The myth that to delete data really securely from a hard disk you have
to overwrite it many times, using different patterns, has persisted for
decades, despite the fact that even firms specialising in data recovery,
openly admit that if a hard disk is overwritten with zeros just once,
all of its data is irretrievably lost.

Craig Wright, a forensics expert, claims to have put this legend finally
to rest. He and his colleagues ran a scientific study to take a close
look at hard disks of various makes and different ages, overwriting
their data under controlled conditions and then examining the magnetic
surfaces with a magnetic-force microscope. They presented their paper at
ICISS 2008 and it has been published by Springer AG in its Lecture Notes
in Computer Science series (Craig Wright, Dave Kleiman, Shyaam Sundhar
R. S.: Overwriting Hard Drive Data: The Great Wiping Controversy).

They concluded that, after a single overwrite of the data on a drive,
whether it be an old 1-gigabyte disk or a current model (at the time of
the study), the likelihood of still being able to reconstruct anything
is practically zero. Well, OK, not quite: a single bit whose precise
location is known can in fact be correctly reconstructed with 56 per
cent probability (in one of the quoted examples). To recover a byte,
however, correct head positioning would have to be precisely repeated
eight times, and the probability of that is only 0.97 per cent.
Recovering anything beyond a single byte is even less likely.

Nevertheless, that doesn't stop the vendors of data-wiping programs
offering software that overwrites data up to 35 times, based on
decades-old security standards that were developed for diskettes.
Although this may give a data wiper the psychological satisfaction of
having done a thorough job, it's a pure waste of time.

Something much more important, from a security point of view, is
actually to overwrite all copies of the data that are to be deleted. If
a sensitive document has been edited on a PC, overwriting the file is
far from sufficient because, during editing, the data have been saved
countless times to temporary files, back-ups, shadow copies, swap files
... and who knows where else? Really, to ensure that nothing more can be
recovered from a hard disk, it has to be overwritten completely, sector
by sector. Although this takes time, it costs nothing: the dd command in
any Linux distribution will do the job perfectly.


T.I.S.P.  -  Lassen Sie Ihre Qualifikation zertifizieren
vom 09.-13.03.2009 -
Stefan Kelm
Security Consulting

Secorvo Security Consulting GmbH
Ettlinger Strasse 12-14, D-76137 Karlsruhe
Tel. +49 721 255171-304, Fax +49 721 255171-100,
PGP: 87AE E858 CCBC C3A2 E633 D139 B0D9 212B

Mannheim HRB 108319, Geschaeftsfuehrer: Dirk Fox

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to