How To Really Delete Your Files

Discussion in 'HardForum Tech News' started by HardOCP News, Jul 15, 2015.

  1. HardOCP News

    HardOCP News [H] News

    Messages:
    0
    Joined:
    Dec 31, 1969
    Hardware Secrets has put together an article that shows you how to really delete your files. We have a method that can be used on multiple drives at once. :cool:

     
  2. Armenius

    Armenius I Drive Myself to the [H]ospital

    Messages:
    20,137
    Joined:
    Jan 28, 2014
    Thermite.
    It's the only way to be sure.
     
  3. Darunion

    Darunion 2[H]4U

    Messages:
    3,862
    Joined:
    Oct 6, 2010
    Swear to Zeus I was coming here to say that exact thing! Was thinking "Oh a .50 cal could delete files, no no no THERMITE!"
     
  4. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    13,004
    Joined:
    Aug 20, 2006
    You'd have to be into some incredibly illegal shit to be worried about this kind of stuff. Single pass is probably more than good enough if you're paranoid enough to think that someone is going to pull your data.

    I'd be more worried about the entries and file names that are left on the Master File Table. It's basically a history of everything you've ever deleted.
     
  5. Darunion

    Darunion 2[H]4U

    Messages:
    3,862
    Joined:
    Oct 6, 2010
    Unless you do financial stuff on your drive. Regardless it would be a healthy thing to do before trashing or donating or selling a used hard drive.
     
  6. Quartz-1

    Quartz-1 [H]ardness Supreme

    Messages:
    4,257
    Joined:
    May 20, 2011
    No, just involved with any kind of secure data. We used to use a steamroller.
     
  7. Semantics

    Semantics 2[H]4U

    Messages:
    2,812
    Joined:
    May 18, 2010
    I prefer to turn it into dust with an industrial grinder.
     
  8. NoOther

    NoOther [H]ardness Supreme

    Messages:
    6,477
    Joined:
    May 14, 2008
    DBAN, DoD 3 long pass, degauss, shred. Been doing that for over a decade.
     
  9. westrock2000

    westrock2000 [H]ardForum Junkie

    Messages:
    9,162
    Joined:
    Jun 3, 2005
    I have never seen ANY evidence that single pass 0's is not good enough. I have only heard people say "The government has ways", but no actual evidence supporting that.

    Can any one show me where a complete file was recovered after a single pass of 0's?
     
  10. Quix

    Quix 2[H]4U

    Messages:
    3,707
    Joined:
    Jun 12, 2011
    Unless you use a manufacturer utility to actually low level format an SSD you can't be guaranteed than anything is actually deleted anyway. These sort of software utilities rely on the drive reporting it's sector information to the OS, which SSDs totally abstract so they don't work on SSDs.

    Even then the only way to make sure things are permanently unrecoverable is to use a hammer.
     
  11. DocSavage

    DocSavage 2[H]4U

    Messages:
    2,409
    Joined:
    Dec 18, 2002
    What's funny is I recall reports from various police agencies complaining that SSDs will effectively secure delete things as soon as the OS deletes the file link as they are constantly moving things around and trimming.
     
  12. Kueller

    Kueller [H]ardness Supreme

    Messages:
    5,984
    Joined:
    Jun 19, 2001
    Couldn't you just fill the SSD with junk files after you delete any sensitive data?
     
  13. Trepidati0n

    Trepidati0n [H]ardForum Junkie

    Messages:
    8,888
    Joined:
    Oct 26, 2004
    SSD's have "spare space" often that isn't available to the user.
     
  14. DocSavage

    DocSavage 2[H]4U

    Messages:
    2,409
    Joined:
    Dec 18, 2002
  15. westrock2000

    westrock2000 [H]ardForum Junkie

    Messages:
    9,162
    Joined:
    Jun 3, 2005
    Outside of physically removing IC's, how would anyone be able to recover useful data from this area?
     
  16. NoOther

    NoOther [H]ardness Supreme

    Messages:
    6,477
    Joined:
    May 14, 2008
    I have recovered files from having been partially 'zero'd' out. Its a real pain in the ass though, and if the entire drive is truly and fully zero'd out, it is extremely difficult, but not altogether impossible.

    There are utilities to secure erase SSDs, they don't rely on the OS at all, they have their own information. However, the do need to recognize the SSDs controller type, and as with most of these types of applications are not considered foolproof.
     
  17. NoOther

    NoOther [H]ardness Supreme

    Messages:
    6,477
    Joined:
    May 14, 2008
  18. Tawnos

    Tawnos 2[H]4U

    Messages:
    3,807
    Joined:
    Sep 9, 2001
    Must have been 12-14 years ago, but there was a genmay thread back when it was part of [H]|F without a subscription about this. I believe luvmp3 actually built one.
     
