best hard drive format?

Discussion in 'privacy technology' started by Remixx, Jan 24, 2010.

Thread Status:
Not open for further replies.
  1. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Re: Secure Erasure: Still More Questions Than Answers

    I had read somewhere that even a reformat does not get rid of personal information on a hard drive.....that it could still be recovered. But I guess that was incorrect.

    I will look into that. That sounds pretty amazing. Thanks.
     
  2. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    About two years ago, I asked this same question of a technical support representative of Ontrack, a leading data recovery provider, and was told that if the data was actually overwritten, then their company had no mechanism to recover it.
     
  3. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Correct -- a basic format operation does not overwrite the contents of the majority of disk clusters, and thus does not actually destroy the information contained in those clusters.
     
  4. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    How do you know this to be true?

    P.S.: Interested readers may wish to also look at ShadowProtect Desktop, which is the PC Magazine Editor’s Choice (see here).
     
  5. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    I've been using ShadowProtect for several months, and love it. One can mount drive images as virtual drives -- read-only or read/write. For example, one could remove malware from a copy of an image before restoring. Hardware-independent restore, even to VMs, is also supposedly doable. I haven't done that yet.
     
  6. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Would there be any problems, that you know of, in using ShadowProtect with Returnil installed?
     
  7. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    I do not use Returnil, so I can’t say for sure -- but, I do use VMware Workstation 7 and have noticed no conflicts with ShadowProtect Desktop. You might want to post your question on the ShadowProtect forum.
     
  8. ex_ployt_ed

    ex_ployt_ed Registered Member

    Joined:
    Jan 31, 2010
    Posts:
    26
    Reformating is not Wiping But Still...

    ...should not be done to a drive with data on it that you want to keep.

    That is correct.

    We're obviously misunderstanding each other.

    Data can, in fact, usually be recovered from a drive that has merely been reformatted (as opposed to 'wiped' or, more properly stated, overwritten.)

    I never meant to imply otherwise.

    But if someone has a drive with data they want to preserve on it, they would not reformat that drive (intentionally, at least) without first making sure that said data had been properly backed-up. (that is, transferred to other media)

    Otherwise, what would be the point of reformatting, only to have to go to the trouble of trying to recover data afterward (with no guarantee of complete success)?

    That is where you had me lost; you had written of being interested in wiping and reformatting while at the same stating that you wanted to keep certain data on the drive (i.e., programs that came with your computer).
     
    Last edited: Feb 17, 2010
  9. 0peratorX

    0peratorX Registered Member

    Joined:
    Feb 17, 2010
    Posts:
    16
    Actually, a drive that has been formatted without re-writing can have data recovered after one pass. Some people (NSA) may be able to recover after as many as three passes (on ntfs at least).

    Unless the drive has been written to in a ~random fashion...

    I like this utility:

    Roadkil's Disk Wipe

    This utility can be used in UBCD4Win (and may be included in the standard distro, but I didn't check.)

    HTH
     
  10. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    0peratorX: Have you ever heard of a file recovery after a single wipe? Have you ever seen - or even heard of (in the real world) - an electron microscope actually being used for the purposes of retrieving data from a hard drive?

    I rest my case. If the NSA is after you, it's not the "On paper, it looks-like-it-might-work-for-data-recovery" electron microscope that's going to get you.
     
    Last edited: Feb 17, 2010
  11. 0peratorX

    0peratorX Registered Member

    Joined:
    Feb 17, 2010
    Posts:
    16
    I have done recovery after a single wipe. :)

    And, I was actually thinking of the method with an oscilloscope / microscope and using gamma function deltas to find the original file system configuration before wiping (well beyond the scope of my abilities - pardon the pun ;) )

    Also, I do not fear the NSA, for I have nothing that would be of interest to them. Actually, I wish they would visit (so that I could implore them for an apprenticeship!)
     
  12. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    Actually recovered the file and used it? Not just see a name and pull up a seriously corrupted piece of nothing? If so, how did you do it? If you do a little research (which I'm sure you've done), you would know it hasn't ever been documented. Not once. 0peratorX - ever seen this before?
     

    Attached Files:

  13. 0peratorX

    0peratorX Registered Member

    Joined:
    Feb 17, 2010
    Posts:
    16
    Are we talking about:
    1. random writes
    or
    2. the Windows standard formatting procedure?

    Because if it is #2 (I was referring to this procedure)

    I used this:

    http://www.diskinternals.com/ntfs-recovery/

    So, actually, I didn't do it. Rather, I rebooted the machine that I accidentally reformatted an attached drive to with UBCD4Win, then used their program to recover most of a 120 GB drive.

    Now, with other file systems, I am not sure. I know that NTFS lends itself to better recovery because of the way that it stores the information on the drive...
     
