by Fred Langa for Windows Secrets Newsletter
Standard drive wiping tools are no longer adequate
Standard drive- and file-wiping tools are no longer adequate for completely removing data — especially when used with the newest hard drives.
But researchers have identified new procedures that reliably make old data virtually unrecoverable on any drive, whether magnetic or solid-state.
Leftover data is an obvious security risk when you sell, give away, or otherwise dispose of any computer storage device. Any data — old documents, files, financial records, passwords, photos, whatever — left behind on a hard drive can come back to haunt you, should they fall into the wrong hands.
Most Windows Secrets readers already know that simply erasing files or reformatting a drive doesn’t mean your data is safely removed. There are plenty of undelete and unformat tools (many free) readily available that require no special skills to use.
That’s why, for years, the common advice has been to sanitize or wipe a hard drive before it leaves your possession. The process most often used is overwriting, which typically replaces all existing data with meaningless patterns of ones and zeros.
That’s the theory, at least.
Erasing everything is actually not all that easy
It’s been known for some time that even a multi-pass (so-called “government”) wipe of traditional magnetic drives leaves behind some data — information that might be recoverable by someone with enough access, time, and forensic technology to analyze the drive’s platters.
For example, powerful signal-processing software can unravel many layers of overwrites to reconstruct the original data. And specialized equipment can easily read between the tracks of a magnetic platter’s normal data-recording zones to recover information recorded in nearby magnetic-field spillover areas.
Solid-state drives (SSDs) are even harder to fully erase. To prevent their memory cells from suffering premature wear and failure, most SSDs have hardware-level protections that prevent data from being written to the same area again and again. These internal protections might not allow a standard overwrite. Without special software, overwrite data might actually be written to a new area — which obviously defeats the whole point of overwriting!
For that reason, some SSD vendors provide special sanitizing software for their drives. Recently, however, researchers at the University of California, San Diego, Non-Volatile Systems Laboratory found that those tools (and similar tools for flash-based devices such as thumb-drives) often did not work.
Their report, “Reliably erasing data from flash-based solid state drives” (free PDF download), matches similar studies in Europe and elsewhere which found that some vendor-supplied, secure-erasure tools often leave as much as 10 percent of a hard drive’s data still recoverable!
The ugly truth: software-driven wipes or overwrites simply can’t be counted on to erase 100 percent of your data — no matter what kind of drive you have.
In fact, the National Institute of Standards Technology, in its “Guidelines for Media Sanitization” (free PDF download), recommends overwrite-based data-wiping only for the most basic level of data sanitizing (see Table 2-1, “Clearing”).
If you need to securely erase a drive, an overwrite wipe simply isn’t enough anymore.
This excerpt appears with permission from Windows Secrets Newsletter.
About Windows Secrets
Insider tips, authoritative how-tos, security best practices, and more. The weekly Windows Secrets Newsletter brings you essential tips for Windows, applications, and computing on the Internet.