Does zero filling a HDD really delete all data on it?

[SomeJoe7777]

Writing over it with 0's once can still be recovered, even with some of the tools available to normal users now. It may be fractured, and unsorted, but you can still get info back.

This is not true. If you use a program that overwrites every sector of the HD with zeros, no program will be able to recover anything through the HD interface. The only way to recover information off of a HD after a full overwrite would be to take the HD apart in a lab and use an electron microscope or microprobing techniques to reconstruct the data.

Your reference to the article at CNet is a prime example of many people talking who don't know what they're talking about. The original poster in that article used an overwrite program that only overwrote the file contents, but didn't overwrite the directory information on the drive. That's not a fault of the philosophy of erasure, that's just a poor erasing program.

Good erasing programs erase every sector of the disk. Programs like Darik's Boot and Nuke or Active@ Killdisk. If you erase a hard drive with one of those, no software will recover your data, period.

Different erasure methods can offer security from different kinds of government recovery techniques. A simple zero-fill (one pass) will be enough to make sure that no software can recover anything, but the CIA/NSA can take the drive apart in their labs and recover from a zero-fill pretty easily. With more overwrites, it becomes harder. The DoD 5220.22-M compliant method involves 3 overwrites - once with a fixed value, again with the bitwire complement of that value, and a 3rd time with random data. The US Government approves of the 5220.22-M method to erase classified data up to the secret level. This should tell you how difficult it becomes to retrieve data after multiple complementary overwrites.

An extended DoD 5220.22-M method involves doing that 3-pass overwrite method twice, with another pass of random data in between, for a total of 7 overwrites.

The Guttman method, which involves 35 passes, is generally regarded as so safe, it's equivalent to destroying the drive. However, no one knows this for sure, because if a government agency were able to recover data that was erased with Guttman, they sure wouldn't tell anyone. 😉

 

[cyberjock]

SomeJoe7777 is right. If the hard drive interface was capable of reading the 'overwritten' data, then the actual data would be corrupt. It is impossible for the interface to be capable of reading the 'overwritten' data.

Think about this too...

If you overwrite a zero with a zero, how is the interface supposed to know that the zero was overwritten with another zero? This is why engineers and serious technology has to come into play. They have to watch for the shifting of the data and attempt to asertain the slip of the data over time and then read the data before the slip.

 

[JeanLuc]

If your running Windows 2000 or XP Pro a free way to do is to select the folders you want to be deleted, right click on it go to properties>General Tab>Advanced>Tick Encrypt data then delete the folder.

 

[NuclearShadow]

If I ever felt that I needed to do such a thing I would simply trick the ones who have something against me. Its very doubtful that they currently know your serial number on your hard drive. Buy the same exact one you have now and switch them. Install windows on it and a few other programs that any normal computer users use. This way they simply think you reformatted your hard drive and the data they desire is still somewhere on it. Which they will find to be a impossible task and would help to "prove" you to be innocent.

Now for your old hard drive this is up to you... you could hide it... you could give it to a trusted friend. or you could drop it to the bottom of the ocean if you really want. Guess it matters how important the data really is to you.

I don't want to know what is on your hard drive nor do I care. But if its something very bad and you know your currently being suspected of it then I advise you literally destroy it in a non populated area like in the woods and then bury it in several different places. Or if you came across something that isn't really bad but others simply don't want you to share then just release it on the internet somewhere other than your house (someone elses wireless internet connection on your laptop would be great) then repeat the destroy step above right after.

 

[bobbknight]

One pound of thermite ignited on top of the hard drive will make the data completely non recoverable.
All other means of data wipe can be circumvented with time, PGP data encryption works better, but not as good as thermite.

 

[jaguarskx]

For hard drives that I simply want to replace (ie throw away), I simply smash the hell out of it with a hammer several times leaving deep dents in the casing itself. I also destroy the circuit board as well and rip away the ribbon connecting the circuit board to the hard drive on the underside.

Great way to relieve stress while playing around with a hammer.

 

[Powerdog_69er]

Thank God for people like ... "SomeJoe7777" and "smitten" ...who actually know what they are talking about... and are giving good, sound advice.

To the rest of you... thank you for giving forums like this a good place for humor... everytime I need a good laugh... I come in here and read responses like these...I really can not stop laughing

No.
The more times you do this the harder it is to retrieve the data.

If you do this a couple of times, you should be relatively safe.
However, the Gov't if it really wants to can do amazing things to get at the data.

Most ordinary hackers will not get past the 0 wiping.

