How to erase your disk to be "unrecoverable"?

[CERO]

Hiya,

I have never done this, I heared a program like Killdisk is good for this. Or are there better programs around? Well the reason I want to do this , is that I am about to sell my raptor, and u never knows who gets their hands on the drive . So what I am looking is not a extremely methode that even the FBI cant trace your data LOL. But just a "good enough" methode to erase my disk. About killdisk, if it is proper u can choose these methodes of erase, which 1 is good enough? Assuming: the last option : 35 times would take ages to erase......:
5.1 Erase/Wipe Methods

5.1.1 One Pass Zeros or One Pass Random
When using One Pass Zeros or One Pass Random, the number of passes is fixed and cannot be changed.

When the write head passes through a sector, it writes only zeros or a series of random characters.

5.1.2 User Defined
You indicate the number of times the write head passes over each sector. Each overwriting pass is performed with a buffer containing random characters.

5.1.3 US DoD 5220.22-M
The write head passes over each sector three times. The first time with zeros (0x00), second time with 0xFF and the third time with random characters. There is one final pass to verify random characters by reading.

5.1.4 German VSITR
The write head passes over each sector seven times.

5.1.5 Russian GOST p50739-95
The write head passes over each sector five times.

5.1.6 Gutmann
The write head passes over each sector 35 times. For details about this, the most secure data clearing standard, you can read the original article at the link below:

[systemviper]

Google a program called Zdelete.
then have a 30 day trial and it will erase it to DOD standards or even more,

I think once you do a 2 pass overwrite you are fine but it's up to you.

Zdelete will do it for you for the next 30 days.

[CERO]

Thnx for your reply, so how does this program works.
Which methode do I need to choose for the 2 -passes.

*edit
I see they use, the same methode as killdisk: DoD 5220.22-M., which u are assuming is good enough. So how does this program works huh, also under DOS?

[One_Hertz]

one pass of zeroing in all the sectors is enough for no one to be able to get most of your data back. Theoreticaly they could grab the data left on the bad sectors, but there is too little there to worry a home user such as yourself.

[systemviper]

I agree with one hertz, for non sensitive data one pass is great.

I am a little more skeptical and always do a double pass.

Zdelete requires a OS to work or you need to mount the drive in a system as a slave and then wipe it there.

As far as how it works, there is a GUI and a wizzard so it's a no brainer.

hope that helps

[TouGe]

This is what I've always used, eraser.

[stevecs]

Depends on who you are trying to protect your data against. For general home users, yes a zero of the drive is very good. You won't hit any sectors that the drive would remap due to write errors but at most that would be 512bytes of data that would remain intact.

However, for governmental encryption or items that would stand up to much higher scrutiny you need to do numerous passes of randomized writes of data. Remember that the 'bits' on the hard drive are NOT binary. That is only an interpretation that the controller sees. The data is actually stored in an analogue format (magnetic orientation). When you put a new orientation on a bit (induced magnetic field) it does not flip 100% is is deflected. So if you know what was written to a particular sector (say binary 0, 1, 0, 1 ) and know the order it was written you could subtract the changes and get the original orientation back again.

Granted this is _NOT_ something you have to worry about in 99.99% of the cases (?more?) but if you have a situation where your data is valuable enough that others would be willing to spend some very impressive $$ to do the analysis and if they knew the method of your erase it could be recreated. This is also why things like truecrypt for the entire drive is a benefit.

[Star_Hunter]

http://dban.sourceforge.net/

Dban is one of the best.

[Brother Esau]

The Guttman Pass Method is the leader and standard in completely making Data Unrcoverable

Download a FREE Tool called Darrens Boot "N" Nuke regarded as the best

[WrigleyVillain]

Darik's Boot and Nuke. Linked in the post above yours and +1 for it...

[One_Hertz]

However, for governmental encryption or items that would stand up to much higher scrutiny you need to do numerous passes of randomized writes of data. Remember that the 'bits' on the hard drive are NOT binary. That is only an interpretation that the controller sees. The data is actually stored in an analogue format (magnetic orientation). When you put a new orientation on a bit (induced magnetic field) it does not flip 100% is is deflected. So if you know what was written to a particular sector (say binary 0, 1, 0, 1 ) and know the order it was written you could subtract the changes and get the original orientation back again.

Granted this is _NOT_ something you have to worry about in 99.99% of the cases (?more?) but if you have a situation where your data is valuable enough that others would be willing to spend some very impressive $$ to do the analysis and if they knew the method of your erase it could be recreated. This is also why things like truecrypt for the entire drive is a benefit.

That is not possible on current drives because of the high data density. No one has done it to date that is. Older drives, sure, but not newer ones. Once you rewrite the sector thats that...

Military nowadays use large machines that send massive EMP at the drives they wish to destroy, which takes care of the reallocated sectors as well. Kind of a stupid and expensive way to do it, easier to just use drives with enhanced security erase mode available.

[[XC] NetburstXE]

The Guttman Pass Method is the leader and standard in completely making Data Unrcoverable

Download a FREE Tool called Darrens Boot "N" Nuke regarded as the best

I'll also recommend DBAN.

[CERO]

Thxn fellas for all those recommendation!

[stevecs]

That is not possible on current drives because of the high data density. No one has done it to date that is. Older drives, sure, but not newer ones. Once you rewrite the sector thats that...

