14

I am in the process of wiping a number of hard drives using DBAN.

I always believed that a single pass makes the data near impossible to recover, but DBAN has a default of 3.

Is it any more secure, and if so, is it worth the extra time required?

Terry
  • 1,125
  • 1
  • 9
  • 16
  • 1
    See [this answer](http://skeptics.stackexchange.com/questions/13674/is-it-possible-to-recover-data-on-a-zeroed-hard-drive/13677#13677) – cremefraiche Feb 15 '16 at 12:35
  • 2
    Depending on your situation (and potential attacker level) it might be easier/faster to physically destroy the disks. Drilling holes through them is a fairly fast and easy technique for example. – fgysin Feb 15 '16 at 12:40
  • 1
    @fgysin Drilling holes in a HDD is not a forensically secure way to destroy the platters. See [this](https://www.youtube.com/watch?v=oXbq0BFzQQg) and [this](https://www.youtube.com/watch?v=-bpX8YvNg6Y) Def Con talk. (How I Lost My Eye - Def Con 19, and How I Lost My Other Eye - Def Con 23) – cremefraiche Feb 15 '16 at 12:47
  • That's what I meant with depending on attacker level. I feel that if you need to be worried that people employing data forensic specialists are after your old data you might have more pressing security issues. – fgysin Feb 15 '16 at 13:36
  • 3
    As an aside, don't use DBAN if you don't have to. Ideally you should be able to use [ATA Secure Erase](https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase), which can do things even DBAN can't (like erasing sectors that are not available to software), and generally should be faster since the entire wiping process is performed by the hard disk/SSD. – Chris Down Feb 15 '16 at 16:16
  • @cremefraiche The paper behind that answer is extremely misleading. It measures a recovery chance of 92% for a single bit under good conditions and 56% under bad conditions and somehow concludes that this is acceptable. – CodesInChaos Feb 15 '16 at 16:51

1 Answers1

20
  1. According to the articles linked below 1-2 wipes will be enough.

For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, “A good scrubbing with random data will do about as well as can be expected“. This was true in 1996, and is still true now. “

  1. Even if some data is left unerased or recoverable after the wipe, it is highly unlikely that someone will be able to find it.

“…with modern high-density drives, even if you’ve got 10KB of sensitive data on a drive and can’t erase it with 100% certainty, the chances of an adversary being able to find the erased traces of that 10KB in 200GB of other erased traces are close to zero.”

  1. Articles:

Muhammet
  • 376
  • 1
  • 5