SoylentNews is people
SoylentNews
I once read in a news article (can't find it now... sorry) that apparently if you overwrite data with other data on a hard drive that the previous data is unrecoverable. So, would overwriting the entire hard drive with cat videos be just as effective as all these other "professional" security protocols that are used?
janrinok: Data erasure is important when you want to prevent anyone from recovering whatever was written on the storage device in the first instance. But there are many potential problems including just how secure does the erasure have to be, what hardware is controlling the reading and writing to the disk, are you attempting to delete data on a spinning rust device, a more modern SSD , or a thumb drive, and who are you trying to prevent from reading the data? If you are just trying to prevent a regular Joe Soap from reading what you once securely stored on a hard drive then simple overwriting might be enough. However, if you are concerned that law enforcement or a government agency might be interested in the drive's contents then you will have to take more stringent precautions. Ultimately, many of the highest classifications of data can only be securely erased by full degaussing or the physical destruction of the device. The link details the various standards that are deemed as acceptable to securely erase data to meet specific documented requirements.
Presumably, if you are worried that someone might have access to your data then you have already taken the precautions of encrypting it. However, poor encryption is worse than no encryption at all - at least with the latter you know that your data is vulnerable. With a weak encryption you might incorrectly believe that your data is secure when, in truth, it is not. This might result in you taking risks that you wouldn't otherwise take with the physical protection of the drive itself. The military and government agencies often insist that drives are secured in an approved security container when not actually in use to prevent anyone actually getting to the data in the first instance. If at home you simply leave your drive in the computer or lying around in plain view then anyone entering your home can steal it. How much protection you need to give depends upon the value of the data to you and how much you need to ensure that no-one else can get to it.
Many proprietary encryption programs use an 'in-house' encryption scheme in the incorrect belief that it is more secure than the recognised encryption methods that have been rigorously tested and mathematically proven. Other systems might have back-doors or make the decryption algorithms available to LE or government agencies. I personally would strongly recommend against using these encryption systems because they might only be giving you a false sense of security. However, if your data is already encrypted with a recognised encryption system with a strong pass phrase and salt then you are well on your way to preventing anyone from ever getting access to the data even if they have the drive in their possession. Note that encryption that is 'unbreakable' today might not remain so with advances in computing and perhaps the discovery of encryption flaws. Essentially, if it is considered good enough for the military and government agencies then it is probably sufficient for your needs.
It is important to realise that, any time your data is inside your computer and viewable, then any encryption is already defeated. If you have valuable data that is protected by nothing more than a computer in hibernation then anyone who can awaken the computer has full access to the data.
So now we finally get to the question that the submitter asked. How secure is overwriting as a method of data deletion? If the data is already securely encrypted then perhaps no further action is required, or simply overwriting it with cat videos will probably be enough to prevent anyone but the most determined attacker from ever reading the data. It will certainly be enough to stop the vast majority of people from getting anything useful from the disk drive. If you believe that the data on the drive must never be recovered by anyone else then the physical destruction of the drive might be warranted. The actual requirement probably lies between those 2 extremes. Only you know the value of the data on the disk drive and how important it is that it is not disclosed.
I now invite everyone to contribute their own experiences, tips and advice regarding data erasure....
(Score: 2) by Runaway1956 on Wednesday April 18 2018, @01:58AM (4 children)
It doesn't much matter what data you are using to fill a hard drive. Cat videos, porn, random numbers - data is data.
But, it isn't just the data, either. You've got to get the boot sector and the file tables. Everything that logs what the data was has got to go. I'm partial to *nix's dd command. It's great. Fill the drive with random numbers, from beginning to end. Then fill the drive with zero's. Fill it again with one's. One more pass with random numbers. There might be SOMETHING left, but it's useless.
Okay, you've basically got an "empty" disk. Format it, preferably with a different file system than you erased. NOW fill it up with whatever data you have chosen to fill it with. Cat videos are alright, no one cares. Fill it full. When the copy utility complains that it has run out of room in which to write files, you've probably got it full.
Final step? Install an OS onto the hard drive. You really want to change the file system being used again, to be sure that your boot sector and file tables are positively over written. It helps, at this point, if you partition the drive into several partitions. When the OS finishes installing, you can then fill each and every partition with meaningless data.
Ain't no one recovering from all of that.
OR - you can use any of the professional quality disk wiping programs.
The biggest mistake made by the uninitiated, is believing that a delete is really a delete. Or, that a format actually removes everything. None of the common tools on a Windows OS actually removes any data. Moving something to trash erases absolutely nothing - it only changes some flags in the file table. Emptying the trash bin still erases nothing - again the flags have been changed to allow over writing of those sectors. If, and when, those sectors on disk are written to, THEN the data disappears, IF there aren't backups or caches of the data.
And, Windows records all kinds of crap, making logs endlessly, backups, cached copies, etc ad nauseum.
Thank God for Unix-like operating system. Usually, when you delete something on a Unix-like, you won't see that data again.
(Score: 2) by HiThere on Wednesday April 18 2018, @03:52AM (2 children)
It does matter. Cat videos are less suspicious.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 0) by Anonymous Coward on Wednesday April 18 2018, @05:06AM (1 child)
Because everyone and their dog have terabytes of cat videos on their disks and nothing else.
(Score: 2) by Dr Spin on Wednesday April 18 2018, @07:45AM
You have been watching Youtube, haven't you?
Warning: Opening your mouth may invalidate your brain!
(Score: 2, Funny) by anubi on Wednesday April 18 2018, @05:18AM
It can take a long time to do it magnetically. If I had a stack of these, I would be tempted to open 'em all up, remove the disks, hand the drives to some high school kid who likes to play with magnets, take the disks to the sidewalk and scuff away as I do a little dance on them. Or hire some teenager to do it while I watched - as most teens can outdance me by an order of magnitude.
But the last part is mostly for theatrics. It gives the ones who wanted me to do this the evidence I did what they told me to do when I bring them back a box of disks mechanically eroded beyond recognition. Sometimes, one may need this if only for a good night's sleep knowing its done. Peace-of-mind thing. Just like I am not happy seeing a rattle snake crawling back under the barn when I know I must have dealt it a fatal blow... I want to see dead snake, preferably decapitated.
Below offtopic, but I get a chuckle every time I think of it.
( Brings back to memory a little morning episode at Chevron's Pascagoula Oil Refinery... about 40 years ago. Coming to work one morning, we discover this big rattlesnake coiled up on the handrail into our engineering building. We raise a ruckus, and an electrician passes by with his conduit bending hickey... he swings it at the snake, severing its head from the rest of it as neatly as you would wish. Once the hubbub died down, we picked what was left of the snake and put him in the trash.
Over the course of the day, we forgot about the snake. We continued to fill the trash cans as usual, with all sorts of office rubbish, like wads of paper and coffee cups...
Come about 6:30 and the night cleaning crew, mostly ladies, swarmed the buildings.
And there was this terrible scream, as the snake was re-discovered, as what was at the bottom of the trash can was now on top of their trash gondola. It took several weeks before the ladies wanted to have anything to do with the trash cans.. ).
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]