  19. xXaNaXx

    xXaNaXx Gawd

    Messages:
    935
    Joined:
    May 15, 2003
    lava. volcano. like destroying the one ring. it's the only way to be sure.... :D
     
  20. Darunion

    Darunion 2[H]4U

    Messages:
    3,862
    Joined:
    Oct 6, 2010
    We should just nuke the site from orbit.
     
  21. Streiw

    Streiw Bad Santa Gifter 2016

    Messages:
    505
    Joined:
    May 9, 2015
    Talk about overkill.
     
  22. DocSavage

    DocSavage 2[H]4U

    Messages:
    2,409
    Joined:
    Dec 18, 2002
    Yeah, sorry about that project you wanted me working on, I still have to erase these hard drives 5 times over and then shred them.
     
  23. pxc

    pxc [H]ard as it Gets

    Messages:
    33,064
    Joined:
    Oct 22, 2000
    Fire is always preferable, but overwriting all sectors (multiple times if necessary) is a good alternative for most drives.

    Well, there's always encryption with a "forgotten" password.
     
  24. Coldblackice

    Coldblackice [H]ard|Gawd

    Messages:
    1,124
    Joined:
    Aug 14, 2010
    I've long wondered if it's possible to directly access the MFT to view its contents, and subsequently modify/erase/format it, but I've never found any possible route to doing this, other than low-level access with specialized hardware. Is this the case?
     
  25. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    13,004
    Joined:
    Aug 20, 2006
  26. sliverjazz

    sliverjazz Gawd

    Messages:
    747
    Joined:
    Jun 9, 2004
    Neodynium magnet swipe.
     
  27. SvenBent

    SvenBent 2[H]4U

    Messages:
    3,166
    Joined:
    Sep 13, 2008
    and the article is blatantly wrong it says you need the paid version of dban to do more than a simply one pass write 00h.
    thats not true the unpaid version of DBAn gives you 3 pass and 7 paas DOD standard wipe and evne the 30+ guntmann voodoo wipe as well as a custome numbers of random data wiping.
     
  28. ryan_975

    ryan_975 [H]ardForum Junkie

    Messages:
    14,240
    Joined:
    Feb 6, 2006
    Hard drive zero fill is more than enough. With billions of bits per square inch, extreme precision head tracking, and PRML recording methods it is impossible to pull anything remotely useful from the surface of modern disks in any reasonable timeframe. All this 30-pass random pattern bullshit was from a time long gone, and even back then the justification for it took a research paper out of context.


    As for SSDs, some, if not all, of them encrypt the contents on the fly. A secure erase essentially dumps the internally stored key making the contents of the drive unrecoverable

    Besides, anything you think your hiding by destroying the drive has already been collected and stored somewhere in Utah..
     
  29. tazeat

    tazeat [H]ard|Gawd

    Messages:
    1,256
    Joined:
    Jul 3, 2007
    shred -vzn 3 rawr
     
  30. velusip

    velusip [H]ard|Gawd

    Messages:
    1,577
    Joined:
    Jan 24, 2005
    Your skepticism is well founded, but I'd like to talk about it for fun.

    I'd say that it's a rumour -- a rumour as residual as the zeroed-out data we are trying to recover. The days when you could reliably recover enough data from a zeroed out platter to completely satisfy any error correction algorithm in use are long gone. To produce a working demonstration we would have to do the following:
    • Go find an old drive
    • Solder in reference voltage lines to various components within the hard drive and to all MR heads.
    • Read multiple passes, and adjacent passes (tracks) to pick up residual changes in charge
    • build a very high density, multidimensional matrix of reference voltages for every potential bit change... and parse for encoding patterns used by that particular firmware and filesystem used. e.g. Modified Frequency Modulation (MFM) and Run Length Limited (RLL) and consider the particular maximum likelihood per bit dependent on the encoding algorithm used.

    Pretty fucking boring. Your average "forensic" copy device or file carving software will not do anything for us here. We would need to closely analyze the relative changes from one charge of zero to the next. That's right. Not all zeroes are equal. Depending on the platter material and it's magnetic coercivity, and the magnetic direction per bit, and possible layered approaches in encoding bits (perpendicular recording, with multiple coercivities in layers on the platter surface to soften the effects of each flux point upon one another) it is in fact possible to read these slight changes with a highly sensitive ADC. Of course these small differences are well below the threshold of the drives normal operation, hence all the direct hacking to obtain them (not to say the drive doesn't analyze these numbers as well, but we are looking for patterns from minor voltage 'drift' over the lifetime of drive and possible exacerbation by applying a uniform, signature 'zero' level platter-wide in the first place.)

