More on the recoverability of overwritten data

The recent post,“Is it possible to retrieve data from an HDD that’s been zeroed out?” generated some interesting mail arguing the technical merits of single vs. multipass, and random vs nonrandom, overwrites.

For example, Miles Wolbe sent in this excellent note:

Hi Fred,

This is a topic that has interested me for some time:

Is it possible to recover data from a drive overwritten with zeros once?
https://tinyapps.org/blog/201107170700_once_is_enough.html

The wide consensus is no, even for three letter agencies armed with magnetic force microscopes.

As for the origin of the theory that such recovery might be possible (Gutmann’s 1996 paper “Secure Deletion of Data from Magnetic and Solid-State Memory”) Daniel Feenberg (in Can Intelligence Agencies Read Overwritten Data?) concludes that “Gutmann’s claim belongs in the category of urban legend.”

A later comment attributed to Gutmann on the Bugtraq mailing list stated “even if you’ve got 10KB of sensitive data on a drive and can’t erase it with 100% certainty, the chances of an adversary being able to find the erased traces of that 10KB in 80GB of other erased traces are close to zero.”

I can say this for certain: I tried hiring all three Western Digital Platinum Data Recovery Partners in the Americas (namely, Datarecovery.com, DriveSavers Data Recovery, and Ontrack) to recover data from a hard drive following a single pass of zeroes:

It was not possible.

Aloha,

Miles

PS – More info:

Can data be recovered from a zero-filled hard drive? https://tinyapps.org/docs/recovering_data_from_zero_filled_hard_drive.html

Guidelines for Media Sanitization, NIST Special Publication 800-88, September 2006 (https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-88.pdf) “[F]or ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack.”

Guidelines for Media Sanitization, NIST Special Publication 800-88, Revision 1, Decemeber 2014 (https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-88r1.pdf) “For storage devices containing magnetic media, a single overwrite pass with a fixed pattern such as binary zeros typically hinders recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data.”

Outstanding note, Miles, thanks!

Permalink: https://langa.com/?p=3068

[seperator]

COMMENT / QUESTION on THIS ITEM? See the Comment box at bottom of this page!

NEW QUESTION?
Ask here!

(Want free notification of new content? Click here!)

Comment? Question? Reply...?