[Ilugc] Overwriting hard disk

Kapil Hari Paranjape kapil at imsc.res.in
Thu Dec 11 00:18:39 IST 2008


On Wed, 10 Dec 2008, Arun Khan wrote:
> I can see how data can be "recovered" if one just deletes the files from 
> the filesystem and not obliterate the contents from the disk platters.
> What would the equipment find, if I have written each and every byte on 
> the disk with zeros?

According to the info page for shred: 
  If you have sensitive data, you may want to be sure that recovery is
  not possible by actually overwriting the file with non-sensitive data.

  However, even after doing that, it is possible to take the disk
  back to a laboratory and use a lot of sensitive (and expensive)
  equipment to look for the faint "echoes" of the original data
  underneath the overwritten data.  If the data has only been
  overwritten once, it's not even that hard.


  [Shred] uses many overwrite passes, with the data patterns chosen to
  maximize the damage they do to the old data.  While this will work on
  floppies, the patterns are designed for best effect on hard drives.
  For more details, see the source code and Peter Gutmann's paper
  `Secure Deletion of Data from Magnetic and Solid-State Memory'
  (http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html), from
  the proceedings of the Sixth USENIX Security Symposium (San Jose,
  California, July 22-25, 1996).

Of course, this does not take care of "bad blocks" that were found by
the "smart disk controller" and duplicated. The original data in
those "bad blocks" is not directly accessible via the disk driver and so
it will not be over-written. So, depending on your needs (;>) you may
want to think about what you will do about that as well.

(Who feels particularly paranoid 'round midnight!)

More information about the ilugc mailing list