best hard drive format?

Discussion in 'privacy technology' started by Remixx, Jan 24, 2010.

Thread Status:
Not open for further replies.
  1. guest

    guest Guest

    Pinso: I think there is a little terminology problem here...

    You say you do Low Level Formats on the drives...

    Here is a good article on the subject :

    http://en.wikipedia.org/wiki/Disk_formatting#Low-level_formatting_.28LLF.29_of_hard_disks

    This is low level format... where you write back new servo data for the drive to locate the sectors...

    It's just impossible to do on a modern drive!


    What most people mean by low level format now is simply writing 0 on all the sectors... It's just an error to call that a low level format...





    About the data hiding techniques... you could mark some sectors as bad I guess... as well as do hidden partitions... or change the mbr...

    But nothing will survive simples 0 written on every sectors....
    Maybe the sectors marked as bad! But as written in your article, it was used on a 1989 virus! In that time, the operating sysmtem could keep a list of bad sectors...it is just not done anymore! ( edit: yeah, they were marked as bad in the FAT filesystem... not in the hard drive itself... there is no real way to do that... maybe if you take control of the hard drive firmware itself... but... I don't think that's something we will see anytime soon... )

    But in any case, if you reinstall the operating system... even if some code is on bad sectors (and I don't think it will happend...)... there is NO WAY it will he executed....
     
    Last edited by a moderator: Jan 31, 2010
  2. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Wiping programs, minus secure erase, do not wipe bad sectors.
    DBAN does not wipe bad sectors,
    Heidi Eraser does not wipe bad sectors,
    Copywipe does not wipe bad sectors,
    Active @ Killdisk does not wipe bad sectors,
    dd does not wipe bad sectors,
    shred does not wipe bad sectors.

    (@ acuariano I have used all of the above plus more. I am not a fan of anything Acronis.)

    Secure Erase does wipe bad sectors.

    BCWipe is the only program in addition to Secure Erase that wipes HPA and DCO's (hidden partitions).

    If you have any links supporting this I will read them.
     
  3. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    Searching firstable thanks for sharing your knowledge,,
    so secure Erase is equal the same alternative you told us in another threat
    the one with live cd and using command prompt i think...

    ---did you read this about bcwipe total wipeout http://www.jetico.com/wiping-bcwipe-total-wipe-out/

    •BCWipe Total WipeOut recognizes and can wipe Host Protected Area (HPA) on hard drives.
    •BCWipe Total WipeOut can identify the number of sectors hidden by the Device Configuration Overlay (DCO) function (present since ATA-6 standard) and can wipe the DCO hidden sectors.

    and what do you think of it?
     
  4. ex_ployt_ed

    ex_ployt_ed Registered Member

    Joined:
    Jan 31, 2010
    Posts:
    26
    Secure Erasure is Much More Than 'Format'

    What do you base that assertion upon?

    Last I checked, Heidi’s Eraser was for individual files and folders or unused disk space- not for whole-disc wipes. (Though it did come with DBAN for the latter)

    What are the options for an external USB drive, then?

    What about a USB Flash drive?

    DBAN uses the Linux kernel, yes.

    But contrast a simple utility such as DBAN to even the most minimal so-called 'Linux’ distro that is an actual operating system and it would seem that if the former can properly be called simply ‘Linux’, than the latter cannot. (Hence, ‘GNU/Linux’ or GNU+Linux)

    Is it all drives manufactured since 2001?

    Are there any options for older drives (besides total physical destruction)?

    What about the Maxtor utility that was mentioned? (didn't see it in your list)

    I was surprised to discover that the (free!) Paragon Backup & Restore appears to be at least as good as Acronis True Image. EASEUS Todo Backup also (also free) appears rather impressive, esp. for it's much smaller size (around 30-40 MB). Seems its major lack is the ability to make incremental back-ups.

    What about bad sectors?

    That is my understanding as well; that anything software- based has certain limitations.

    I have read that a good software wiping utility such as DBAN can reliably protect against a keyboard attack but not a laboratory attack.
    I wonder:
    a.) Can any software-based wiping utility be 100% reliable against even a keyboard attack?
    and
    b.) What are the approximate odds of successful data recovery from a laboratory attack on a drive that had been wiped with such a software utility?

    Any sources would be most appreciated.

    Not that I’m disputing this but would you have a source? (I also read that one pass is at least almost-always sufficient but don’t recall the source now)

    Can’t be relied-upon or isn’t foolproof, okay but to say “won’t help” seems an exaggeration- see below.

    But how many people have access to such techniques?

    Furthermore, wouldn’t the odds of recovering any significant data from a drive that had first been wiped (even by a software utility) and then smashed with a hammer be extremely low?

