Secure file erase

[talisman]

Just a small thought... with traditional HDDs most people feel very confident if the data is erased in multiple passes, however is it secure enough even then? What about FBI/CIA/NSA/MI6 and the like? If for some reason you have (or had) suspicious data on your HDD and the HDD was given to there three letter abbreviated agencies for inspection, how likely is it that they can get the data or even a small portion of it back?

Not that I have any "secret" plans on my HDD, but I just want to know and study the gap between "enough" and "agency proof" security.

[utopiomania]

Nine times is CIA proof.

For example SSD HD's switching the chips to garantee a minimum of writes to every single chip.
The chip will not be erased on switch.

Just overwrite each byte as Netmaestro suggests, the switching will guarantee that any leftover data copies
due to this switching is overwritten by other data.

[talisman]

If nine times is CIA proof, is it a "bit" overkill to use a product like Active@ Kill Disk with the Gutmann method (35 passes) to erase an HDD?

[SFSxOI]

I think this code is a very secure erase. If the HD unlinks a block it is unavailable to the OS so no one can see it. Besides it is fairly unlikely that this happens. If you overwrite each byte nine times, the original data is gone.

No one can see it in the operating system on that particular computer under normal "non-prying" condtitions...but...forensic methods can reveal it and if you put the drive in another system as a secondary its still possible to recover the information, especially if the operating system is different from the original. So yes, the original data is still there, its just obsured in some way but can still be recovered. But its also just as unlikely that this will ever happen unless youv'e done something illegal and get caught and the police examine the computer by sending it to a forensics lab, or a really bored or dedicated hacker gets physical access to the computer and knows what they are doing.

To have real true secure erase you just can't overwrite each byte because fragments can remain (especially on SSD's), and its possible to have a mirrored image of the file some where else you have no idea about if multiple saves of the file have been performed and the drive is fragmented (especially on systems that have automated restore capabilitites). To have secure erase, basically, you have to delete the file, overwrite the exact space that the file occupied originally plus any fragmented spaces it may have occupied in bits, then zero out the spaces the file occupied, then overwrite with random bytes, erase and zero out again then overwrite again then erase. And you have to do this for each and every space the file used or occupied and you also have to know where any mirrored files might have resided and do the same for those spaces as well. Then you have to re-index the drive. But even then its not really true secure file delete and its still possible to recover data.

Since the principals of magnetic media apply here also somewhat for normal hard drives, the trick is to force the file into the magnetic noise background so far that it becomes for practical purposes non-existant, and just hope no one ever diggs deep enough.

This is why where I work when we are finished with a drive, after doing all the above to it (the whole drive, not just individual files), we physically destroy the drive, most times by crushing in a compactor that places a few tons of pressure per square inch on the drive which essentially distorts the drive into an unrecognizable pancake sort of blob shape. Heat is also applied during the process to ensure metals are distorted. I personally do a few hundred of these drives each year, most of them brand new and less then a month old. There is also an actual shredder that will also render a drive into pieces 1/32 'nd of an inch but they are not in wide spread use really but a lot of agencies are looking at them I think, its a monster of a machine.

About the closest example I can give you without going into a whole lot of stuff is; If you remember cassette recorders, you might remember doing multiple recordings over previous recordings and then after a while that same tape has a certain lack of clarity in the sound recording. That certain lack of clarity was because of the magnetic noise (among other things like media degradation, white noise, etc...) left behind by all those other previous recordings seeping through in the current recording. That magnetic noise was mostly composed of the previous recordings that got erased or over written, it was never truely erased, can't be.

This is all very time consuming for just individual files. If your really concerned about security, its better to wipe the whole drive and overwrite, then wipe and overwrite again...etc...., and secure the system and drive and limit access, then when your finished with the drive destroy it. But this is not practical for normal user usage because we don't wipe the drives of our own individual computers every time we do something we want to keep from prying eyes.

For just the normal every day computer user, unless you have something that is just so sensitive that if it got discovered would cause some type of life altering detrimental or adverse action/reaction, if you simply remove the file contents first, save the file, then delete it, its unlikely that anything will ever be recovered by casual snooping. But if your concerned about more then casual snooping then you will need to destroy the whole drive to ensure the contents are never recovered as there is really nothing you can do that truely erases or deletes (at least for us mere mortals).

