If the bits on a hard drive can only be a 1 or a 0...

The "professional" way is to overwrite using multiple passes, each consisting of randomized bits.

>From what I've heard it costs only a few thousand USD to recover portions of data that has been overwritten with a single pass.
Link?

web.archive.org/web/20131208184307/http://www.h-online.com/newsticker/news/item/Secure-deletion-a-single-overwrite-will-do-it-739699.html

There is a 56% chance that you can recover a bit successfully. That gives you a 1.7% chance of recovering an ASCII character.

wish I had one. It's just what I've been told by someone who's experienced in the field.

Single-pass confirmed for sufficient.
No way is any significant amount of data able to be recovered from it.

Can you make this a food analogy please.

If I get myself 8 burgers from McDonalds of which 4 are hamburgers and 4 are cheeseburgers, I can tell which ones were were cheeseburgers by bits of cheese in the wrapping paper of each burger.

Single pass overwrite is the equivalent of wiping any remaining crumbs of food off the paper.

Well put, user.

>someone who's experienced in the field
by "field" do you mean being pedo, paranoid or just shitposting

>Single pass overwrite is the equivalent of wiping any remaining crumbs of food off the paper.
No. It's more like putting a different burger in the same wrapping. The more times you put different burgers in, the harder it is to tell which burger was in previously.
Trying to recover data from a single-pass is like doing the above several times, trying to figure out which burger was last in each wrapper.

the bleachbit devs seem convinced that a single pass is sufficient

pedo and semi-paranoid, probably not shitposting.

>thinks the only thing in hard drives are disks and nothing else.

>even melting it into a solid chunk of metal is unsafe since some minuscule portion of data may be recovered.
Bullshit.

anyone got a program that can try to recover anything I didn't wipe?

>If the bits on a hard drive can only be a 1 or a 0, why do people suggest doing 3 or more passes of writing zeros to all the bits to wipe the drive?

computers are actually analog electronic devices that just happen to be very good at holding bistable states. same thing for hard drives, every bit is really a magnetic field whose strength is effectively put through a DAC.

Writing over bits may leave a pattern of fields distinct enough that a drive trying to see binary patterns will see the new one, but that doesn't mean that an analog measuring device couldn't see field strength variations that could distinguish something like: 1->1 = strongest, 0->0 = weakest, 0->1 = mostly strong, 1->0 = mostly weak, or even maybe >=three bit history deciphering. Furthermore, HDD use strong error recovery codes to aid normal reading of slightly flakey magnetic domains, so attackers have even more tools available.

How long ago was it wiped and with which program?

If the file allocation data was fully wiped then you need to have the original files reconstructed, this may not be an automatic operation. It can get very expensive.
Was the data very valuable?

youtube.com/watch?v=rFzR_FOTq2I

>Furthermore, HDD use strong error recovery codes to aid normal reading of slightly flakey magnetic domains, so attackers have even more tools available.
The probabilities are too low. Recovering meaningful data after a single wipe seems impossible.
You need to provide evidence that an actual attempt to perform such an act has been successful (even once).

All fucking wrong. The only semi-correct answers are:
Read/write heads detect the magnetic field when it measures the distance between the high/low indentation on the disk. The reading is not always a definite 1 or a definite 0. Readings can be taken that have values of 0.825235 or 0.003 and the computer maintains a threshold value to determine which are actually 0 or 1. Recovery software rewrites what the threshold values currently are to determine what they 'were' in their previous state.

>he doesn't know about molecular breakdown requirements

Can you provide a link demonstrating that such data recovery is possible? I am willing to write and wipe (with a single-pass) a disk and pay for the service.

RecoverMyFiles

...

>Claims that data recovery from a single overwrite is possible
>Provides no evidence
>Wastes own and others time

Shill identified.

You got me, I work for Seagate and our sales numbers are down......

people who prepare to fight wars against only their enemies' verified assets tend to fare poorly historically.

