Broadband Tech > Security > Security > HDD: 35 pass Guttman wipe on dban

HDD: 35 pass Guttman wipe on dban

I'd think not, but will defer to wiser kin... Damn, do you have NSA stuff on that drive?!
--
"In the future, that which is not mandatory will be illegal"

reply to cerdan
I can get your data back for you. Send me a PM. I'm very reasonably priced.

reply to cerdan
No. If you run a single pass wipe it isn't even going to be recoverable by a data recovery company.

reply to cerdan
If you've ever read Gutmanns paper - Secure Deletion of Data from Magnetic and Solid-State Memory, you'll see where he says the following:

"In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now."

So the Gutmann 35 pass wipe is a complete waste of time.

reply to cerdan
Normally I'm not a member of the tin hat society but in regards to this, I am. It's my belief that drives can be read if lab grade equipment and sophisticated techniques are used. I willing to admit that I may be wrong... but what if I'm not?

reply to cerdan

reply to HA Nut
@ HA Nut

Your not wrong. It is possible to recover just about any data through a microscopic examination of the disk platters. But from what I understand about the process it is very expensive and time consuming though. But even if you did 1000 overwrites the data could still be recovered this way.

I wouldn't worry too much about someone trying to recover your data, unless......... you are really a undercover secret agent working for the CIA and you recently discovered some above top secret information, that you store on your hard drive, and you need to get into the hands of the proper authorities.

This information could of course save the universe from certain doom. And at every turn your enemies are trying to stop you, who also want to acquire this valuable information from your computer, which they could use to gain great power and rule the universe with.

reply to cerdan
im sure a scanning electron microscope could pickup the magnetic particles but after multiple passes of DoD level wipe im pretty sure the bits would be so scrambled that even with the microscope they wouldnt know what order to put them back to togather in.

of course a Magnesium Burn(or something in a similar temp range) is the only true way if you really really really need to get rid of a drive. even the best of the best cant recover data from a pile of slag.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports

reply to cerdan
Here are 132 threads on how to destroy a hard drive. From this year. Is it time for another one already ?

»/nsearch?q=des···ds=%2C18

reply to Kearnstd
From what I've read about overwriting a drive, it's just that, overwriting with new random data. But the data is still available underneath and recoverable. Though expensive and difficult to acquire it. We're talking three letter agencies here, this isn't something your average joe can do. But still the data is there and recoverable, no matter how many overwrites one does.

reply to cerdan
My understanding of my last research into this:

A single pass and possibly 2 can be read by the professional data recovery firms - they disconnect the circuit board and drive the motor and the heads directly. Hence the DoD 3 pass wipe.

Up to 6 passes and data can be recovered still, due to the overwrite 'pushing' a thin layer of magnetism - this requires dismounting the platters and reading using a scanning electron microscope. This is an incredibly slow, expensive and tedious process. Not something to worry about unless you've gotten hold of a HDD from a foreign government or the like.

7+ passes? While it is possible that technology might get an extra pass or something, you're starting to hit real physical constraints not just 'more difficult.'
--
*Bobby*
Net Junkie

reply to Doctor Olds
@ Doctor Olds

Yes, but this thread isn't about destroying a drive.

reply to cerdan
however i think the point has been made that after a certain number of passes your data is totally impossible to recover for someone who buys it as a used PC or the ID theif who steals your laptop. they would simply find a fresh install of the OS or a totally blank machine. as these kinds of people lack the resources to gain access to the labs needed to go farther then normal recovery methods.
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports

reply to cerdan
DBAN will not wipe HPA/DCO areas on your drive:
»www.dban.org/node/35

Blocks marked as bad by the hard drive itself are not wiped (blocks marked as bad by the operating system only will be wiped). This information is possible to recover using exotic forensic techniques 2).
»ultraparanoid.wordpress.com/2007···-drives/

This may be a better option - check the read me:
»cmrr.ucsd.edu/people/Hughes/Secu···se.shtml

Will all of the above totally erase your hard drive?

Well, do you feel lucky ???

reply to cerdan

The 'shred' Command

reply to cerdan

Re: HDD: 35 pass Guttman wipe on dban

reply to Just Basics
If you remove the HPA or DCO first, DBAN will then wipe the entire drive without a problem. There is free software out there that will let you manipulate both HPAs and DCOs, so this really isn't an issue if you're concerned about wiping the recovery area of the disk.

As far as not wiping the G-List, it's really not a big deal. You're talking about 512 byte sectors that were determined bad by the disk, so the data is unreadable or corrupted already. In order to read the data from those sectors, you would have to use vendor-unique commands anyways, which are not publicly available. And lets say the user was able to figure out the commands and read from the damaged sectors, how much data are they actually going to get? 30 random sectors of 512 bytes? Nothing usable that they'd be able to make sense of.

Most of the companies we're dealing with now are more interested in using the built-in security features of the disk to wipe than the traditional 3-pass DoD wipe. Even though SECURITY ERASE UNIT only provides a 1-pass wipe of all zeros, it's still considered secure for modern disks, and is supported by any drive made within the last several years (ATA-3? I don't remember off the top of my head when it was added to the spec). People are realizing that multi-pass wipes are no longer needed, and just lengthen the time to process drives with no real gain in security.

If a data recovery firm says they can recover data after a full wipe, they're full of it. Maybe some government agency with the right equipment and years of time could recover a few MB of data, but no data recovery company has the ability to recover data on a modern disk where the bit density is so high. If they're advertising the ability to recover "overwritten" data, it's most likely marketing BS, and they're talking about drives that were quick formatted in Windows, or files that were deleted.