Thread replies: 34
Thread images: 2
Thread images: 2
File: 82979f[1].jpg (88KB, 634x498px) Image search:
[Google]
![82979f[1].jpg](https://i.imgur.com/dcJ7LCl.jpg "82979f[1]")
88KB, 634x498px
Hey /g/, I'm not very tech inclined and I thought you might explain something to me. Sorry if this is considered shitposting here.
I get that when you delete something from a hard drive it's not really deleted, just that the space is made available for writing over. And I get that to scrub a hard drive you have to write over all this "free" space with nonsense so that nothing is recoverable. But I don't get why multiple passes are required to wipe a drive: why does one pass of writing bullshit over "deleted" data not make said data unrecoverable?
Thanks.
>>
>>45076682
> why does one pass of writing bullshit over "deleted" data not make said data unrecoverable?
It does. You need a lot of equipment, time and money to recover that data.
>>
>>45076724
But why do multiple passes make it harder? Why isn't once over and it's gone forever?
>>
>>45076832
https://en.wikipedia.org/wiki/Data_recovery#Overwritten_data
>>
>>45076870
Thanks, but that didn't really say why multiple passes (like Gutmann method) is more thorough than 1 pass. Why is data overwritten once any more recoverable than if it has been overwritten any more?
>>
>>45076905
Because on a magnetic hard drive traces of previous writes remain even after you run them over with something else. I'm guessing the head just isn't strong enough to not leave any trace because it isn't needed for normal storage.
>>
Write something witn a pen on paper, try to erase it, write over it. With instrument you'll be able to see what was written in the first place...repeat process and it becomes harder and harder to find out what was written onto the paper. same shit with hdd
Btw what you are deleting is just a pointer to the data
>>
>>45076942
Oh, okay. What about an SSD?
>>
>>45076905
heres my theory
imagine that switch A is 1 and switch B is 0
when you overwrite them to 0 it leaves remainders
so switch A is 0.02 and switch B is 0.00
if you had the equipment to measure the switch you could detect that switch A wasn't fully zeroed and had a little residual left over from its previous value due to rotational velocidensity
>>
>>45076962
SSDs have different problems, they have parts that can't be accessed through normal means and data can remain hidden there. That's called over-provisioning and it's good to even out drive usage for example, it can make an overused area inaccessible so that another is use and even out drive usage. Also helps with buffering. Annoying part is that it can "protect" some of the data you wanted to delete and it stays there after overwrites, since that part can't be touched.
>>
>>45076984
That makes sense. I had it in my head that it's either 0 or 1, no inbetween. But they do use a physical storage mechanism.
>>
for SSD go read about flash memory...ssd are not physically writen, there are "cells" countaining electrons, they can be low (0) or high (1). A chain of that creates data...you can zero a ssd by setting all "cells" to low
>>
One pass is enough, OP.
>>45076984
You might be on the right track, but your theory doesn't explain much.
Suppose you zero the drive by flipping any ones. If all points on the drive have some residual left, how do you know which bits used to be ones?
>>
>>45076682
1 pass is enough. You don't have nuclear launch codes on your fucking HDD so no one will spend thousands or tens of thousands of dollars getting that shit back.
>>
>>45077079
Oh, I don't need to wipe a drive or anything. Just curious. I thought he had answered it, but now you've opened it back up.
I thought this might have just been something that everyone who works with or is interested in computers knows. But is it something a bit more advanced than that?
>>
>>45077096
I'm not wiping a drive. Just discussing technology. I thought /g/ wasn't personal tech support even if I did need to scrub a hard drive, though...
>>
>>45077112
>discussing technology
And 1 pass is enough. Only foilers who think the evil gubmint can get clear pictures of their face from telescopes planted on the sun think you need more than 1.
>>
>>45076832
http://cmrr.ucsd.edu/people/Hughes/secure-erase.html
read the Q&A .doc
One pass is sufficient with the proper algorithm, but for highly skilled adversaries multiple passes and physical destruction is the best. SEM microscopes and analysis techniques can find tons of shit, if the drive isn't encrypted then finding out the filesystem, filetypes and a lot of structured data is fairly trivial.
I tend to just throw a /dev/random walk to a drive considering my servers have a proper entropy gathering setup (can't disclose exactly what I'm using, but I have an Aranaeus Alea at home), I recommend a DBAN for most users though. Bleachbit is great for userland.