  14. guest

    guest Guest

    I guess that it is getting confused in here...


    I will make it simple.

    -If you do a simple windows format and make sure that you also rewrite the MBR (windows does that when you install it on a drive withtout any partitions, no virus can resist to it and no old data will be seen by the new system.

    So, delete the old partitions and install windows using the windows DVD and no malware will survive on the disk. The virus code might be on the disk, but unless you want it (and you need some special tools), it will NEVER be executed.


    That is for malware. In that case, any data that is no overwritten by the new operating system is still on the drive and CAN be recovered.




    -For data destruction, this is not enough. For data destruction, you need to wipe the the drive by writing something (like 0) everywhere to overwrite the old data.
    Writing zeros in one pass is WAY enough!! YES, the NSA or something COULD get some traces of data... But it is SMALL amounts and unless the NSA want's your data, you are safe. No one can recover the data unless they have really expensive equipement and a LOT of time.


    For data destruction, you don't need to do that, but I agree that it is a good way do to it. If you do the simple format, the virus won't infect your system back but the idea that it is still somewhere on the drive might be unpleasant to some people.




    -The argument in favor or the build-in ATA Secure Erase that we talked in the beginning is that it will not only write zeros everywhere but it will delete the HPA/DCO and the old bad sectors that were relocated.


    For your private data, you REALLY don't need to do that, unless you manually created a HPA. As for bad sectors, yes, some of your data can be on them, but if some random 512bytes chunks of my drive are not wiped, I'm not really scared even if someone can get them back... And to get them back, you also need more than a normal data recovery software since the bad sectors are hidden by the drive itself and are impossible to see by the operating system or the data recovery tools.

    For malware, yes, malware can store itself in a HPA, but even if it is still on there after you wipe the drive, it will NEVER get executed back unless YOU ask for it.
    As for malware storing itself in bad sectors, it is IMPOSSIBLE! There was some confusion in this thread because some malware did used some bad sectors to store itself, but it is bad sectors marked in the file system, not in the drive. In that case, everything I said before applies and a simple format would be enough.

    Alex
     
  15. ex_ployt_ed

    ex_ployt_ed Registered Member

    Joined:
    Jan 31, 2010
    Posts:
    26
    Drive Imaging (was Re: best hard drive format?)

    Glad you appreciated it. I was actually afraid that it might look as if I was merely trying to promote the programs I mentioned but I actually have no vested interest in doing so; I was just pleasantly surprised when I learned of such alternatives to Acronis True Image; I didn't think anything that was available free of charge could compare.

    Another popular imaging program seems to be DriveImage XML ( http://www.runtime.org/dixml.htm ). A step-by-step tutorial with screen shots can be found here: http://lifehacker.com/326086/hot-image-your-pcs-hard-drive-with-driveimage-xml

    I personally chose EASEUS Todo Backup because I needed something compatible with Windows 2000 and the under 35 MB download was manageable on dial-up. I found it easy to use and it worked well for me. (Though it took me a while to realize that I had to boot from the special Todo Backup bootable CD in order to restore from an image. It seemed they could have made an instruction as basic as that clearer and easier-to-find than being buried somewhere in the FAQ.)

    I had written,
    to which Pleonasm replied,

    Okay, I admit, I don't know it to be true. It was a general impression I had, based in no small part on having read that claim (or very similar) in at least one place- I think it was one of the major computer magazines. Come to think of it, though, that could have been as much as three years ago now.

    I should have made this clear and was remiss in making the factual claim I did without backing it up.
    ............
    Note that imaging functionality, as with so many other basic functions that require separate, third-party programs in Windows, appears built into most GNU/Linux distros.
     
    Last edited: Feb 18, 2010
  16. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    503
    Location:
    USA
    Re: Drive Imaging (was Re: best hard drive format?)

    ex_ployt_ed wrote concerning Acronis True Image being the most popular imaging software:

    "Okay, I admit, I don't know it to be true. It was a general impression I had, based in no small part on having read that claim (or very similar) in at least one place- I think it was one of the major computer magazines. Come to think of it, though, that could have been as much as three years ago now.

    I should have made this clear and was remiss in making the factual claim I did without backing it up."



    If you look at the Wilder "Polls" section, Acronis does seem to be the most popular imaging software. I've used it through 3 versions with product satisfaction.

    Also, in regards to the absolute destruction of a disk with information you never want anyone to possibly see, you melt the disk. This is the only approved technique for DOD classified disks, the security guys take the disk apart, remove the platters and 2 people hand carry the platters, in a locked cuffed bag, to an approved melting center, watching the platters every inch of the way into the melter. Kind of like the One Ring :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.