Hey /g/, I'm not very tech inclined and I thought you might explain something to me. Sorry if this is considered shitposting here.
I get that when you delete something from a hard drive it's not really deleted, just that the space is made available for writing over. And I get that to scrub a hard drive you have to write over all this "free" space with nonsense so that nothing is recoverable. But I don't get why multiple passes are required to wipe a drive: why does one pass of writing bullshit over "deleted" data not make said data unrecoverable?
Thanks, but that didn't really say why multiple passes (like Gutmann method) is more thorough than 1 pass. Why is data overwritten once any more recoverable than if it has been overwritten any more?
Because on a magnetic hard drive traces of previous writes remain even after you run them over with something else. I'm guessing the head just isn't strong enough to not leave any trace because it isn't needed for normal storage.
Write something witn a pen on paper, try to erase it, write over it. With instrument you'll be able to see what was written in the first place...repeat process and it becomes harder and harder to find out what was written onto the paper. same shit with hdd
Btw what you are deleting is just a pointer to the data
heres my theory
imagine that switch A is 1 and switch B is 0
when you overwrite them to 0 it leaves remainders
so switch A is 0.02 and switch B is 0.00
if you had the equipment to measure the switch you could detect that switch A wasn't fully zeroed and had a little residual left over from its previous value due to rotational velocidensity
SSDs have different problems, they have parts that can't be accessed through normal means and data can remain hidden there. That's called over-provisioning and it's good to even out drive usage for example, it can make an overused area inaccessible so that another is use and even out drive usage. Also helps with buffering. Annoying part is that it can "protect" some of the data you wanted to delete and it stays there after overwrites, since that part can't be touched.
for SSD go read about flash memory...ssd are not physically writen, there are "cells" countaining electrons, they can be low (0) or high (1). A chain of that creates data...you can zero a ssd by setting all "cells" to low
One pass is enough, OP.
You might be on the right track, but your theory doesn't explain much.
Suppose you zero the drive by flipping any ones. If all points on the drive have some residual left, how do you know which bits used to be ones?
Oh, I don't need to wipe a drive or anything. Just curious. I thought he had answered it, but now you've opened it back up.
I thought this might have just been something that everyone who works with or is interested in computers knows. But is it something a bit more advanced than that?
And 1 pass is enough. Only foilers who think the evil gubmint can get clear pictures of their face from telescopes planted on the sun think you need more than 1.
read the Q&A .doc
One pass is sufficient with the proper algorithm, but for highly skilled adversaries multiple passes and physical destruction is the best. SEM microscopes and analysis techniques can find tons of shit, if the drive isn't encrypted then finding out the filesystem, filetypes and a lot of structured data is fairly trivial.
I tend to just throw a /dev/random walk to a drive considering my servers have a proper entropy gathering setup (can't disclose exactly what I'm using, but I have an Aranaeus Alea at home), I recommend a DBAN for most users though. Bleachbit is great for userland.
This is really close
The thing is, if you zero a drive, a lot of the "1s" that existed before be reversed with a simple drive analysis technique that flips the bits "back" to their original state, which is why "zeroing a drive" is pretty much a colloquialism now as zero walks aren't much use.
Check out Deft Linux and read up on AFFLIB if you want to learn more about forensics, I did a little bit of it on the side for some police departments in the area and it's a really fun and interesting field, DFIR is definitely growing.
DoD requires 3 passes on HDD storage because their adversaries are competent at digital forensics.
1 pass of a decent PRNG (Mersenne/ISAAC) is good enough for most users but there's absolutely no reason to not have parity with or go further than what the military believes is the minimum requirement if you have the time. This goes double if you're selling or giving storage equipment away.
>How does one actually "zero"/reset a ssd?
Do you need to use the SSD afterwards?
You can turn off TRIM and DBAN the fucker to brick it really easily, there's also some wear-leveling programs out there that will destroy an SSD in a fashion that makes it impossible to recover on MLC drives. I've seen malware that checks for TRIM on Win7, turns it off, then starts writing data to huge (NTFS hidden) files.
check out that paper
Multiple passes being necessary is a thing of the past.
This guy has a great analogy:
But today's drive densities are so high that one pass is sufficient. Obviously this doesn't apply to SSDs.
It is secure so long as it does what it really says it does.
Everything on an SSD is actually stored encrypted and it's transparently decrypted/encrypted when reading/writing with an internal key/password. The secure erase changes this key, so the data is still encrypted with a now non-existent password
if you're worried someone is gonna get your data after you've zero-written the drive just fucking open the disk and smash it to pieces, then burn it, or put it in a bucket or bleach or acid.
fucking christ nobody is going to spend the time or money to do data recovery on your hard drive unless you're the fucking president of the united states.
Are you talking about the Secure Erase program I just posted or SATA Secure Erase?
The SE I just posted is older but is still secure, SATA Secure Erase varies based on vendor implementation despite it being a standard.
I've had two Seagate drives go tits up after a firmware secure erase command has been sent to the board, a lot of times vendors fuck up because they think nobody uses it.
Secure Erase on SSD supposedly deletes the KEK mentioned in this post here >>45077379
I would trust the Secure Erase function on that drive as much as you trust Samsung to protect your data. There's no way you're going to be able to know if that key wasn't merely moved to another location on the drive for forensic recovery or what.
It's best to know what kind of data is sitting on the drive and treating the drive as a black box that simply writes and reads what you tell it to, using code that you can read rather than relying on sometimes very buggy low-level vendor commands is the better option in my mind.
If you don't worry about advanced adversaries and just want to stop the common thug who steals computers from copying down your gf's nude selfies then Samsung's SE will likely work. Shit, you may want to use both.
Try using the Samsung SE and then hit it with Deft 8's list of tools, if you can't find anything then you're likely good to go.
I always Verify > Trust.