With each incident of sensitive personal data being found on computer hard disks, whether it be celebrity bank details or Government records, the debate about hard disk erasure heats up.
The removal of data from computer systems is an area where scare stories frequently emerge. Statements such as "you cannot remove all of the data from a hard disk" have been made about by renowned figures in the world of data recovery and computer forensics.
Is it true that you cannot clean data from a hard disk drive? Can forensic experts and Government spooks get the data back, regardless of what data erasure technique has been used?
What is Hard Drive Erasure?
True data erasure is where a dedicated degaussing mechanism is used to flip all of the bits on a magnetic material so that no trace of data remains. Data erasure software does not actually erase, it replaces data with other data, so removing the information that you no longer want to be stored.
Why Erase Data?
Deletion of a file from a hard disk drive does not, in most instances, do anything to the data it simply removes an entry that tells the operating system where the data is, and in some instances it leaves all of the information about the data storage in place and just records that the file has been deleted.
The data itself is still present until such time that the space it occupied is re-used.
In addition, data from files is often stored in transient memory. Most operating systems use caches, areas where data being accessed is temporarily stored, the Windows swap-file being a good example of this.
Data erasure software is designed to perform an orderly and thorough replacement of the information stored.
Is Degaussing the Best Approach?
Degaussing involves the placing of a hard drive into a moving magnetic field that is strong enough to realign the molecules and eradicate any data.
On the face of it this seems like the method that gives the greatest certainty that the data has gone.
There are two issues to consider
First, degaussing removes not only your data but also the information that is written to the disk during manufacture when the drive is formatted. You cannot recreate this information and so the disk will no longer operate and so cannot be re-used.
Second, considering that the disk will no longer operate, you have no means of checking that the data has been completely erased. If the degaussing device was not up to the specification for the job, of the operating procedures were not correctly followed, then perhaps not everything was erased. Even worse, perhaps the process did not work at all and the disk actually was damaged during removal from the computer or at some other time prior to the degaussing process.
It is possible that all or some of the data remains and that a data recovery process could retrieve it.
Is Disk Erasure Software the Answer?
A hard disk stored data in sections named sectors, usually each being 512 bytes long. These are all accessible for reading and writing via the hard drive interface (IDE, SATA, SCSI). It is, therefore, possible to replace the data in every sector and so remove all of the data.
Well, not quite all. To avoid problems caused by sectors that become unusable during normal operation a hard disk maintains a set of spare sectors. Your 160GB disk is actually 160GB and some additional spare ones that you cannot access. If, when attempting to write to the disk there is a failure the hard drive can reallocate by using one of its spare sectors and retiring the failed one from use. This re-allocation is recorded in a table know as the G-List, or Grown Defect List.
It is theoretically possible for a sector to which data could not be written to actually still be read, albeit that an in depth knowledge of hard disk electronics and data recovery techniques would be required. How likely it is that this could happen and, if it did, whether any recovered sectors would actually contain anything of importance, is hard to judge. I consider the likelihood to be very small.
A more prevalent problem, in my experience, is that the data erasure process is not monitored.
If you perform a cursory inspection of a disk where the first few thousand sectors have been overwritten with random gibberish, and one where every sector has been overwritten, you will detect very little difference. Try to start the computer and you will get some kind of error message about the operating system not being found.
An employee erasing disks who has either a lack of diligence, or other priorities, might determine that they can quickly erase the start of a few of the disks in the batch to save a bit of time and no one will notice. I have seen plenty of examples of this when conducting validation tests on erased disks.
You could have disks that appear to be erased but have not been.
Is this a problem with using data erasure software? Not really, it is a problem with process and attention to detail. If the processes are monitored and logged correctly then there should not be a problem. Don't rely on technology at the expense of sound procedures.
Can Data be Recovered from an Erased Hard Disk Drive?
Look on the forums and you will probably find some comments about the Government could probably get that data back, but the reality is that there are no geeky boffins or evil genius types who can defy the laws of physics. Stories about the use of electron microscopes to work out infinitesimal differences between bits of data and so determine what was recorded before are just fiction, not even science fiction.
I was once asked how many layers of recording we could work back through. There are no layers, just a recording, and when it is change then it is still just one recording.
With older disks there was a method that could be used to try an access older data, but this was based upon the mechanisms being a bit imprecise and so some data was not quite completely overwritten. Even if anything could be detected the chances of ever turning it back into something useful were about zero, and with modern high density devices the chances are zero.
So How Should Data Erasure Be Performed?
First, by ensuring that you have a process that can be followed easily and monitored properly.
Second, by using reputable software to perform the erasure.
Third, if sensitivity is a major issue, by getting some third party testing of the process to validate it.
Forget science fiction, put process first.
Can Data Be Recovered From an Erased Hard Disk Drive? Check For The New Release in Health, Fitness & Dieting Category of Books NOW!
Check What Are The Top Cooking Books in Last 90 Days Best Cheap Deal!
Check For Cookbooks Best Sellers 2012 Discount OFFER!
Check for Top 100 Most Popular Books People Are Buying Daily Price Update!
Check For 100 New Release & BestSeller Books For Your Collection
Mark Sear has been involved in data recovery, data conversion, data migration and computer forensics since the early 1980s working as a data recovery engineer, software developer and up until 2006 as the Technical Director of one of the word's leading data recovery companies with offices in the UK, Germany, US and Norway.
Along with other long standing technical specialists from the industry Mark founded Altirium Ltd in 2006 to provide technically led specialist data services with the emphasis on providing the right advice and services for the customer in an industry that has become increasingly sales led.
Data Recovery services include:
Hard drive data recovery
Tape data recovery
RAID data recovery
NAS data recovery
Exchange data recovery
Data recovery services and advice can also be given for any other type of storage media.
Other specialist data services include Data Migration, Data Conversion, Computer Forensics and E-discovery.
watch mobile phone Kitchen & Housewares Sales : New Kitchen Appliance
0 comments:
Post a Comment