>>45076984
This is really close
The thing is, if you zero a drive, a lot of the "1s" that existed before be reversed with a simple drive analysis technique that flips the bits "back" to their original state, which is why "zeroing a drive" is pretty much a colloquialism now as zero walks aren't much use.
Check out Deft Linux and read up on AFFLIB if you want to learn more about forensics, I did a little bit of it on the side for some police departments in the area and it's a really fun and interesting field, DFIR is definitely growing.
>>
How does one actually "zero"/reset a ssd? Is there a tool like dban or do you just reformat it?
>>
>>45077144
>foilers
DoD requires 3 passes on HDD storage because their adversaries are competent at digital forensics.
1 pass of a decent PRNG (Mersenne/ISAAC) is good enough for most users but there's absolutely no reason to not have parity with or go further than what the military believes is the minimum requirement if you have the time. This goes double if you're selling or giving storage equipment away.
>>45077199
>How does one actually "zero"/reset a ssd?
Do you need to use the SSD afterwards?
You can turn off TRIM and DBAN the fucker to brick it really easily, there's also some wear-leveling programs out there that will destroy an SSD in a fashion that makes it impossible to recover on MLC drives. I've seen malware that checks for TRIM on Win7, turns it off, then starts writing data to huge (NTFS hidden) files.
http://researchrepository.murdoch.edu.au/3714/1/solid_state_drives.pdf
check out that paper
>>
>>45077250
What about "secure erase" Is it really secure?
>>
>>45076984
>rotational velocidensity
this is bait right?
>>
>>45077314
https://encyclopediadramatica.se/Flac#FLAC_Copypasta
>>
>>45076682
Multiple passes being necessary is a thing of the past.
This guy has a great analogy:
>>45076957
But today's drive densities are so high that one pass is sufficient. Obviously this doesn't apply to SSDs.
>>
>>45077314
yeah the unit is ((pi*s)/m).
>>
I have a semi-related question to anybody ITT;
What is the actual name for the "place" where the fragments of data are stored on a HDD platter?
>>
>>45077277
It is secure so long as it does what it really says it does.
Everything on an SSD is actually stored encrypted and it's transparently decrypted/encrypted when reading/writing with an internal key/password. The secure erase changes this key, so the data is still encrypted with a now non-existent password
>>
File: 1342471104323.jpg (54KB, 250x250px) Image search:
[Google]
54KB, 250x250px
if you're worried someone is gonna get your data after you've zero-written the drive just fucking open the disk and smash it to pieces, then burn it, or put it in a bucket or bleach or acid.
fucking christ nobody is going to spend the time or money to do data recovery on your hard drive unless you're the fucking president of the united states.
>>
>>45077277
Are you talking about the Secure Erase program I just posted or SATA Secure Erase?
The SE I just posted is older but is still secure, SATA Secure Erase varies based on vendor implementation despite it being a standard.
I've had two Seagate drives go tits up after a firmware secure erase command has been sent to the board, a lot of times vendors fuck up because they think nobody uses it.
>>
>>45077379
Not all solid state storage drives do this, it's best to assume that all data-at-rest is unencrypted and can be recovered trivially with physical access.
>>
>>45077425
Oh, no. On my Samsung drive there's a secure erase option which apparently all SSD drives have. I was wondering if it actually is as secure as the name claims it to be.
>>
>>45077450
Secure Erase on SSD supposedly deletes the KEK mentioned in this post here >>45077379
I would trust the Secure Erase function on that drive as much as you trust Samsung to protect your data. There's no way you're going to be able to know if that key wasn't merely moved to another location on the drive for forensic recovery or what.
It's best to know what kind of data is sitting on the drive and treating the drive as a black box that simply writes and reads what you tell it to, using code that you can read rather than relying on sometimes very buggy low-level vendor commands is the better option in my mind.
If you don't worry about advanced adversaries and just want to stop the common thug who steals computers from copying down your gf's nude selfies then Samsung's SE will likely work. Shit, you may want to use both.
Try using the Samsung SE and then hit it with Deft 8's list of tools, if you can't find anything then you're likely good to go.
I always Verify > Trust.
>>
>>45077390
Read >>45077102
>>45077112
Why even post?
>>
>>45077604
We're having an intelligent discussion about storage technology for once...go back to your fucking battlestation thread
Thread posts: 34
Thread images: 2
Thread images: 2