[SFSxOI]

If nine times is CIA proof, is it a "bit" overkill to use a product like Active@ Kill Disk with the Gutmann method (35 passes) to erase an HDD?

No, is not really CIA proof because its not NSA proof. The CIA resorts to the NSA for this stuff. So essentially the NSA can recover it for the CIA. There is no such thing as 'agency proof' security. The only hope is to completly destroy the media.

For casual use; overwriting drives a minumum of 20 passes is needed but 30 or more is recommended and in routine casual use is a sort of defacto standard but thats just for casual use. But were not talking about whole drives are we? I though we were talking about individual files. Anyway, Peter's method is good for casual secure file erase but its got an inherent weakness that needs to be paid attention to, its encoding method sensitive and his methods aren't based upon actual fact and are mostly theory as his references upon which he bases his methods are them selfs experimental in nature and he never examines the actual methods to reveal the information once his method has been used. In reality even after the Gutmann method is applied the information can still be recovered from the drive. This is why intelligence agencies and military forces destroy drives rather then any type of secure delete being used.

[Thorium]

I don't know about the CIA but in germany the police is lame. ^^
They even can't break the Windows directory encryption. I know one guy that get his computer back after a few month and they had nothing against him in there hands, because they could not get access to the files on the HD. There were just encrypted with the standart Windows encryption.

[srod]

I don't know about the CIA but in germany the police is lame. ^^
They even can't break the Windows directory encryption. I know one guy that get his computer back after a few month and they had nothing against him in there hands, because they could not get access to the files on the HD. There were just encrypted with the standart Windows encryption.

What were they looking for?

[talisman]

If nine times is CIA proof, is it a "bit" overkill to use a product like Active@ Kill Disk with the Gutmann method (35 passes) to erase an HDD?

No, is not really CIA proof because its not NSA proof. The CIA resorts to the NSA for this stuff. So essentially the NSA can recover it for the CIA. There is no such thing as 'agency proof' security. The only hope is to completly destroy the media.

For casual use; overwriting drives a minumum of 20 passes is needed but 30 or more is recommended and in routine casual use is a sort of defacto standard but thats just for casual use. But were not talking about whole drives are we? I though we were talking about individual files. Anyway, Peter's method is good for casual secure file erase but its got an inherent weakness that needs to be paid attention to, its encoding method sensitive and his methods aren't based upon actual fact and are mostly theory as his references upon which he bases his methods are them selfs experimental in nature and he never examines the actual methods to reveal the information once his method has been used. In reality even after the Gutmann method is applied the information can still be recovered from the drive. This is why intelligence agencies and military forces destroy drives rather then any type of secure delete being used.

Okey let me rephrase the question... After 35 passes of Gutmann, can YOU recover even a percentage of a complete HDD?

[Thorium]

I don't know about the CIA but in germany the police is lame. ^^
They even can't break the Windows directory encryption. I know one guy that get his computer back after a few month and they had nothing against him in there hands, because they could not get access to the files on the HD. There were just encrypted with the standart Windows encryption.

What were they looking for?

The usual: They were looking for illegal files such as movies and music. If you get caught on illegal file sharing you are in serious trouble in germany.

[SFSxOI]

If nine times is CIA proof, is it a "bit" overkill to use a product like Active@ Kill Disk with the Gutmann method (35 passes) to erase an HDD?

No, is not really CIA proof because its not NSA proof. The CIA resorts to the NSA for this stuff. So essentially the NSA can recover it for the CIA. There is no such thing as 'agency proof' security. The only hope is to completly destroy the media.

For casual use; overwriting drives a minumum of 20 passes is needed but 30 or more is recommended and in routine casual use is a sort of defacto standard but thats just for casual use. But were not talking about whole drives are we? I though we were talking about individual files. Anyway, Peter's method is good for casual secure file erase but its got an inherent weakness that needs to be paid attention to, its encoding method sensitive and his methods aren't based upon actual fact and are mostly theory as his references upon which he bases his methods are them selfs experimental in nature and he never examines the actual methods to reveal the information once his method has been used. In reality even after the Gutmann method is applied the information can still be recovered from the drive. This is why intelligence agencies and military forces destroy drives rather then any type of secure delete being used.