LOLOLOLOL... oh my god ... LOLOLOLO... you are just to much!!!... what three, maybe four years of college... I can definately tell... LOLOLOLOLOLOL

Absolute best way is zero fill several times and deep six it somewhere... but zero filling takes a long friggin time. 😴

LOLOLOLOL... wait... lets do it a few more times ... just to make sure....LOLOLOLOLOL!!!

Please keep it up guys... way to funny!!!!

But to get serious with you...

.....

I'm sorry... I can't...

I'm still laughing way to much!!!

LOLOLOLOLOLOL

I'm going to go read some more of the "Funnies"... whoops...I'm sorry... I meant Forums in here at "Tom's Hardware".

LOLOLOLOLOL

"hiccup"

 

[aziraphale]

Nice and productive contribution doggy. Talking about being a college boy?

 

[thuan]

If you mean totally as in absolutely impossible to recover any data then the only way is to utterly destroy the drive. By either throw it into the gate of Oblivion, shove it into the Maledict's mouth or blast it with a BFG.



Ehem was joking, do what atomic said.

 

[zenmaster]

Nice and productive contribution doggy. Talking about being a college boy?

PowerDOg really has no clue.
I don't think he knows that there are people with high-end data recovery equipment that can over-come zero-filled drives. Much like the data-recovery services to which you can send drives.

Now, what would be the point of some of hackers putting all this effort into data recovery?
Identity Theft. Stolen Passowrds. Account Information.

A single home user's HDD could be worth $10,000s and very easily $100,000s to one of the many professional organizations which are involved in such high-end criminal activity.

They often scour eBay and other places to try and find just such drives.

I recall listing on Laptop on eBay w/o a HDD because it died.

I was PM'd by multiple folks offering me more money for the dead HDD than a new one would have cost.

I wonder if the poster has such a high Zero-Filling requirement?
I wonder if he knows most large corporations have such requirements?

Or perhaps the poster is a Jr. High School kid who does not have anything more secret than his WoW account.
Or perhaps somebody who does not have any idea what is really hidden on his HDD.

 

[SomeJoe7777]

If you mean totally as in absolutely impossible to recover any data then the only way is to utterly destroy the drive.

That is correct. That's also why any overwrite method is not approved by the US Government for destroying Top Secret data. The drive must be destroyed physically.

You have to keep in mind that the protection you need to keep something secret is in direct proportion to the importance and/or time sensitivity of the data. For example, let's say the army has some information about combat tactical plans stored on a hard drive. But the plans it's talking about are going to happen in 4 hours. Well, what erasure method is good enough if you need to keep that data out of enemy hands? The answer is any method that would take the enemy longer than 4 hours to recover. A simple zero fill would suffice here, because the enemy couldn't get the hard drive into the lab and get the data reconstructed within 4 hours.

As far as importance, whatever information you have stored on your hard drive that you might want to keep secret (financial records, e-mails detailing the affair with your secret girlfriend, your MP3 collection, the pr0n collection, etc.) ... that information is likely not important enough for any government agency to bother taking your hard drive to the lab for recovery. It's much easier to get evidence against you from other sources. If the authorities were going to prosecute you for music sharing, for example, they don't need your MP3 collection. All they need to do is contact your ISP and get a record of all the torrents you've been connecting to and that will be totally sufficient in court. The fact that you erased your hard drive just incriminates you further by proving that you had something to hide.

In this day and age, records that detail your every move are stored somewhere that you don't control. The ISP has a wealth of information regarding your connection times, inbound and outbound connections, etc. The search engines have a record of all your searches. The e-mail servers have a record of every e-mail. The banks have a record of every transaction. And on top of this, the government is piping all Internet traffic through filters that are looking for terrorist activity, with the help of the ISPs. Those filters have a detailed record of everything. Believe me, if you are doing something illegal on your computer, there's enough evidence out there to prosecute you for it, and erasing your hard drive won't make a damn bit of difference.

Do yourself a favor - if you don't want to be in trouble, then stop doing illegal things. The authorities are slow to awaken, but once you've piqued their interest, you're phuqued. Darik's Boot and Nuke isn't going to save you, and in all likelihood, neither is your court-appointed lawyer. Believe me, the defendant's chair is an unhappy place to be.

 

[whysoserious]

Right click and delete should do it. Also don't forget to empty your recycle bin. If you are a truly paranoid ah heck then blow the damn thing up. Hire a tank or something. Or just scratch your monitor. When the cops are looking through it. They won't be able to see anything. Epic win.