What's a good tool to mass overwrite a drive ?

WTF are you talking about?

FFS half the posters ITT are outright retarded, the other half are proper shills

only idiots think absence of proof = proof of absence.
you can choose to believe that no attack exists, but it's just an article of faith unless you can find some fundamental proof of why it can't be.

10 years ago nobody would have believed that feds could use x-ray diffraction and high-end signal extraction algorithms to recover filed off gun serial numbers, but that shit is real too.

>CIAniggers thinking they can fool anyone here

oh wait, this is Sup Forums

Anyone here honestly think that one pass will do the trick, rather than erring on the side of caution is a moron. HDDs have virtually unlimited writes, so why not go that extra mile, proof or not?

>x-ray diffraction
if it's not clear, they can measure patterns of irregularities in the steel's crystalline structure below the depth of the imprinting itself, then do compute magic to at least get the small range of serial numbers that would come close to making the deformations.

simple deletion and cleaning the bin is sufficient because that space is going to be written to anyway

recovery programs literally never work, not once.

Works for me senpai, of course it's not 100%

>2018
>not using Full Disk Encryption™

>Good security needs 35 passes of random data to make recovery a matter of luck.

"In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques… In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don’t understand that statement, re-read the paper). If you’re using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, “A good scrubbing with random data will do about as well as can be expected“. This was true in 1996, and is still true now. "

1 pass = sufficient because nobody is going to analyse every bit.
Even if they do analyse every bit and know which bits might have changed its pretty much near impossible to reconstruct entire files that way

But if you do 3 passes (which is one pass with 0's, one pass with 1's and one pass with random data) then all data becomes so distorted by the fake data that any attempt to recover a single bit becomes impossible.

>en.wikipedia.org/wiki/Gutmann_method

TL;DR if the DoD requires extensive multi wiping of their drives, then it's a safe bet you should do the same.

You Glow too much.

desu that's basically sorcery

Wow so a bit doesn't flip and they can learn about 1 whole bit? Oh my god imagine how much they can learn, oh wait 1 bit literally nothing and they may as well just guess the content of the disk.

Ghost bits,
Ghost bits everywhere

That's only true for old HDDs. The platters on modern HDD are extremely difficult to do any sort of disaster recovery. It is because the bits are so dang small and fragile to physical stress.

well bits are just a theoretical concept. in the real world, you get analog values, which are real numbers as opposed to integers. when you read the value, the sensor will adjust to know which one it's closer to. say it's 0.996 you decide that's a 1. if it's 0.002 that's 0.
what happens when you overwrite on older drives is a 1 overwritten with a 0 might be a little lower than expected, maybe 0.86. now a sensor with sufficient precision (atomic force microscope) may be able to detect those variations and reconstruct the data in previous overwrites.

now when you write a sector on a hard drive, it's not exactly 0's and 1's. It's more like a pulse, which looks like a really distorted wave. the exact way in which this is done and interpreted is proprietary to each hard drive manufacturer (and possibly to different drive series). the idea with multiple overwrites of different patterns (especially the gutmann method) is to account for all the variations in data encoding.

en.wikipedia.org/wiki/Data_remanence

this was true when track densities were lower. today's data densities leave nearly no space between tracks. in fact it's wonder they can do stuff like shingled magnetic recording without data actually being overwritten in neighboring tracks.

What about an SSD?

Place in microwave, hit 10min, run.

there is no guaranteed way of deleting anything on ssd without physically destroying the whole drive. the best way around that is to never write anything unecrypted onto one

Wow, holy shit, I learned more in 10 minutes of reading this thread than the past 3 years. What gives? Is this some kind of joke?

Why not just use the drive till it dies?

US DOD standard is 7 passes.