    It would be facetious of me to say that the latest example of a hard drive upon which we could reliably harvest zeroed out data using these methods might have been a Maxtor Quantum. Anything later would likely yield unreliable results. We would have to use implicit reference data for comparison of our findings OR have intuitive knowledge of the type of data we are looking for to prove it once existed on the platters. It's likely that this exploit was rendered unreliable immediately after Maxtor stopped selling their abominations. Illuminati? The correlation between Maxtor hard drive exposure and the influx of autism in America is also no coincidence.

    Ahem.

    It is certainly conceivable to recover data from a "modern" disc using similar techniques, but it gets pretty slim after about 2003 to 2006. Platter surface tech, heads, and encoding has become pretty ludicrous. And I do mean ludicrous. It's silly how incredibly dense the data is AND unreliable the retrieval is these days. The chance of reliably recovering data under normal operation is getting slim (probability algorithms in firmware are starting to incorporate self diagnostics, device age, read/write cycles, and other factors), let alone read residual data that has been zeroed.

    By the way, SSDs vary wildly. One may be exploited in a similar fashion, but the next brand -- not so much. There's too much variation from one to the next for me to even speculate, but I can believe that at least a few are very easily exploited.

    Also, here's an article which covers this topic exactly: https://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
     
  31. pxc

    pxc [H]ard as it Gets

    Messages:
    33,064
    Joined:
    Oct 22, 2000
    30 passes is ridiculous*, but pulling attenuated signals from overwritten sectors has actually been demonstrated. The average person has never had to worry about that, but there have been security standards of multi-pass wipes to thwart data recovery.

    I agree that with very high density platters (perpendicular in particular), overwriting once basically destroys any chance of recovery**. A secure erase initiated on the drive should be good enough.

    * it was not a standard, only Gutmann's patterns intended to make data even theoretically impossible to recover.

    ** but that's not good enough for extreme paranoia. The NSA apparently will degauss and destroy its unneeded magnetic media.
     
  32. NoOther

    NoOther [H]ardness Supreme

    Messages:
    6,477
    Joined:
    May 14, 2008

    Overkill? Yeah, probably more so today, but it wasn't always overkill. As for how much time it took? Didn't really take that much time out of my day, I just put the DBAN cd in and tell it to run the pass, then come back when its finished. It's not like I had to sit there and watch it.
     
  33. xorbe

    xorbe [H]ardness Supreme

    Messages:
    6,023
    Joined:
    Sep 26, 2008
    SSD, secure erase. HDD, overwrite twice with random data. If you have needs beyond that, then you probably have a department that does this stuff for you, and the drive is probably already storing in encrypted format via software ... if you've been storing in the clear, oops.
     
  34. Streiw

    Streiw Bad Santa Gifter 2016

    Messages:
    505
    Joined:
    May 9, 2015
    No, you don't have to watch it, but I find it extremely hard to believe that data could be recovered after degaussing/shredding.
     
  35. dbr1

    dbr1 [H]Lite

    Messages:
    87
    Joined:
    Feb 1, 2012
    Wow, I wonder if this is the procedure that Hillary Clinton and Lois Lerner followed?
     
  36. NoOther

    NoOther [H]ardness Supreme

    Messages:
    6,477
    Joined:
    May 14, 2008
    Which is why we degauss and shred... As to why we do the DBAN prior to that, in the past it was actually possible to read some data from bits of a platter. Today it is far less likely to be able to recover anything. But I do know of a few different times I sent a a disk with a broken platter into a recovery specialist who successfully pulled data from it as late as 2008. Given that it takes many companies 5 years or more to refine some of their policies, it is not unusual to still see those requirements.
     
  37. ryan_975

    ryan_975 [H]ardForum Junkie

    Messages:
    14,240
    Joined:
    Feb 6, 2006
    A broken platter means there is still data on the other platters to recover. A far different scenario than trying to recover from overwritten data.
     
  38. NoOther

    NoOther [H]ardness Supreme

    Messages:
    6,477
    Joined:
    May 14, 2008
    I was speaking of 2 different things, both can use the same recovery method, bit by bit data copy. In the past it was easier to do bit by bit copies of the data on the platter, not just 'pieces' of the platter. Bit by bit copies allowed more options on reading the data even if some of it was overwritten. Usually it was used for drives that had mechanical problems, but was not limited to that alone.
     
  39. Jagger100

    Jagger100 [H]ardness Supreme

    Messages:
    7,552
    Joined:
    Oct 31, 2004
    For a mechanical drive

    I do mulitple 00 / RND writes, Then drill a hole through the case & platter fill it will glue and salt water, then drive a screw through the hole and the patters.

    If someone wants to read go to the trouble of recovering that data, they probably already have a copy.
     
  40. HardOCP News

    HardOCP News [H] News

    Messages:
    0
    Joined:
    Dec 31, 1969
    5,000 years later it is uncovered and all your pr0n is discovered by an advanced civilization. :D