Home page logo

basics logo Security Basics mailing list archives

RE: Suggestions on free XP hard drive wiping utilities?
From: "Dan Gallivan" <gallivan () digitalwarroom com>
Date: Wed, 12 Feb 2003 01:13:47 -0800

A note about the reality of wiping drives.

Most of us forensic professionals using the best, most effective or expensive software, but just software, are not 
going to be able to recover data that has been overwritten by a wiping program, even with just one pass.  Period. 

It is true that the head does not pass exactly over the same location on any given pass, so its possible for the 
"edges" of the data previously written on the disk to remain -- described in one analogy like the snow that piles up on 
the side of the street when the snowplow passes by.  Multiple pass wipes are supposed to solve this by allowing the 
head to have some statistical chance of flying over one of those edges on a subsequent pass.

However, multi-pass wiping is only necessary to defeat electro-magnetic microscopy, or similar hardware techniques.  
For anything short of a clean room and (very) expensive equipment, one pass is enough.  That is, one pass with a wiping 
utility renders the overwritten data UNRECOVERABLE to anyone using a software recovery tool.

From the perspective of a "wipe" program, or any standard forensics application, there would be no difference between 
one pass with a wiping utility and a hundred passes.  If the wiping program is genuinely capable of overwrite data on 
a cluster, no recovery program will be able to see "under" the data.  All the programs can do is interpret what the 
hard drive passes them, and if hard drives did not consistently return what was last written on them no one would use 

While it is potentially true that someone will have enough determination and money, it is not at all probable.  Unless, 
for some reason, you believe an entire government is interested in recovering your donated drive.

So, in reality and very pragmatically speaking:

1. It is a waste of time to wipe with more than one pass, and
2. Companies that claim their data recovery software can recover wiped data are being disingenuous, and
3. You can use any of the suggested wiping tool with confidence before donating your drive.

I wipe *every* drive that leaves our shop, and I sleep just fine at night :)

Dan Gallivan

PS:  With thanks to Troy Larson and James N.

-----Original Message-----
From: Sullivan, Glenn [mailto:GSullivan () DavidClark com]
Sent: Tuesday, February 11, 2003 8:02 AM
To: 'security-basics () securityfocus com'
Subject: RE: Suggestions on free XP hard drive wiping utilities?

Frankly, and this will sound sarcastic but it is really the only "thorough"

A revolver.

Any software product made will not wipe out data that someone with enough
determination (and money) can't get back.

Glenn Sullivan, MCSE+I  MCDBA
David Clark Company Inc.

-----Original Message-----
From: Champion, Steve [mailto:SChampion () tmh tmc edu]
Sent: Monday, February 10, 2003 4:34 PM
To: 'security-basics () securityfocus com'
Subject: Suggestions on free XP hard drive wiping utilities?

Would someone please throw out a URL and suggestions for free Windows XP,
hard drive wiping utility's?  Something that will wipe a drive to a
machine that's going to be donated or thrown away?   

Preferably something thorough?

Thank You
Steve Champion
Sr. Data Security Analyst
The Methodist Hospital.
schampion () tmh tmc edu

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]