EEVblog Electronics Community Forum
General => General Technical Chat => Topic started by: sony mavica on February 27, 2018, 02:01:04 am
-
i used an program called Recuva was just interested to see what it would find on my pc
i use this pc every day and have downloaded and copy stuff to the hdd a lot so was shocked to see it recovered files i had deleted back in 2014
i was able to get some videos and pics i thought where lost forever back :) have since backed these up
but wanted to know as i might be selling this pc but want to keep the games i have installed on it so don't wanna reinstall windows is there a way to recover files then permanently delete them so the new owner cant recover them?
-
but wanted to know as i might be selling this pc but want to keep the games i have installed on it so don't wanna reinstall windows is there a way to recover files then permanently delete them so the new owner cant recover them?
The ideal method is to sell the PC without the hard disk (that way, there is no possible way anyone can recovery anything).
However, if you wanted to sell it with the disk, use something like DBAN (https://dban.org) to write random data over the entirety of the disk. This will prevent almost all users from being able to recover anything. (I say "almost" because despite being overwritten, it is possible with some sophisticated equipment for government and industry professionals to recover some data from disks). You can also use a tool like Active@ KillDisk (http://www.killdisk.com) to overwrite the unallocated space on your drive (i.e.: keep the files already on the file system intact, but wipe the "empty" space).
Most operating systems, when data is "deleted", it's not actually removed from the disk or overwritten, rather the space being occupied by those files is just marked as "free" to be reused at a later time. The same goes for your mobile phones (Android and Apple included), it is possible to recover some deleted data depending on the circumstances. This is why I never ever sell an old phone, even if it has been "factory reset".
Data security is a huge issue, especially for corporate and government customers. This is why most companies and almost every single Government organisation never sell or return their hard disks to anyone on the outside. Anything containing potentially sensitive or protected data is degaussed and/or crushed/shredded beyond recognition. Same goes for photocopiers or any other appliance which contains memory or a hard disk drive.
-
The free version of CCleaner includes a drive wipe function among its tools. It will do whole drive or just free space, anything from single overwrite right up to 35 overwrites.
-
dban on a usb pen, boot from it.
ubuntu live boot, do 11 laps on your hdd/ssd writing /dev/random
-
ubuntu live boot, do 11 laps on your hdd/ssd writing /dev/random
Why the fuck are people still posting this witchcraft bullshit? One write end to end is _all_ you need and has been since hard disks moved away from stepper motor actuators.
SSDs need to be Secure Erased. An overwipe is not guaranteed to make sure it's all gone.
-
Because people on this forum wear thin hats.
I would go the extra mile and just smash the HDD and grab a new one.
-
With the right equipment it is possible to recover the previous data from a single pass overwrite on magnetic media with a moderate degree of certainty. To do so, one needs to tap the analog signal from the read heads and look for amplitude variations due to remnant magnetisation from the previous state after the mean level of the current state (as determined by a normal digital read) has been subtracted. It needs specialised equipment and probably a clean room but can be done at a price. However, walk the flux right round the hysteresis loop and then randomise the final state and the previous data becomes unrecoverable. N.B. on drives that don't have a secure erase function, some data may remain on sectors that have been marked as failing and reallocated by the on-drive controller. Reading such sectors at the very least requires hacking the drive firmware, and may require specialised equipment and a clean room. The main barrier is the cost, and also, for those with criminal intent, contracting for such services without compromising their own identity.
Unless you have data on the drive that a three letter government agency would be interested in, or that's commercially/financially sensitive and worth over $100K, or you are a person of interest to the media, DBAN's default three pass DoD Short method is good enough for spinning rust drives or secure erase for SSDs.
Make sure you've got the key codes/numbers for any software you intend to transfer the licence of with the machine and do a full reinstall of OS and any applications, before wiping any electronic copy of the keys you may still hold on any other machine or media. Its extra hassle but if you want to maximise the resale value by selling it as a working Windows PC, (without giving away your bank codes), you don't have any other option.
