How is this possibly recoverable?

-1

I saw somewhere that there are some programs that "overwrite files more than once for more secure deletion".

I don't understand this. If you overwrite the file once after deletion, or even before deletion, how can it possibly be recoverable?

Here's an example:

I create a text file (.txt extension) and open it with some text editor like notepad. Then, I add some important info, eg: a 10 word password. After some time, I dont need this text file, so I replace my 10 word password with 10 random letters and save the file. Doesn't that mean that it's overwritten? Thus the password doesn't exist anymore in the hard drive. So it's not recoverable even if I dont delete the file. Right?

P. Ktinos

Posted 2017-01-07T17:44:25.693

Reputation: 183

1Not right. You are assuming that the 2nd information overwrites the same section of the drive. – Xavierjazz – 2017-01-07T17:45:51.493

If it doesn't, then how would more "overwrites" overwrite it? It would be based on random chance, wouldnt it? Then the process shouldnt be called overwriting, it should be called "adding random data on harddrive and hoping it lands on old data" – P. Ktinos – 2017-01-07T17:49:11.200

Secure erase 'knows' what sectors to overwrite, though it's less than useless these days, as many apps constantly save safety copies of files you're working on, so deleting the 'master' won't touch any of the auto-saves. The modern equivalent is 'erase free space' – Tetsujin – 2017-01-07T17:56:20.580

Does the downvoter mind to comment? Does my question propose lack of research? – P. Ktinos – 2017-01-07T19:15:41.900

Overwritten data cannot be recovered by any software method. But back in the past century there was a proposal for recovering data with advanced hardware. How much if any real data was ever recovered using this method is questionable, and it is even more doubtful if it is viable with modern drives. The only organizations that might possibly be capable of this aren't talking. But the method has gained considerable credibility, deserved or not. Multiple overwrites are "Just in case". – LMiller7 – 2017-01-07T19:25:08.203

Answers

1

If you overwrite the file once after deletion, or even before deletion, how can it possibly be recoverable?

There no any guarantee that OS(especially that ones that use copy-on-write technology) will write new data to the same place (actual sectors) so by using forensic tools it possible to find previous data. It even more important to keep it mind when SSD used as a storage(internal controller always trying to randomize writing cycles to avoid writing to same place to extend its lifetime)

If you want to keep sensitive information in a safe place then use password managers such as keepass that keeps information encrypted and takes some steps to protect information to leak to clipboard or swap or be indexed. For the files you can use encrypted containers such as veracrypt but be sure to read all documentation how to reduce a chance of leaking information from encrypted container.

P.S. By overwriting usually means overwriting the whole storage with a tool such as dban but it isn't promising that it will erase all data from SSD drives due to technology used under the hood. HDDs also has hidden areas such as HPA and DCO. Keep also in mind that any recent HDD and SSD has spare space that used to substitute sectors that misbehaves by internal firmware of HDD/SSD, so remapped sectors also may contain some sensitive info

Alex

Posted 2017-01-07T17:44:25.693

Reputation: 5 606

Asked: 2017-01-07T17:44:25.693

Viewed: 51 times

Active: 2017-01-07T19:23:46.013