>10 years ago nobody would have believed
I would have believed that. X-ray diffraction is a wildly used technology in research and industry and not really a complicated thing. Heck, nowadays steel companies use all kind of measurement technology (Scanning tunneling microscopy, Transmission electron microscopy etc). The bottom line is: Don't make it sound like sorcery, it's not some kind of secret knowledge

I thought it bleachbit and hammers? Or is that only state department?

There is a point where the metal magnetize completely.
This happens before it melts.
This is a safe way to ensure drives are safe, through cost effectiveness isn't there.
Its cheaper to rapidly cycle an electromagnet on and off on a drive that's powerful enough.

Just because you are of no value at all to anyone doesn't mean someone won't be. granted a good rape accusation or a pedo one where you go to court, and even if acquitted your reputation is 100% fucked, cheaper and easier to do.

just get a laptop drive with glass platters. although, if you're not osama bin laden incarnate, a single pass of NIST generated pseudo random is sufficient.

the formerly secret knowledge was that the muted and blended deformations below the imprint still had enough signal to extract.

direct x-ray crystallography itself is literally a century old tech.

bleachbit, hammers, and a conveniently cooperative FBI/DOJ.

very good explanation
are you a teacher or something ?
consider to become one!

dumby version is simple.Once you store Data on a drive it NEVER is really erased you are just able to write over the same places much like using white out on a paper

So does that mean a non-magnetic storage solution, such as SSDs, would be sufficient with one pass through?

>the information that "It was indeed a hard drive" are compromising
Call me a privacy-hating faggot, but I think that I can safely disclose the information that I am, indeed, using hard drives.

LITERALLY THIS.

BEST approach: Do 30+ wipes, smash the drive to bits.
SECOND BEST approach: Smash the drive to bits
THIRD BEST approach: Do 30 wipes
JUST tier approach: Do """enough""" wipes

If you really want to be safe, destroy the drive. With a mallet or a hammer.

Basically true.Random data is always better than zeroes, since it's a repeating pattern you're pulling in there. Random can mean anything.

TOP KEK, NIGGER

>teacher brings flash drive to me
>I had some work stuff on it!
>didn'tbackup.jpg
>run scalpel
>go for PDF and DOCX documents
>recover about 70%
>she thanks me

You shouldn't use gitDataBackGoy™ if you wanna recover something.

I always just peel the sticker and put them underwater.

at least bend them afterwards, or do it in salt water and dump some AC in there.

Good point, I'll make a habit to use coffee grounds or dirt next time.

Does that apply to android smart phones too?

They stack bits vertically now so they don’t interfere so much.

So what is the proper way to wipe an SSD?

ATA Secure Erase or Manufacturer provided firmware eraser, but even these are dodgey as SSD's are still pretty much wizards things in terms of data.

Just formatting the drive will be fine.

Do you really think people are going to go through your trash looking for the computer you threw out on the off chance that they can pull your drive, run home, run it through recovery software, and HOPE that there is something worth finding on there rather than sifting through your boring ass pictures of that time you graduated from school.

In what kind of third world country would you just throw your hard drive into a trash bin?

Because they're following outdated guidelines from the MFM/RLL days of hard drives, with wildly different media coercivity, and believe them blindly. The DoD ones have changed; Peter Gutmann himself has told you to throw away his old recommendations (look him up).

In fact, on a hard disk drive with no reallocated sectors, in which you've done one dd if=/dev/zero of=/dev/sda on, the NSA (trying their hardest to assist an FBI a terrorism investigation) will STILL not be able to recover even one partial sector of data. It has been like that especially since we had hard disks which use perpendicular recording, and you can completely forget about SMR where the tracks are wider than their offsets.

One proper zero pass is enough; ideally an ATA Secure Erase (Enhanced) so that the drive firmware erases slightly off-track as well (purely just in case) and any reallocated sectors. This will also clear metadata, which will allow (even with an encrypted drive) identification of what areas might be frequently used, and what filesystem is on it and how full it is (see TrueCrypt's docs for hidden volumes for more information). Note that drive-managed SMR drives (i.e. all the ones that you can buy; host-managed are special-customer only) perform transparent sector reallocation just like SSDs and have the same metadata issue.

