0

The recommended way of ensuring that data on a hard disk cannot be recovered is to destroy it physically, for example using a hammer, drill or even thermite.

Question

When physical disk destruction is not an available option, what is the next best way of ensuring data cannot be recovered from a hard disk?

Note:

  • In the event that all data cannot be made unrecoverable, please assume that making it unrecoverable at a cost of less than millions of dollars would be a good enough solution. That is, the cost of hiring a forensics team to conduct deep technical work for many weeks, only for a small chance of recovering anything that could be made sense of.
stevec
  • 1,214
  • 1
  • 7
  • 16
  • 3
    *"When physical disk destruction is not an available option"* - I cannot understand the objective of this question. Given the amount of acceptable costs I cannot understand why the fairly cheap physical destruction would not be seen as acceptable. On other words: I currently cannot see a value in asking (and answering) this question. Maybe you could add enough context so that the value gets obvious. Also, is this about real hard drives (no SSD) where the data were not encrypted? – Steffen Ullrich Mar 14 '21 at 20:28
  • @SteffenUllrich *I cannot understand why the fairly cheap physical destruction would not be seen as acceptable* - consider cases where the cost of physical destruction is sufficiently high (e.g. in terms of availability of tools, money, time, or noise), and the cost of leaked information in the event of successful data recovery is sufficiently low. Or if the owner simply wants to sell the hard disk so it can be useful to someone else. Of course, there are lots of scenarios. In any case, this is not a question about *when* it is right to do something, but more simply about *how* to do it. – stevec Mar 14 '21 at 20:42
  • 1
    Does this answer your question? [How can I reliably erase all information on a hard drive?](https://security.stackexchange.com/questions/5749/how-can-i-reliably-erase-all-information-on-a-hard-drive) I suggest to close this question. It was asked many times and there are many answers available, that suggest many solutions except physical destruction. – mentallurg Mar 14 '21 at 20:45
  • 2
    @stevec: *"... please assume that making it unrecoverable at a cost of less than millions of dollars would be a good enough solution ..."* - addressing the risks you describe here should make it acceptable to spend a considerate amount of money. This means selling the disk after spending this much money could still lead to a loss. Insofar I cannot accept your arguments. And as mentallurg already - this kind of questions was asked before and your previous question was even closed as duplicate of some of these. – Steffen Ullrich Mar 14 '21 at 21:04
  • @SteffenUllrich I'm not sure if you're joking when you refer to *the risks you describe here* - the risks I describe are literally "the cost of leaked information in the event of successful data recovery is sufficiently low". i.e. I literally say that they have to be **sufficiently low**. I can't keep repeating the same simple things. The question is perfectly clear. And why someone wants to do it is not relevant in the first place. – stevec Mar 14 '21 at 21:16
  • 2
    @stevec: *"The question is perfectly clear. And why someone wants to do it is not relevant in the first place."* - I've tried to dig deeper in order to find out how your question differs from previous ones, especially since your were aware of the previous ones since they were used to close your last question as duplicate. Finding out this difference is needed to address the specific different problem you have instead of just again closing the question as duplicate. Unfortunately I'm not able to find a difference so far, i.e. the problem as I understood it is IMHO handled by existing questions. – Steffen Ullrich Mar 14 '21 at 21:38
  • @SteffenUllrich if it was your intent to help out, then I appreciate that a lot (sometimes it feels like people are just being difficult for the sake of it). Regarding [this](https://web.archive.org/web/20130316213033/http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml) it's not obvious what someone needs to do. I am really hoping for specific instructions. E.g. download X from , click on Y, wait 10 seconds, done. To me, it's not obvious. Continued.. – stevec Mar 14 '21 at 22:08
  • Also, the link is to wayback machine, which raises suspicions, and secondly, I am after specific instructions, whereas it raises more questions than answers. E.g. "what is ATA", figuring out if secure erase is some paid product or not, and some other things that simply aren't really clear/thorough. ["a single overwrite of all 0 is fine"](https://security.stackexchange.com/a/5824/211696) does this mean simply copying files over and over again until they take up the whole storage space? I'm not sure. But more explanation would certainly help – stevec Mar 14 '21 at 22:09
  • 1
    @stevec: It looks for me like you are looking for actual easy to use product or tool recommendations instead of more general concepts. This is not the scope of this site. And question like "what is ATA" are not actually security related. Simply searching for [securely erase hard drive](https://www.google.com/search?q=securely+erase+hard+drive), maybe combined with the name of the OS you use, will probably be more useful in searching for actual products or instructions specific to the OS you use. See also the tool guides at https://ssd.eff.org/ which cover secure deletion too. – Steffen Ullrich Mar 14 '21 at 22:36
  • @SteffenUllrich you're right about not *just* wanting general ideas or concepts (understanding the general idea is a nice accompaniment to more specific/practical instructions though). Practical advice is the critical thing I'm after here. As for tool recommendations, they aren't necessary. E.g. some command on linux/mac/windows to write 0's to the whole disk would suffice (provided I understand what "overwrite of all 0" means, and I'm not confident I do). Ultimately, I just need to know what to do and how to do it. – stevec Mar 14 '21 at 22:43
  • Steps in a tool to do something is not typically in scope on this site. Also, you do not specify the media type or the OS, so we can't even provide the "steps" you are looking for. I fail to see how this is different from your previous question. As Steffen indicates, the steps you are looking for are a very simple google search away. – schroeder Mar 15 '21 at 00:24

1 Answers1

2

Yes variants of this question constantly recur, nevertheless I'll try to do a quick and dirty answer before this gets closed.

A single pass over write of the raw drive with anything, zeros, random, whatever is sufficient to make data practically unrecoverable. This can be done via direct write or via the builtin security commands.

Magnetic force microscopes are not going to extract the data.

Wear leveling in Solid State drives would require disassembly and chip removal to bypass the wear leveling controllers. Custom chip analysis of the wear level swapped bits can extract unwiped old snippets but this would be expensive, time consuming and have very little context. Standard forensic shops won't do this.

Bad sectors won't be wiped, but if they are truly bad you likely have nothing significant worth the effort of expensive reconstruction of the bad sectors. Yes, bad sectors can be artificially created to hide data, but if you did this you would know it.

Similarly HPA & DCO hidden sectors will not be wiped, but unless you created them and put data there, there's nothing of your's present.

Official classification standards require physical destruction to avoid even the most unlikely release.

Wipe with zeroes then check for non-zero content afterwards to verify. It won't meet military standards but it's a 99.9% solution.

Since you are looking for a simple "Do This", I suggest Eraser, or DBAN.

user10216038
  • 7,552
  • 2
  • 16
  • 19
  • Thanks, this info is very handy. Especially "Yes, bad sectors can be artificially created to hide data, but if you did this you would know it." because I don't even know what a bad sector is, so I wouldn't have created one. Would it be possible to include code/instructions for how to "Wipe with zeroes then check for non-zero content afterwards to verify." – stevec Mar 14 '21 at 22:17