If I have an important data in a disk (flash, SSD or HDD) and I deleted them, I know it is easy to recover these deleted data (even by using free software like recuva. Now if I fill this disk with any data, let's say a large movie file or so until the disk has no more empty space then deleting these dummy files again, will this be enough measure to stop people from recovering the deleted files? isn't that a rewrite?
Asked
Active
Viewed 1.8k times
9
-
Although not a complete answer, this post may be of use: http://security.stackexchange.com/questions/20270/software-that-encrypts-the-data-before-deleting-it/20274#20274 – GdD Jan 22 '14 at 14:03
3 Answers
14
This is enough, or not, depending on the disk technology, the budget of the attacker, and some other details.
When you fill a disk with zeros, you force the filesystem to reuse free blocks, and rewrite them. So, as first order approximation, this looks good for you: your file contents are overwritten. However, there are details:
On some operating systems and filesystem, filling the disk completely is a reserved privilege. Typically, on Unix-like OS, the last 5% of the disk are reserved for the root user. So do the filling as root.
Some filesystems do tail-merging: a file uses blocks of a given size (say, 4096 bytes), but the last block of a file is often not completely filled. Most filesystems just keep that unused space, but some strive to optimize the space allocation and will regroup the "tails" from several files into a single block. The consequence, here, is that "filling up" the disk with a big file full of zeros may fail to reclaim all free "tail space" (because a big file full of zeros is still one file, with a single tail). The final bytes of your file may thus avoid overwriting.
There is a neverending debate about whether old data may be recovered from an hard disk even after being overwritten. The short answer is: "probably not for a modern magnetic hard disk, plausibly yes (partially) for SSD". See this question and also that one. But such recovery will entail some non-trivial costs (opening the disk in a clean room, hooking extra circuitry...) so rational attackers will do it only if the data is worth it.
If the confidentiality of the data you want to wipe out is valuable, then the cautious course of action is to physically destroy the storage device (shredding, melting, degaussing,... there are several possibilities, with various degrees of efficiency, price and fun). If your data secrecy is not worth the 100$ for a new disk, then you can probably do a simple fill-up of the disk with dummy files: low-value data implies cheap, unmotivated attackers.
Next time use disk encryption. If data never makes it unencrypted to the disk, then wiping the data out is as simple as forgetting the key. This abstracts away physical details of the disk.
-
To clarify your suggestions, is sudo not sufficient to perform the write or does it always have to be root? Secondly, the point regarding tail-merging isn't clear to me. Why would a block of file not be completely filled? Secondly, what is the definition of big file with zeros? How does this differ to /dev/zero,/dev/urandom or /dev/random? – Motivated Dec 31 '18 at 20:24
-
For a HDD/SDD that is entirely overwritten with 0x00 bytes once, recovering data through regular interface like IDE/SATA/NVME using any software is not possible, and one will have to open the housing and access the HDD flatter or SSD chip directly, right? If I want to prevent a curious layman second-hand buyer from recovering my files using common recovery software, isn't filling with 0x00, enough? – Damn Vegetables Apr 21 '21 at 07:46
4
When you are using a HDD; writing filling it all up over and over again and changing file format and operating system and than filling it up over and over would help you.
It is actually said that changing the OS and changing the file format (NFST to FAT32 etc) makes revocery pretty hard. And if you fill it up with newer data and do these practices in a loop, there is chance that nothing will be found on the harddisk.
Some also say that using small files may work better because all the headers will get messed up and stuff.
However, this is almost impossible to do with SSDs. This is not %100 correct but to explain it very simply think it this way; SSD's are storing voltage rates to determine ones and zeros. However, it does it in layers. When you write and read as a end user you write to top layer... But, previous layers are still there and they are accessible by special machines. (you can find various papers about it here is one )
and fun fact: you know super magnets that are used to carry the cars and such... They can clean up your HDD's.
cengizUzun
- 616
- 1
- 4
- 12
1
No. Adding 0s to the hard drive is easily recoverable (with a special machine). It is not
If you really want to reuse a hard drive in a safe way I recommend you using the "shred" utility in linux or any other similar utility.
Let's say that simply writing once over a hard disk is not enough to make the hard drive truly forget about the data that was here.
You don't really need to use "shred" you can use "dd" and add data from the "/dev/random" or similar. But you will need to do this process several times to be sure there is not information from previous data.
Edit: using large files as movies to fill the hard drive should be fine as long as you do that with several large files (not always the same), and fillint it several times, but adding random data would be better. FBI recommends at least filling the drive 7 times.
kiBytes
- 3,450
- 15
- 26
-
But that is when a hacker or the law-enforcement try to recover the disk, and it should not be recoverable by an average user, who would not open the HDD housing, with a common recovery utility like Recuva, right? I only try to prevent a second-hand buyer from recovering my deleted files, by filling the entire empty disk space with "0x00" bytes. – Damn Vegetables Apr 21 '21 at 07:39