.lastname@example.org> wrote in message
>>>> "---" <email@example.com> wrote in news:kXtse.1721605$6l.1632425@pd7tw2no:
>>>>> Content-Type: text/plain; charset="iso-8859-1"
>>>>> Content-Transfer-Encoding: quoted-printable
>>>>> I've scrubed one of my hard drives using an application that does
>>>>> multiple wipes followed by a final writing of all zeros to every
>>>>> sector of the hard drive.
>>>>> How can I verify that the hard drive has truely been scrubed before
>>>>> I send it offiste?
>>>>> Thank you
>>>> Use any of the file-recovery tools, especially the forensic ones,
>>>> such as Encase, etc.
>>>> This will confirm *software* unrecoverability - if someone is willing
>>>> to spend serious bucks, hardware recovery may still be possible.
>>> Not true.
>>> After a 3 times overwrite virtually nothing is recoverable by any
>>> After a 30 times over write nothing is recoverable.
> Not true. The tracks on the disk can shift by small amounts.Thus the
> rewrite can cover a track that is shifted from the original (eg temp
> changes, electronics changes in the head positioning etc). Those small
> tracks can still have useful info on them. It hard to read, and cannot be
> done with the usual disk hardware, but with special read heads or STMs
> information may well be recoverable.
>>> If someone has the capability to recover anything of use after 7 times
>>> over write I want to speak to them. I will refer DR jobs to them!
>>> Re the OP and his ?. Winhex or similar and examine some random
>>> sectors for text or data.
>>The limits of the possible in data recovery are NOT set by the commercial
>>The US DoD recommends *destruction* of any HD that is to pass outside the
>>agency, EVEN for those used just for general office work, let alone those
>>those that once contained classified data (see, for instance, DoD
>>Directive 8500.1, October 2002. The ancient DoD 5220.22-M with its
>>overwrite specs was rescinded as obsolete long ago!).
>>Even degaussing is viewed askance (since only the top-end units can
>>handle modern high-coercivity drives, and, even then, reliability - 80+
>>dB suppression - is spotty). Software methods, such as overwriting, just
>>don't cut it against a serious adversary (even ignoring, for the moment,
>>that things such as HD buffers - some bigger than 8 megs - may result in
>>7 overwrites really only resulting in one!).
>>Yes, a disk that has been overwritten many times times will not be
>>recoverable by an ordinary recovery shop, but they do not use methods
>>such as second-harmonic magnetoresistive microscopy and newer variants
>>(since they would never be economically viable See, for instance,
>>http://www.boulder.nist.gov). Ordinary users need not worry about such
>>recovery methods, but they are well within the capabilities of TLAs and
>>some other labs (which is why I used "may" in my post).
>>If a HD contains, or has ever contained, sensitive data it should be
>>destroyed, not erased, when one is finished with it. Since new drives
>>cost less than $1/gig these days, anything else is madness.
> Agree completely.
> And when you destroy it, make sure that you heat the platters to a high