You, on the other hand, are totally fucked, my friend. Flash cannot be certifiably erased, because when cells fail (and they do, which is why you have reallocation and wear leveling), they either can't be written after erase (okay), or can't be erased and are 'stuck' (very bad). The right way is to ensure that no cleartext ever touches it in the first place; to store your keys, you want EEPROM, which can be erased (that's why TPMs still use EEPROM).

>If the bits on a hard drive can only be a 1 or a 0

That's an abstraction. A hard drive has a bunch of magnetic material with an analog magnetization state. Writing all zeros, ones, or random data will prevent the data from being recovered through the sata port provided the drive is functioning correctly. Multiple passes of random data are only required if your threat model includes people with the access to directly interpret the signal from the head. My personal model doesn't involve such people. If such people were to attempt that on me they would be wasting their resources because there's absolutely nothing on my drives worth that trouble.

If you are a government agency handling data that could result in damage to national security if it were compromised then yeah that's in your threat model. If you are a company who has trade secrets worth millions of dollars yeah that's in your threat model. If you are a hospital who faces huge liabilities if patient records aren't treated according to prescribed practices, then yeah it's in your threat model.

>You, on the other hand, are totally fucked, my friend. Flash cannot be certifiably erased, because when cells fail (and they do, which is why you have reallocation and wear leveling), they either can't be written after erase (okay), or can't be erased and are 'stuck' (very bad). The right way is to ensure that no cleartext ever touches it in the first place; to store your keys, you want EEPROM, which can be erased (that's why TPMs still use EEPROM).
So what then, is physical destruction of the SSD the only 100% opinion? Whats a good way of doing that anyway, taking the 2.5" versions apart and driving over the stuff inside or just straight driving an m.2 one, perhaps a hammer would work as well.

Destroy every chip on the board.

ITT: CIA Niggers trying to make their job easier by convincing people that 1 pass is sufficient

Shingled recording does actually overwrite the adjacent tracks, slightly. Hence the name "shingle".
The write track is wider than the read track so, hopefully, the read head won't pick up any of the clutter that falls between the tracks.

In my head i just visualized Sup Forumslacks:
>Hurr le 56% meme

>That gives you a 1.7% chance of recovering an ASCII character.
not quite; most hard disks will use turbo codes or R-S cross-interleaved, which would allow, if enough redundancy is inherit in the algorithm, perfect reconstruction of the original data if only half the bits are readable.

The best way to keep a secret is not to let anyone know you have one. So, instead of trying to destroy the drive, simply repurpose it in a benign way. Use it as part of an art installation, for levelling a wobbly table, as a TSV volume - whatever.
As long as nobody is likely to investigate it in depth, you're arguably safe - for certain values of "safe".

...

>Furthermore, HDD use strong error recovery codes to aid normal reading of slightly flakey magnetic domains, so attackers have even more tools available.
You would have to write your own controller to talk to the heads and scrape magnetic info raw from the platters as well as grab more exact positioning data and throw it up top.

Most controllers don't give you this low a level of interaction by default.
It's all bitwise with attached ECC and some bools encoded to the platter.

>Recovery software rewrites what the threshold values currently are to determine what they 'were' in their previous state.
Most of the error handling is done in the controller and just hands off a timeout to the OS.
Recovery software can usually only talk to the controller so you have to deal with a black box that might lie.
The typical solution is to ask it different ways and several times if it doesn't reply within a certain timeframe to hopefully nudge flying heads on the track or grab a bad bit somewhere.
The lowest level you can really send down the pipe is: Ignore the ECC and return me the faulty value.

A lot of people neglect how delicate these platters are.
If you remove them and turn all three platters from a disk randomly and then reinsert them: Good fucking luck splicing the data back together, even though the device is still perfectly readable/ writable.

terry warned me about your kind