Okey let me rephrase the question... After 35 passes of Gutmann, can YOU recover even a percentage of a complete HDD?

The simple unqualified answer - yes. The complicated answer I won't go into. Let me say something about the Gutmann method, its a good method and theres nothing wrong with it. It serves its purpose. I may have given you the wrong impression with how i said what I said, but the Gutmann method, like any method is subject to the whims of technology in part and the various circumstances present in the environment of each individual system. If you design a method that works on your hard drives, thats no gurantee that it works on all hard drives, its only an indication that such a method is possible. The Gutmann method works, no doubt about it, but its like any package out there, not one of them is 100% effective. There is always something to recover after these packages are finished. The amount recoverable varies, but its not unknown in well equiped government computer forensic labs to be able to recover enough to account for close to 80% of what was originally on the hard drive, or piece enough together to infer with a certain probibility that certain things did indeed exist - enough to get convictions in court. If I were going to do something illegal involving a computer I sure would not use any of the packages out there as a means to escape detection of what I did, I would make sure the drive was completly destroyed. There is always a trace or trail from the simple MS Word doc (where your computer GUID or some identifying feature that identifies a specific computer is embedded in each document) to that one little bit thats not completly filled with a 1 or 0 (because when you write to the drive you don't fill a complete space.)

[utopiomania]

Just overwrite each byte with alternate zeroes and ones, not random data. This will ensure
that the magnetic particles are driven towards maximum magnetic saturation in each direction.

When the magnetic particles saturate, all previous data is lost.

[SFSxOI]

I don't know about the CIA but in germany the police is lame. ^^
They even can't break the Windows directory encryption. I know one guy that get his computer back after a few month and they had nothing against him in there hands, because they could not get access to the files on the HD. There were just encrypted with the standart Windows encryption.

Your kidding? They didn't know enough to put the windows drive in a lunux system as a secondary drive and use one of the forensic packages for Linux available to law enforcement agencies? WoW! The same is true for Linux systems, you can put a linux drive in a windows system as a secondary drive and use one of the forensic packages for windows. They read through everything and ignores the other operating systems encryption. In as little as 45 minutes they could have had a complete unencrypted copy of the offenders hard drive and read everything, and they had a few months and failed? wow oh wow.

[Thorium]

Your kidding? They didn't know enough to put the windows drive in a lunux system as a secondary drive and use one of the forensic packages for Linux available to law enforcement agencies? WoW! The same is true for Linux systems, you can put a linux drive in a windows system as a secondary drive and use one of the forensic packages for windows. They read through everything and ignores the other operating systems encryption. In as little as 45 minutes they could have had a complete unencrypted copy of the offenders hard drive and read everything, and they had a few months and failed? wow oh wow.

I am not kidding.
I know it sounds ridiculous and it is ridiculous but it's the truth. That realy happend.

[SFSxOI]

Oh I believe you, definately, but its one of the most basic steps and they missed it. Its not uncommon for a police department/agency to miss the obvious in computer forensics. Most are unprepared, under staffed in this area, under funded in this area, and poorely equiped in this area. Almost 80% of the worlds civilian police agencies are unprepared for this. The smart ones send it out to a computer forensics lab. That guy, if there was anything to find, was lucky they weren't smart about it.

[talisman]

Irrelevant to the discussion, but WHY did you do that SFSxOI?! WHY?!

Your kidding? They didn't know enough to put the windows drive in a lunux system as a secondary drive and use one of the forensic packages for Linux available to law enforcement agencies? WoW! The same is true for Linux systems, you can put a linux drive in a windows system as a secondary drive and use one of the forensic packages for windows. They read through everything and ignores the other operating systems encryption. In as little as 45 minutes they could have had a complete unencrypted copy of the offenders hard drive and read everything, and they had a few months and failed? wow oh wow.