Failed drives should be physically destroyed.
Drives with highly sensitive data should be physically destroyed, and unless the platter surfaces are degaussed or physically eradicated, the remains should be incinerated at a high temperature. Flash chips can simply be chiselled off and pulverised.
-
With the right equipment it is possible to recover the previous data from a single pass overwrite on magnetic media with a moderate degree of certainty. To do so, one needs to tap the analog signal from the read heads and look for amplitude variations due to remnant magnetisation from the previous state after the mean level of the current state (as determined by a normal digital read) has been subtracted.
That was theoretically achievable many years ago ( and last demonstrated many years before that ) but hasn't been vaguely plausible in at least the last 10 years with the constant improvements in platter density. Heck, drives have enough trouble not overwriting adjacent tracks wen performing a normal write.
-
That's the popular and public current opinion from those that publish in the field, but would you bet on that for highly sensitive data, as there is considerable pressure from three letter agencies not to compromise the techniques they *may* be using? Even a 10% error rate in recovered data could still be useful to such agencies.
Although a single pass wipe is probably good enough for most of us, IMHO a three pass wipe isn't excessively paranoid.
-
That's the popular and public current opinion from those that publish in the field, but would you bet on that for highly sensitive data
That depends on your definition of highly sensitive data. I would bet my data on it absolutely. When it comes to clients data, or data with a legislated protection chain then I go by physical destruction because it's easier just to apply the same methodology across all third party data in my custody, but yes I would bet my clients data on it.
The difference between paranoia and reality is a couple of good conversations in the pub with engineers who actually design and build hard drives, and going into detail about the lengths *they* have to go to just to get the data back reliably from the media, the massive reliance on error correction and the frailty of the whole process.
20/30 years ago it was possible. 10 years ago it was theoretically feasible but nobody had managed to demonstrate it ( or lived to tell about it ).
Still, run the multi step process if it makes you feel better. It still doesn't address the data left in reallocated sectors (that you may or may not be aware of). I've seen drives with multiple tens of thousands of reallocated sectors which happily report 0 reallocations. No amount of wipes are going to clear those.
-
Used hard discs have no intrinsic value at all compared to the potential risk of sensitive data being exposed.
Open drive housing, remove platters, bend them double with the aid of a solid bench vice and a hammer, then scrap as WEEE.
Personally I regard the warranty on a new drive as completely worthless for this very reason; I couldn't ever send back a drive containing personal and commercially sensitive data, so a failed drive gets scrapped regardless.
A few years ago, not long after the flooding that severely affected the world's supply of new hard drives, I ordered some drives from Amazon. The ones that arrived had thousands of hours on them already. They'd clearly been pulled from a server and resold as new.
-
The only way to be sure is to shred the hard disk. :P
-
Used hard discs have no intrinsic value at all compared to the potential risk of sensitive data being exposed.
Open drive housing, remove platters, bend them double with the aid of a solid bench vice and a hammer, then scrap as WEEE.
Personally I regard the warranty on a new drive as completely worthless for this very reason; I couldn't ever send back a drive containing personal and commercially sensitive data, so a failed drive gets scrapped regardless.
A few years ago, not long after the flooding that severely affected the world's supply of new hard drives, I ordered some drives from Amazon. The ones that arrived had thousands of hours on them already. They'd clearly been pulled from a server and resold as new.
One good hammer on a laptop drive, the platters are glass/ceramic and will shatter with a small wack, dont even try to bend them or you will end up in the ER with some nice deep cuts..
-
I've been using Eraser for years and I almost never just "delete" files anymore. I mainly use the quick, one pass overwrite just so nothing is easily retrieved if a disk should leave my possession.
-
I usually just drill a 3/8" or larger hole through the platters. Any attempt to spin the drive will destroy the heads. If somebody wants to go to all the effort after that event, more power to them.