![]() People think of a hard drive as a digital device that magnetic bits are arranged in a tight pattern and get "flipped" on or off by the drive heads. However, there is a reason that governments mandate multiple passes. Practically speaking, the accepted answer is correct one pass is sufficient to make the data on a drive unrecoverable. The question being asked is purely academic, so this answer is also purely academic. This is an old question but I felt compelled to throw in my two cents given that I have forensic data recovery experience. TrueCrypt's documentation includes an excellent discussion of this problem, and ways to solve it. In the case of flash-based media, your best bet is to simply encrypt any and all sensitive data that goes onto it, using a strong password. Without going into the details of what the term means or the reasons behind it, it means that you really can't securely delete files on flash-based media unless you securely wipe the entire media, and even that can't always guarantee that the wear-leveling algorithms didn't leave behind un-wiped data that you couldn't write to. )Ĭaveat: Flash-based media employ a system called "wear leveling" to extend the life of the device. ![]() If this is the case, though, you should be asking your superior/handler what your agency's regulations are regarding secure deletion of sensitive data, not SU. On the other hand, if you are a secret government agent, well, one pass really isn't enough because you do have China after your data. So the answer to your question (How many passes are needed?) is: "One." The answer to your implied question (Should I override shred's default 3 passes?) is: "Nah." (Eraser defaults to only a single pass when deleting free space on a hard drive this, too, I let run at the default.) When I used shred (default number of passes: 3) I let it do its 3 passes when I use Eraser on Windows (default number of passes on a file: 35), I let it do its 35 passes. Thus, while the fallacy that you have to overwrite multiple times with complex patterns of passes is widespread enough that all "secure deletion" software defaults to multiple passes, there's really very little point to overriding those defaults. That said, modern disks are quite fast, and unless you're wiping the entirety of a hard drive multiple passes take so little time that there's really no reason not to do them. If, on the other hand, you're merely dealing with personal banking passwords and your secret pr0n stash, a single pass is plenty sufficient to render the data completely unrecoverable from any practical means. If you're dealing with government secrets (as the NSA is) then write-once probably isn't good enough, because China has no problem obtaining and using these devices, nor employing teams of hundreds of specialized experts to use them. All such devices are horrendously expensive, and even with the best equipment and most-skilled experts, it takes a monumental amount of time (think years for a single platter all hard disks have multiple platters) and has a very high failure rate. What is left behind requires electron microscopes and/or high-tech magnetometric (or whatever they're called) scanners. Modern magnetic media are quite efficient, and leave behind very little evidence of former bit positions. It's not about special problems of flash drives.It's not about different techniques to wipe it securely (magnetic power, melting, filling with sand and turning).It's not so much about the method (random numbers 0s, 0xFF and fancy patterns).It's not about old MFM/RLL-drives from the early 90ies.It's not about bad sectors, where data might slip through.Overwrite N times instead of the default (3)īut on the one hand I heard about an NSA suggestion to overwrite 27 times, and on the other hand professional data recovery firms could not recover data from a drive that was wiped just once. ![]() Linux/GNU shred says in the manual: -n, -iterations=N Not in the sense, that a forensic team of 20 experts with a budget of 100 million euro or dollars and 10 years of time to restore a couple of bytes from a known address with 80% accuracy, but few people with a few 1000 €/$ budget, who wouldn't spend more than two weeks on the job, and who don't know where on the drive they are searching. If you have a private data on a recent, normal hard drive - how many passes do you need to delete the data to make it unrecoverable?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |