Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wiping free space - overwritting [how many passes?]


  • Please log in to reply
16 replies to this topic

#1 Cybbermouse

Cybbermouse

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:17 AM

Posted 22 December 2014 - 08:22 AM

1 pass/3 passes/7 passes/35 passes
I don't care about the time. I just want to know is it good to overwrite sth so many times. I don't want to do damage to my computer while thinking everything I do is good and 'so secure'.  

 



BC AdBot (Login to Remove)

 


#2 technonymous

technonymous

  • Members
  • 2,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 AM

Posted 22 December 2014 - 10:07 AM

The Department of Defense had somewhere in a manual years ago that said something like 3-7 passes. It's been debunked. One pass is all that's needed. SSD have something similar, but it just tells all the blocks to go to a zero electron state. However, this will use up one life cycle of the entire ssd drive. I guess that's the price to have a clear conscience.


Edited by technonymous, 22 December 2014 - 10:07 AM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:17 AM

Posted 22 December 2014 - 11:50 AM

Wiping free disk space or all data with CCleaner explains simple to advanced to complex overwriting methods (1 to 35 passes...known as the Gutmann method).

HTG Explains: Why You Only Have to Wipe a Disk Once to Erase It for securely erasing the contents of the entire hard drive.
* Is the Gutmann method the best method?
* What difference does multiple-overwrite delete really make?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 technonymous

technonymous

  • Members
  • 2,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 AM

Posted 22 December 2014 - 02:38 PM

That Gutmann method is ridiculous and overkill. Even Gutmann says that. The part about "magnetic force microscopes" to recover data is a stretch. Hard drive surfaces get degradation and change all the time from the data written over and over. Even if you could look at the surface and spend the time and money to do it block by block. You still have only a 50% chance of being correct if it's 1 or 0, heads/tails and every mistake you make decreases the chances of getting anything and have to start over. Funny that list of tools they had on the Wiki had no mention of Microsoft's cipher that's already in Windows. Not to mention the command: format x: /p:n


Edited by technonymous, 22 December 2014 - 02:59 PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:17 AM

Posted 22 December 2014 - 02:53 PM

That's why I provided the article with links to Gutman's papers.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 22 December 2014 - 03:32 PM

One pass is enough.

 

There is also a command that you can issue to your drive so that it will erase itself: Secure Erase - http://cmrr.ucsd.edu/people/Hughes/secure-erase.html


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 22 December 2014 - 03:36 PM

Peter Gutmann's paper covered encoding methods (to write the bits to the magnetic surface) that are no longer used by modern drives.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:17 AM

Posted 22 December 2014 - 03:56 PM

Which is why the HTH article starts by saying...

You’ve probably heard that you need to overwrite a drive multiple times to make the data unrecoverable. This is an urban legend – you only need to wipe a drive once.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 22 December 2014 - 04:17 PM

I don't like the term urban legend. I believe Gutmann's paper was relevant when it was published.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:17 AM

Posted 22 December 2014 - 04:28 PM

I tend to agree with that.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 technonymous

technonymous

  • Members
  • 2,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:17 AM

Posted 23 December 2014 - 04:24 AM

Here's an interesting read... http://www.forensicswiki.org/wiki/Anti-forensic_techniques

 

 

Programs employ a variety of techniques to overwrite data. Apple’s Disk Utility allows data to be overwritten with a single pass of NULL bytes, with 7 passes of random data, or with 35 passes of data. Microsoft’s cipher.exe, writes a pass of zeros, a pass of FFs, and a pass of random data, in compliance with DoD standard 5220.22-M. (US DoD, 1995). In 1996 Gutmann asserted that it might be possible to recover overwritten data and proposed a 35-pass approach for assured sanitization (Gutmann 1996). However, a single overwriting pass is now viewed as sufficient for sanitizing data from ATA drives with capacities over 15 GB that were manufactured after 2001 (NIST 2006).

 

Cipher program by default will wipe a pass of 0's pass of F's and a pass of random in compliance to the DoD standard established in 1995. So formatting a HD and then running cipher /w:c: will apparently do a minimum of 3 passes.

 

However, you can also use this command to set how many passes, Format C: /p:3 The new owner of the HD has to write new data on the drive. So that becomes a pass as well. It's just new data going over old data, but the old data was already scrambled. Give it a few more years and SSD will replace spindle drives all together. Unless something else comes along, which I have no doubt. Scientists are achieving wonders with future batteries and storage devices and working with nano technology.


Edited by technonymous, 23 December 2014 - 04:25 AM.


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:17 AM

Posted 23 December 2014 - 06:59 AM

One pass is enough.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,659 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 23 December 2014 - 01:23 PM

Here's an interesting read... http://www.forensicswiki.org/wiki/Anti-forensic_techniques
 

 ... However, a single overwriting pass is now viewed as sufficient for sanitizing data from ATA drives with capacities over 15 GB that were manufactured after 2001 (NIST 2006).


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#14 rp88

rp88

  • Members
  • 2,967 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:17 AM

Posted 25 December 2014 - 05:45 PM

One pass is almost always enough, if you think something is really sensitive you may wish to do two passes. Most programs which have the ability to wipe (write over with junk then delete the junk to clear the space again) free space on your disk will offer doing up to 7 rounds of wiping, that level of wiping is quite unneccessary, in the end if you wipe once and then go on using the computer as normal it is almost impossible for anything large enough to be of interest to anyone to survive. for the purposes of annhilating data it is usually best to annhilate it with a "secure deletion" upon deletion of a sensitive file rather than delete it normallly and then wipe all free space, some programs have features built in that let you securely delete a particular file or folder and write over it several times with random junk (or pure zeroes or ones), you could do this fairly quickly several times over the file itself then one wipe of remaining free space to make sure.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#15 Racket_Man

Racket_Man

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cheese Head Land
  • Local time:03:17 AM

Posted 26 December 2014 - 03:03 AM

I seem to remember this from years ago so take this information with a grain of salt:

As a HDD ages the R/W heads fall out of "perfect alignment" with the actual "data tracks". When this happens the data written gets slightly moved (though the movement is very very small as the "space" between tracks has become smaller and smaller these days) from "true". This means that data previously written may still be there (the analogy would be the infamous 18 minute gap in one of the Nixon tapes) and the data "could be" reconstructed (as was done from the original Dict-A-Phone spool in the Nixon recording).

I seem to remember (maybe???) that at one time there was some disk wiping program that would over-ride the normal track finder (???) and move the R/W head just slightly enough to compensate for the R/W head "drift".




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users