    (Also, if smashing a drive, be sure to take precautions against inhaling particles. Likewise for toxic fumes when burning or otherwise subjecting any media to high heat. And please remember that just about all computer components contain toxic compounds and cannot be safely disposed of in land fills or rubbish incinerators but must be properly recycled. )

    Finally, regarding DBAN, please note the following from the DBAN site:
     
  5. guest

    guest Guest

    Just think about it...

    The sector is marked as bad...
    In the case of the 1989 virus that was talked about before, they are bad sectors marked in the FAT file system... if you do a simple format, without even wiping the drive, the sectors won't be marked as bad anymore... and even if the code is still there, unless you ask the system, the code won't be executed.

    Now, if but only IF it was possible for a virus to mark store itself in bad sectors on the drive itself (in the p-list), well, they would be invisible to the system... IMPOSSIBLE to read back... unless you somewhat modifiy the circuit board on the drive OR you change the drive firmware... but even if you do, you still have to ASK the system to execute this code... it could happend if you are infected back with the same malware... but if you are, it's not because of the bad sectors on the drive...

    I have no links, only some computing knowledge and a few hours reading technical documents about hard drive technology.

    I could say the same... point me to some links that say that (and explain how) and I will believe it


    But, for malware protection (and not data destruction), a SIMPLE format.... without data wiping is enough if you make sure the mbr is erased too...
    This way, even if malware is stored on a HPA of the drive, it will never be executed back.

    It not a good job, the malware is still there, but wil never be executed and will be invisible to the operating system. I do like to wipe the whole drive by writing zeros everywhere, but even if you don't, the malware won't be executed.


    For complete data destruction, yes, it's a good idea to do the ATA Secure Erase command. It's simple and it is even better than everything else.

    And for the multiple wiping passes... One is enough...
    YES, is could be POSSIBLE to get back some data back... With days of work and a million dollars worth of equipement it could be possible... But if you have such private data on the drive, and you think that someone will try to get your data back at all costs, just open the drive, destroy it and put it in the garbage.

    Alex
     
    Last edited by a moderator: Feb 1, 2010
  6. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    This may be a good place to post a sad story, and perchance get some useful suggestions. Some months ago, I started playing with approaches to inexpensive SATA-based mass storage. The players: five 500GB SATAs (three WD, and two Seagate) and five 1TB WD RE3 SATAs.

    My first experiment was attaching them to an old LSI SCSI MegaRAID card using cheap SATA-SCSI interface cards. That failed abysmally; although I did manage to create some RAID arrays, I couldn't modify them. After this failure, I checked all of the drives in normal SATA channels, and they seemed fine.

    My next experiment was using an inexpensive SATA RAID PCIe4 HBA and two 1-to-5 SATA port multipliers. At first, I could see all the drives, but intermittantly, and just as JBOD, with no RAID capability. Then I realized that the HBA hadn't been flashed with the (compatible, supposedly) RAID firmware. And so I did that (unfortunately, perhaps, while the disk array was connected).

    After that, all ten drives are stone cold dead. None of them show up on any SATA channel I've tried, even with diagnostic software from WD and Seagate.

    I'd appreciate insight into what I've done, and how it might be fixed. I'm too honorable to just return them, because I'm clearly responsible.
     
  7. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Bad sector marking is an internal process of the hard drive.
    Bad sector data can be recovered by Chkdsk because S.M.A.R.T. saves the data to a new location.
    http://www.hdsentinel.com/smart/index.php
    Remove it from its enclosure and plug it into a primary SATA port or primary IDE port for secure erase to work, according to CMRR.
    Covered under in the statement "plus more".
    The Maxtor wiping program appears to be no more than a block wiping program.
    I would be interested in reading these. Can you supply the names of the documents so that I too can understand?

    a SIMPLE format is not enough.
    MBR virus trojans use this technique today, surviving in bad sectors.

    Also:
    http://vlaurie.com/computers2/Articles/chkdsk.htm
     
    Last edited: Feb 2, 2010
  8. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    Could you please point me to a whitepaper, a magazine article, anything that shows that the above is possible, in the wild, and is even a realistic scenario?
     
  9. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    363
    I have thested 3 samples of killdisk MBR virii.A simple rewrite of the partition table and no more MBR virii.I don't even have any lowlevel formatting software at that time only a partition software to delete all partitions then an installation of LINUX. Then I was able to restore back to my clean image as if nothing happened.
     
  10. guest

    guest Guest

    So...

    Bad sectors marking is internal to the drive, you are right.

    BUT, in the case of the virus you talked about before, the sectors are marked as bad in the FAT filesystem

    A virus has no way to store itself in a real, internal to the drive, bad sector.

    And you seem to forget that in order to do bad things, a virus MUST be executed!

    When the drive finds a bad sector, it will change it for a spare one. It is invisible to the system!


    I would love to know HOW a virus could be stored in bad sectors AND be executed... Please explain it to me...
     
