6

On a drive I have a folder of files, I then just soft delete these files (not wiping them or overwriting with any data). After I soft delete them I encrypt the drive and wipe it with a single quick format or regular format.

If I have no limit for money to spend to recover the folder of files, would it be possible? Will I only encounter encrypted noise/data or is that only if the drive is overwritten beforehand?

In what situations would data be recoverable and not recoverable?

schroeder
  • 123,438
  • 55
  • 284
  • 319
J. Doe
  • 61
  • 1
  • 2
  • when encryption is implemented properly, the amount of money it would take to recover the data (if possible) exceeds the GDP of the planet, you have not given enough details on that process to answer the question with certainty – Richie Frame May 03 '16 at 03:54
  • Since it matters to answer the question more specificly than with "that depends.....": Describe the (quick/regular) format or tell if that includes according to you overwriting all bytes of the disk. Also, what filesystem has been used before as that would impact at least on the effort to do – humanityANDpeace May 03 '16 at 05:25
  • Curious. What OS and how did you encrypt the files? – Daniel May 03 '16 at 05:27
  • Assume either: Windows+Truecrypt (NTFS) or Linux+LUKS (Ext4) – J. Doe May 03 '16 at 09:43

3 Answers3

2

Generally speaking, most but not all of the previously unencrypted data will be recoverable if the encryption and formatting process does not involve overwriting every single byte on the underlying storage device or issuing a (properly implemented) ATA Secure Erase command. In the case of non-self-encrypting rotational hard disks, the time cost of a Secure Erase is similar to that of overwriting the entirety of the drive through software; in the case of SSDs, or self-encrypting rotational HDDs, the time cost for a Secure Erase may very well be trivial: just discard the encryption key or possibly clear the block mapping tables; the data would still be there and readable in the latter case, but there is no way to figure out which part goes where because it consists of randomly scattered blocks. Also note that many SSDs are self-encrypting under the hood no matter what you do.

A modern rotational HDD can sustain around 100 MB/s in purely sequential write throughput. This means that a 4 TB drive will take about 4 TB * 1,000,000 MB/TB * 100 MB/s = 4,000,000 MB / 100 MB/s ~ 40,000 seconds (about 11 hours) to complete a single full overwrite pass (overwriting large swatches of storage to wipe it is one of the few reasonably common truly sequential workloads). The sustainable write speed scales roughly with rotational speed, so a 10k rpm or 15k rpm server drive will be able to sustain a higher write rate than a 5400 rpm laptop drive. Time to completion obviously scales directly with storage capacity and achievable write throughput. SSDs are much faster but still have finite write speeds, and for large SSDs, the time needed just may be sufficient to somewhat accurately judge what happened.

Assuming you are using a rotational drive and that the formatting process took significantly less than 2½-3 hours per TB of storage, it is reasonable to expect (likely significant amounts of) data remanence.

According to Microsoft KB941961 Change in the behavior of the format command in Windows Vista and later versions, in Windows Vista and newer (that currently means Windows Vista, Windows 7, Windows 8 and Windows 10, and very likely the corresponding server releases as well) by default formatting does do a single full overwrite pass of the partition being formatted; the old, pre-Vista behavior of simply writing new file system metadata is now referred to as the quick format mode. (Hat tip to TTT for pointing this out.) However, I am not sure whether this is really relevant in the case of using TrueCrypt, so would prefer to err on the side of caution. The time the formatting took (for a rotational drive, did the formatting take around one second per 100 MB of storage?) can be used to infer whether an overwrite has likely been performed.

In the situation described, it seems relatively likely that common off-the-shelf data recovery software will be able to recover significant amounts of previously stored, unencrypted data. Some of it will have been overwritten and thus not be recoverable, but much may be relatively easily recoverable using just software solutions.

To protect against this for data that has been stored unencrypted, you need to do at least one full overwrite pass over the whole device that will hold the encrypted data (the container backing device, in LUKS parlace) before you start using it for that purpose. It's your choice whether to overwrite with just a fixed pattern, or random data; remember that a fixed pattern encrypted with a throwaway key and a good encryption algorithm becomes random data. Overwriting with a fixed unencrypted pattern may reveal metadata such as amount of data stored and its location on disk (which can be used to infer e.g. file system, which in turn in principle can provide known plaintexts).

Unless you are a nation-state actor, a single overwrite pass is almost certainly enough with modern drives, and if you are a nation-state actor, you would have access to better people to ask for advice than random strangers on the Internet.

user
  • 7,670
  • 2
  • 30
  • 54
2

You mentioned both Windows and Linux in a comment; I'll speak to Windows specifically here.

First let's summarize what you're doing:

  1. Delete some files.
  2. Encrypt the drive using full drive encryption (FDE).
  3. Do a quick or full format of the drive.

For simplicity, if we completely remove step 2, then here's where we are:

  • A quick format leaves the files recoverable.
  • A full format leaves the files recoverable on Windows XP and older, but on Windows Vista and newer it performs a full wipe of the drive meaning the files are not recoverable (by anyone including well-funded organizations/nations). Note this assumes you didn't install the OS on a very old hard drive where a single wipe might not be sufficient.

So now the question is, does using FDE in step 2 change anything?

It may seem strange, but the answer is no, FDE does not change anything. The reason is that encrypting the drive rewrites the drive in a fully reversible fashion. This must be true or else you would not be able to decrypt it. So, if you know the key needed to decrypt the drive, then you can put it back into the same state it was prior to the encryption. If you had soft deleted files prior to FDE, then they will still be hidden there and fully recoverable.

Of course, if you perform FDE on your drive using a strong encryption such as AES, and throw away the key, then you have pretty much done the same thing as zeroing out a drive or full format (Windows Vista and higher) and nothing would be recoverable.

TTT
  • 9,122
  • 4
  • 19
  • 31
0

It can be recoverable - it depends on:

  • your hard drive's magnetic plates condition
  • how much time passed since wiping
  • the type of wiping performed
Alexey Vesnin
  • 1,565
  • 1
  • 8
  • 11
  • even encrypted? – schroeder May 03 '16 at 04:39
  • @schroeder, I guess so. If the sectors on the drive have not been touched the file should still be there. Encryption usually only targets existing files as far as I know. – Daniel May 03 '16 at 05:26
  • @schroeder the encryption was done on top of plaintext filesystem data, and as Alexey writely mentioned it totally depends on the wiping (i.e. if all bytes on the new "encrypted interface" have been overwriten). If the "quick format" only implies writing clean/empty new superblocks, that would mean that lots of raw data form before (those plaintext files and folders) should randomly be at least partly accessible and recoverable. Lots of random involved – humanityANDpeace May 03 '16 at 05:31
  • And don't forget a deep magnetic scan technology to retrieve the data that were previously in the sector – Alexey Vesnin May 03 '16 at 05:33
  • "encrypting the drive" in the question is a little ambiguous, I guess, In my world, that means FDE. – schroeder May 03 '16 at 05:34
  • Assume either: Windows+Truecrypt (NTFS) or Linux+LUKS (Ext4) – J. Doe May 03 '16 at 09:44
  • @J.Doe it still states the answer given : it *depends*, and it *may be possible* – Alexey Vesnin May 03 '16 at 17:04