[SOLVED] Does "securely" wiping hard-drives and solid-state drives absolutely ensure that all data is no longer retrievable?

Oxidane

Commendable
Apr 19, 2021
63
1
1,535
Let's say I perform some form of secure wipe on my drives and then sell them off to some random stranger.

But let's say this stranger actually has unlimited skills and resources. In addition, he is a predator who is looking to steal extremely important data that I would not want anyone to have (I did not know about his intentions when selling him my drives). Would he be able to retrieve any form of data from my drives even after "securely" wiping them?

Just to make it clear, this is all a hypothetical scenario.

In essence, is any data truly unrecoverable? No matter what kind of measures you take to wipe this data, couldn't it be recovered by someone with the right amount of desire, resources, and skills?

I'm not sure if it is worth selling my drives (I probably won't get much in return anyway). Should I just destroy them?

If it is actually possible to securely wipe a drive without damaging it (making the data ultimately unrecoverable), how would I go about doing so?
 
Solution
There are various tools for drive wiping that will take it beyond THOSE tools ability to retrieve, which is what most people would have access to. This is either writing all zeros or random data to a drive to erase anything retrievable by a computer and a software tool. Sometimes multiple times.

DBan is an old favorite. Eraser (also lets you look at un-erased data). Disk wipe...etc.

Unlimited resources? I imagine if you took a drive under an electron microscope you could maybe guess on what data was there, run it through some algorithms and and try to detect the CRC and reconstruct it that way. At least for a hard drive. Flash drives would be a little more complicated, but there would be readable wear on the flash cells. I think the...

Eximo

Titan
Ambassador
There are various tools for drive wiping that will take it beyond THOSE tools ability to retrieve, which is what most people would have access to. This is either writing all zeros or random data to a drive to erase anything retrievable by a computer and a software tool. Sometimes multiple times.

DBan is an old favorite. Eraser (also lets you look at un-erased data). Disk wipe...etc.

Unlimited resources? I imagine if you took a drive under an electron microscope you could maybe guess on what data was there, run it through some algorithms and and try to detect the CRC and reconstruct it that way. At least for a hard drive. Flash drives would be a little more complicated, but there would be readable wear on the flash cells. I think the newer the drive ie, TLC or QLC the harder it would be to reconstruct.
 
Solution
But let's say this stranger actually has unlimited skills and resources. In addition, he is a predator who is looking to steal extremely important data that I would not want anyone to have (I did not know about his intentions when selling him my drives). Would he be able to retrieve any form of data from my drives even after "securely" wiping them?
The answer to this question with the condition of "unlimited skills and resources" should always be assumed to be "yes." Let's spin it around and ask "can someone with unlimited skills and resources crack this AES gajillion encryption?" The answer is yes.

There are limitations to software techniques, especially on flash memory based devices or hard drives that have sectors marked as bad. If you are absolutely paranoid about someone trying to steal your data, you should physically destroy the media. But in all honesty, unless you're someone who's rich, famous, or in a position of power, a secure erase is enough.
 
  • Like
Reactions: 4745454b

InvalidError

Titan
Moderator
If you enabled full-drive encryption on a SSD or HDD, then secure-erasing the drive requires little more than resetting the encryption key by starting a full-erase. Then the only way to recover data is to brute-force the encryption to re-create the key from encrypted data that has been greatly compromised by the full-erase.
 
Let's say I perform some form of secure wipe on my drives and then sell them off to some random stranger.

But let's say this stranger actually has unlimited skills and resources. In addition, he is a predator who is looking to steal extremely important data that I would not want anyone to have (I did not know about his intentions when selling him my drives). Would he be able to retrieve any form of data from my drives even after "securely" wiping them?

Just to make it clear, this is all a hypothetical scenario.

In essence, is any data truly unrecoverable? No matter what kind of measures you take to wipe this data, couldn't it be recovered by someone with the right amount of desire, resources, and skills?

I'm not sure if it is worth selling my drives (I probably won't get much in return anyway). Should I just destroy them?

If it is actually possible to securely wipe a drive without damaging it (making the data ultimately unrecoverable), how would I go about doing so?
If this stranger happens to be the NSA then all bets are off.
If the data on these drives is that important you destroy them.
Industrial grinder/shredder and scatter the pieces to the wind.
 

carocuore

Respectable
Jan 24, 2021
392
95
1,840
Let's say an spy doesn't wants the intel he gathered on the enemy to be found.

He could sort of erase the data by making tons of rewrites to the drive by feeding it random data (not just ones and zeroes), that would take time though..

Our spy has a desktop computer at his safe house, it should be rigged to prevent it from falling onto enemy hands, I'd say some thermite (stuff used to weld rails) would do the trick to physically destroy the drive.

Remember the curse of the mirror, if our hypothetical spy had copies of the data or has shared it with someone else the chances of failing increase as he's not in control of it anymore therefore he can't get to destroy it. This is a fancy way of telling you if some data is important to you never, under any circumstances upload it to the internet, file hosting servers can and will share anything with whatever agency you could imagine.
 
Let's say I perform some form of secure wipe on my drives and then sell them off to some random stranger.

But let's say this stranger actually has unlimited skills and resources. In addition, he is a predator who is looking to steal extremely important data that I would not want anyone to have (I did not know about his intentions when selling him my drives). Would he be able to retrieve any form of data from my drives even after "securely" wiping them?

Just to make it clear, this is all a hypothetical scenario.

In essence, is any data truly unrecoverable? No matter what kind of measures you take to wipe this data, couldn't it be recovered by someone with the right amount of desire, resources, and skills?

I'm not sure if it is worth selling my drives (I probably won't get much in return anyway). Should I just destroy them?

If it is actually possible to securely wipe a drive without damaging it (making the data ultimately unrecoverable), how would I go about doing so?


There are plenty of freeware apps available that will both delete the partition tables on a drive as well as perform 3 or more random overwrites of the drive...once that's done it's exceedingly unlikely any usable file could ever be recovered regardless of what tools someone has at their disposal.

But yeah...as others have already implied...it's hard to beat something too much with an actual hammer when data security is an issue.
 
Last edited:

InvalidError

Titan
Moderator
If you are absolutely paranoid about data being recovered from a drive, nothing beats beating the heck out of the drive with a sledge hammer or shoving it through a metal shredder.

For some government agencies, shredding is the only approved drive retirement method.
 
SMR HDDs have a CMR "media cache". AIUI, this area is TRIM-ed when the corresponding LBAs are overwritten, so the data is still there, but it can only be accessed with vendor specific commands (VSCs). I would hope that an ATA Secure Erase or Enhanced Secure Erase would clear the cache, but HDD manufacturers are not known for their robust security.
 

g-unit1111

Titan
Moderator
If you are absolutely paranoid about data being recovered from a drive, nothing beats beating the heck out of the drive with a sledge hammer or shoving it through a metal shredder.

For some government agencies, shredding is the only approved drive retirement method.

Yeah you could always go the Office Space route, LOL.

giphy.gif
 
  • Like
Reactions: Corwin65