  11. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Do these programs wipe bad sectors by default without having to do anything?
     
  12. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    I read that Bruse Schneier uses BCwipe. Is that a good enough utility bto use?

    I have an HP and I do not want to destroy all of the software thyat comes with it. I assume that dban will do just that.
     
  13. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    i have the same question...bcwipe looks good..but we need to hear from people who uses it..also how to verify when the job was done properly.
     
  14. guest

    guest Guest

    Nothing but the ATA Secure Erase command will erase old bad sectors


    For the HP programs, there is REALLY NO NEED for dban or anything like it... just reinstall the operating system... that will do it as well as anything else...

    The wiping programs are good for one thing: erase private data do that nobody can read it back...

    For viruses and computer cleanup, a simple format is enough if you also erase the MBR.
    Some traces CAN be left on the disk (like in a HPA), but there is no risks for the code to be executed back.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    How can a bad sector be wiped? A bad sector is an area that is physically damaged and no software can restore it, it can only be re-allocated. It,s my understanding.
     
  16. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    So if I run BCwipe or something like that and reformat that should be good enough? That is great! I love the way HP has their reinstallation set up with a built in destructive recovery.
     
  17. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    However, note that there exists the potential of malware residing in the BIOS, which would be impervious to a hard disk format or wipe operation (see Researchers demo BIOS attack that survives hard-disk wipe).
     
  18. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    What is a BIOS?

    So it is not on the hard drive?
     
  19. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Please see: BIOS.

    Correct. This class of malware has the potential to reinstall itself from the BIOS onto any new (or newly formatted/wiped) hard disk drive.
     
  20. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    and is there any solution for it?..like reflashing bios..? hope.
     
  21. guest

    guest Guest

    You don't even need to care avout BCwipe. Just use a windows dvd and reinstall the system. Everything will be gone! BBCWipe, DBAN and everything like this is only good to wipe the drive in the case you want to give it to someone else that might attempt to get some private information back!
     
  22. guest

    guest Guest

    For the BIOS virus, this is possible, yes.

    However, in most cases, I guess they would be using a HPA or something similar because there is not enough place in the bios to store a complete virus code.

    If there is enough place, well it can be possible.

    But it is really hard to do and honnestly, I have never heard of such a virus yet. Of all the computers with viruses I have seen (and I see more than one everyday), I never saw or heard about a case of bios virus.

    So the risks are close to zero.

    Alex
     
  23. ex_ployt_ed

    ex_ployt_ed Registered Member

    Joined:
    Jan 31, 2010
    Posts:
    26
    Secure Erasure: Still More Questions Than Answers

    subject-line is not a complaint against this forum but rather an expression of general frustration at the difficulty in finding what one would think should be pretty basic information

    (I had asked what the options were for an external USB drive.)
    Thanks.

    I would still like to know about flash drives:

    -How secure is simply wiping free space on them?

    - Are there any other options for flash media?

    I figured that was most likely the case but wanted to make certain.

    Any complete disk wipe will; if you want to preserve data on a drive, the only wipe you can do is of free (unused) space only

    It's not clear just what you want to do. Whenever you reformat, you will have to reinstall everything. If you're prepared to do that anyway, then why would you be concerned about wiping all of the data beyond recovery?

    In any event, you should always make regular images of your system, as restoring from an image is much easier and quicker than reinstalling an OS and all of your programs from scratch, updating all of them, setting all of your preferences...

    Acronis True Image has been the most popular imaging program for several years now, a claim previously held by Norton Ghost.

    But you might want to try one of the two free* alternatives I mentioned earlier in this thread:

    Paragon Backup & Recovery (which some actually find better than Acronis TI) and EASEUS Todo Backup

    (*free-of-charge; not necessarily free in the FSF sense of the word.)


    From the blog entry linked above in this thread
    :

    ........
    Regarding BC Wipe:

    1.) I had a look at the site and did not see any third-party certifications or endorsements.

    2.) How would it be possible for BC Wipe to get around the limitations that all other software utilities apparently have? Is it not, after all, a software utility?

    3.) Looks like one has to be running Windows in order to create the bootable BCWipe disk that uses the Linux kernel.

    Okay, I suppose the average GNU/Linux user wouldn't have too much of a problem activating the ATA Secure Erase mechanism via hdparm commands (as referenced earlier in this thread) but the BIOS lock can be a real problem...
    _________

    Finally, I still would welcome any information on the following questions that I had raised earlier.

    1.) Can any software-based wiping utility be 100% reliable against even a keyboard attack? (much less, a laboratory attack)

    2.) What are the approximate odds of successful data recovery from a laboratory attack on a drive that had been properly wiped a software utility?
     
  24. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Thanks for explaining that. Much appreciated.
     
  25. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Thanks for that.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.