Hard Drive Erasing

[gamblingman]

I have a friend that deals with digital forensics. He told me that no matter what I do, the files I "delete" are always there, that the computer just cant see them. That even if I overwrite the deleted files, there are still "images" (so to speak) of the old files, and that the images can be recovered back into the original file.

So how can I fully delete old files, so that they are gone FOREVER. I've heard that the files never are fully gone, even if I use a HDD free space cleaning program. I have Acronis (for backups, but a cleaning utility is included) and it says that it can "clean" the free space on the HDD so that there are no traces of the old deletes.

So which is correct?

 

[The_Other_One]

Without getting too in depth with things, there's almost no way to full erase data. As you probably know, data's not actually removed, just given an erase tag (for the most part) The bulk of the data isn't altered until the OS decides to fill that section of the disk with something else.

Now while the data may be overwritten, it may not be "fully" overwritten. Thus if someone wanted to, they may be able to take the chunks of remaining data that wasn't filled in the cluster and reform whatever it may have been.

Going a bit farther, you could do a zero-write. While this "technically" erases all the data, there's still a chance bits are partially charged or...I forget the term right off, but essentially data is between bits if I recall correctly. Very difficult but still recoverable.

Now to the extreme... You could take your drive out and shoot it a few times, blasting the platters to bits... While it's difficult, given the right tools, it still would be possible to read and piece together what's left on the disk.

Sooo a straight answer... Eh, I guess over time there will be enough rewrites to fragment the data enough to make it unreadable. Unless you really have something to hide, a zero write/low-level-format should be enough to protect your data... Or do the DOD standard of 7 zero writes if you're very paranoid

 

[gamblingman]

HDD clean

I already used the DOD 7 overwrites, I wouldnt normally do it like that, but had money stuff on here. Thanks for the response, its what I thought.

 

[tyttebøvs]

Going a bit farther, you could do a zero-write. While this "technically" erases all the data, there's still a chance bits are partially charged or...I forget the term right off, but essentially data is between bits if I recall correctly. Very difficult but still recoverable.

But nobody has yet given the world a proof of concept of how to recover a harddrive after a single overwrite.

 

[Drewat17]

Let your hard drive and Mr. Magnet get acquainted.

 

[kimsland]

But nobody has yet given the world a proof of concept of how to recover a harddrive after a single overwrite.

Shadow data are the remains of a track even after a drive has been wiped

The following forensic reference http://www.forensics-intl.com/art15.html illustrates why 7 wipes are preferred, but it has been mentioned that a whopping (unbelievable) 35 wipes, is the only way to conclusively confirm all data is removed

If you have sensitive data on your drive, and you want to confirm beyond any shadow of a doubt that your data is unrecoverable, physically destroy the drive to tiny little bits of metal

 

[gamblingman]

destroy the drive

So I need to destory it like terminator is destroyed at the end of T2. Dunked in a vat of molten steel, seems like overkill.....I wonder what a steel mill would charge for that, ha ha ha.

 

[2048Megabytes]

But nobody has yet given the world a proof of concept of how to recover a hard drive after a single overwrite.

I agree. I use a program called Darik's Boot and Nuke to wipe my hard drives after I'm done with them. One complete overwrite of a hard drive and probably no one but the F.B.I. could get your data (if they could do it). I use three wipes to make sure the hard drive is completely wiped clean.

Is there a way to wipe a flash drive of all data? I don't know of anyway except destroying the flash drive.

 

[The_Other_One]

I could try to find some proof from my forensics notes if you guys would like, but I think kimsland basically got it. The bit may not be completely off or information may be stuck between bits. And again, information's stored in clusters (hope I'm getting all this right...I might have to dig out those notes...assuming I didn't delete them by mistake ) if a cluster isn't used completely, then information from the previous data written there would still be available.

Honestly, it's very confusing how it all works, and I've only taken a single computer forensics class, but I know it's possible to recover data after most any "delete".

 

[tyttebøvs]

Yes, it can be theorized that data can be brought back from a single overwrite. But that is all. Nobody has yet demonstrated this in pratice.

 

[gamblingman]

proof

Well since the issue is back and forth and nobody has a definite answer, I'll try to find out myself. I'll update this post when I get something conclusive.