Military nowadays use large machines that send massive EMP at the drives they wish to destroy, which takes care of the reallocated sectors as well. Kind of a stupid and expensive way to do it, easier to just use drives with enhanced security erase mode available.

Actually it is possible as a means of attack, as for what you mentioned due to densities may be high causing cost issues yes that is true. Remember though that your drive itself is a device that can do it already. The act of changing a bit on the media is what your drive DOES. All it takes is to read those bits back (which is also normal) and instead of translating them into binary to output the analogue intensity directly. (this is already done, the drive reads the PRML encoding in and then basically 'rounds' the magnetic signal to north/south whichever is more predominant.

I am not saying that it is cost effective to do this, it is not. And as you pointed out there are means to avoid this permanently by large EMP pulses, sanding off the iron oxide layer and furnaces as with heat magnetic properties disappear. However all of those also destroy the media.

[One_Hertz]

Actually it is possible as a means of attack, as for what you mentioned due to densities may be high causing cost issues yes that is true. Remember though that your drive itself is a device that can do it already. The act of changing a bit on the media is what your drive DOES. All it takes is to read those bits back (which is also normal) and instead of translating them into binary to output the analogue intensity directly. (this is already done, the drive reads the PRML encoding in and then basically 'rounds' the magnetic signal to north/south whichever is more predominant.

I am not saying that it is cost effective to do this, it is not. And as you pointed out there are means to avoid this permanently by large EMP pulses, sanding off the iron oxide layer and furnaces as with heat magnetic properties disappear. However all of those also destroy the media.

I repeat, no one has actually done this on drives with perpendicular recording. It is possible only in theory right now and US Government is not willing to fund it to get it looked at more properly because they simply don't care enough about ANY data.

[WrigleyVillain]

Course if you don't need the drive then theres all kinds of fun ways to make sure no data is ever read from those platters again.

[stevecs]

I repeat, no one has actually done this on drives with perpendicular recording. It is possible only in theory right now and US Government is not willing to fund it to get it looked at more properly because they simply don't care enough about ANY data.

I know that I have not done it myself with any current drives, I have with older MFM and RLL drives attaching the head to an oscilloscope and writing out the waveform. Then you also have SPM (scanning probe microscopy) or more current MFM (magentic force microscopy). To avoid recovery for this you need a magnetic force of ~5x the coercivity of the media. (usually measured in oersteds). DoD specs I believe are only rated up to 750 Oe (class 2?) but that could have changed. The last I looked at this, ~2000ish or so, drives needed around 2500 Oe to be erased.

I fail to see anything in the PRML encoding schema that would prevent any of the above from being used. I would be interested in anything that would show why this would not work.

[One_Hertz]

I know that I have not done it myself with any current drives, I have with older MFM and RLL drives attaching the head to an oscilloscope and writing out the waveform. Then you also have SPM (scanning probe microscopy) or more current MFM (magentic force microscopy). To avoid recovery for this you need a magnetic force of ~5x the coercivity of the media. (usually measured in oersteds). DoD specs I believe are only rated up to 750 Oe (class 2?) but that could have changed. The last I looked at this, ~2000ish or so, drives needed around 2500 Oe to be erased.

I fail to see anything in the PRML encoding schema that would prevent any of the above from being used. I would be interested in anything that would show why this would not work.

Its not that you CAN'T. Its that the RLL encoding is very dynamic so someone is going to have to MANUALLY and WITHOUT MISTAKES (those two don't go together) go through all the visual data collected by the device in wave form (which would take years by itself on current drives with most current magnetic microscopes) and convert it BIT BY BIT. You can't make a program capable of dealing with this...

Say you get a magnetic image of the drive, say you deciphered all of it (at this point you have spent many many years and assumingly have not done any mistakes) and you now have a bit map of the data on the platter(s). How do you know where the data you are looking for is? To even get ONE single file you will have to make sense of the bit map of the WHOLE firmware area first (to locate the translator module along with many others required to get the location of the data), which is unique for every drive. Once you make sense of that, you can get your files, maybe.

[stevecs]

Oh, completely agree with you that it's not something that is easy to do at all, very time intensive and prone to mistakes. (btw, there were some programs available to do some of the interpretation of the waveforms that helps a little). Just was trying to make it known that it depends on the value of the data. For home users/corporations they probably won't spend the money to dig to that level (and the involvement to try to remove the analogue 'wiping' modifications done to the tracks). But if it was something that did have an open pocket book to do (say, national survival or a _really pissed off geek_) wouldn't put it out of range.

[One_Hertz]

Oh, completely agree with you that it's not something that is easy to do at all, very time intensive and prone to mistakes. (btw, there were some programs available to do some of the interpretation of the waveforms that helps a little). Just was trying to make it known that it depends on the value of the data. For home users/corporations they probably won't spend the money to dig to that level (and the involvement to try to remove the analogue 'wiping' modifications done to the tracks). But if it was something that did have an open pocket book to do (say, national survival or a _really pissed off geek_) wouldn't put it out of range.

Those programs do not work anymore manual only unfortunately...

FBI had a *multi* million project going on this exact problem and they didn't get their stuff back... Not sure you quite understand the magnitude of the matters involved and I don't really know how to explain it further.

[Xcel]

Here's how you do it

[stevecs]

Love it! Brings back memories of having to shred/destroy thousands of 3420 tape reels. Sounded just like xmas ordiments breaking (poping/crinkling) very nice. :P