I've been hearing a lot about how Bleachbit can shred files and remove traces of deleted files easily to remove information you want totally destroyed, but couldn't I just reformat my HD to get the same effect?
Using Software To Wipe Hard Drives
Carter Powell
Oliver Peterson
Just use ATA Secure Erase
Jayden Sanders
reformatting essentially gets rid of pointers, secure wipes will replace the actually data with garbage data (which is why it takes so long)
Nathan Morris
DBAN
Robert Jackson
Yes, but with BleachBit you don't need to reinstall after
Daniel Gray
Bleachbit cleans and vacuums your room.
Reformatting closes the door and tells your mom not to look inside.
Christopher James
What's the difference between these options and Bleachbit? Is it just ?
Easton Wright
Best I've had.
You a teacher?
Camden Sullivan
for most intents and purpose, a simple reformat is fine.
If you have moderately-sensitive information (not stuff that will get you arrested, but stuff that would be nice for other people not to have), a simple write of all-zeroes would suffice.
If you were to find yourself in legal trouble if the data got into the wrong hands (HIPAA, Hillary email server, CP, etc) you could use the Unix utility "Shred" which overwrites by default 3 times and has the option then to write all zeroes. This is more than sufficient to ensure no possibility of data recovery by anyone, unless there are bad sectors that cannot be written over or some other mechanical failure.
If you are really paranoid- Physically destroy the disk. Put the platters in a blender. Microwave them. Melt them.
Grayson Jenkins
And to elaborate a bit more- This is for hard disk drives. SSDs operate a bit differently and it can be a bit harder to determine if data has actually been permanently removed from an SSD.
Kevin Howard
Unfamiliar with Bleachbit, but DBAN is pretty commonly used and more known, unless I'm a dinosaur who lives under a rock.
Jackson Scott
Could you just use a magnet?
Nathaniel White
Good overview.
But has there ever been even a single instance, even in perfect lab conditions, of readable data being restored from a drive that was overwritten with zeros once?
Cameron Lewis
no.
Luke Wright
Can the FBI get me for obstruction if I used Bleachbit to clean a hard drive, even if there's no evidence of what was removed?
I guess there must be methods around DBAN if it's so common.
Colton Martinez
>methods around dban
w-what? nigga we're just talking about overwriting shit. There's no way "around" that it's not like you can just undo the writes.
Realistically just overwriting your (non SSD) hard drive with random 0s and 1s once any old how is gonna kill any chance of recovering anything.
The only reason you really do it multiple times is "to make sure"
Jack Lopez
May no longer be a thing, but back in the day it was possible to recover overwritten data from an Apple DOS floppy due to inter-track write head slop...
Jace Green
HDD: Overwrite with zeros od random pattern.
SSD: Use ATA secure erase.
Owen Brooks
Well, there's a bit of a difference in how tightly data is packed on a DOS floppy and a modern HDD. It's getting to be an engineering challenge to even reliably read data from a drive that isn't overwritten.
Isaiah Stewart
tl;dr overwrite with zeroes or do a slow format unless you're a spergelord that wants to spend several days(1~ day per 2~ passes) overwriting
+1
>reformatting essentially gets rid of pointers
slow formats actually overwrite data
>Yes, but with BleachBit you don't need to reinstall
then it does nothing to remove sensitive data as there may be other incidental copies available like any thumbnails an operating system may have made, cached versions, or metadata such as in recently opened file lists
>Reformatting closes the door and tells your mom not to look inside.
see above
>a simple reformat is fine.
>a simple write of all-zeroes would suffice.
a slow format, which is what people should be using, is the same as overwriting with zeroes
>If you were to find yourself in legal trouble if the data got into the wrong hands
governmental agencies won't need to rely on what's on the disk, they'll already know what you've been up to
>This is more than sufficient to ensure no possibility of data recovery by anyone
overwriting with zeroes cannot be recovered under the most ideal test conditions (brand new only written to once 320gb drive (i.e., low platter density)); under less than ideal test conditions it is astronomically low to recover several sequential intact bytes (i.e., 8 bits), never mind recovering anything close to a file (less than ideal i.e., not a brand new drive but instead been overwritten multiple times)
>SSDs operate a bit differently and it can be a bit harder to determine if data has actually been permanently removed from an SSD.
if ata secure erase is not considered good enough to erase ssds for you then you should already know this and be completely destroying ssds
(ata secure erase implementation is actually up to the manufacturer so it might not be ideal but usually data cannot be recovered by conventional means, see above in regards to governmental agencies)
Joshua Green
tl;dr it's not possible on traditional modern harddrives, the weakest link will be in other areas like onboard harddrive cache or ata secure erase implementations in ssds (but for the love of god, overwriting ssds with random data is worse for the drive and still won't get cells that have been marked not to be used)
digital-forensics.sans.org
vidarholen.net
the second link is the traditional old study based on older low platter density drives (320gb) - the results will be applicable to modern drives but much more condemning as platter density has increased massively
the first result is somewhat more modern but a quote from it should summarise it well:
>As has been noted, in real forensic engagements, the prior distribution is unknown. When you are trying to recover data from a drive, you generally do not have an image of what you are seeking to recover. Without this forensic image, the experiment would have been exponentially more difficult. What we found from this is that even on a single write the overlap at best gives a probability of as low as just over 50% of choosing a prior bit (the best read being a little over 56%).
>This caused the issue to arise, that there is no way to determine if the bit was correctly chosen or not.
>Therefore, there is a chance of correctly choosing any bit in a selected byte (8-bits) ? but this equates a probability around 0.9% (or less) with a small confidence interval either side for error.
Hunter Evans
>Using Software