Do several full for...
 
Notifications
Clear all

Do several full formats erase all data?

16 Posts
8 Users
0 Likes
1,498 Views
(@williamsonn)
Posts: 85
Trusted Member
Topic starter
 

hello

I know that a safe erasing of data must be done using at least 1 wipe pass. However my question is do, also, several full formats the same effect? thanks

 
Posted : 19/11/2012 3:31 am
Beetle
(@beetle)
Posts: 318
Reputable Member
 

hello

I know that a safe erasing of data must be done using at least 1 wipe pass. However my question is do, also, several full formats the same effect? thanks

Generally no. This is dependent on the particulars of the OS involved, the media (floppy or hd) and what switches have been applied with the format command (eg. DOS /u switch on a floppy).
Also, what do you mean by a " full" format?

 
Posted : 19/11/2012 3:57 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

I know that a safe erasing of data must be done using at least 1 wipe pass. However my question is do, also, several full formats the same effect? thanks

Depends on the OS, and how a full format is implemented. For example, a full format under XP is not the same thing as a full format under Win7.

 
Posted : 19/11/2012 4:24 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

In more detail, any "full format" in a NT based OS BEFORE Vista is not "destructive".
"Full format" in Vista and later does fill each and every sector of the volume with 00's (besides the sectors for the filesystem structures that will be re-written), so while not being a "complete" wipe (as anything outside the volume is left "as is") it is effectively destructive.
(the target of disk wiping is the disk, the target of "format" full or not is the volume).

For the record the notion

that a safe erasing of data must be done using at least 1 wipe pass

is inaccurate as there is not any documented report of anyone ever recovering anything after a single 00 pass, at least on "modern" hard disk, which means roughly those made in the last 10 years.

jaclaz

 
Posted : 19/11/2012 4:25 pm
(@twjolson)
Posts: 417
Honorable Member
 

I guess I am wondering why you are asking? It takes little time, and little expertise to seed a flash drive with dummy data, make a few notes of what is on there and where, and then format it with various OSes.

In the time it takes for you to post and wait for a reply, you'd have your answer first hand, rather than having an answer from unknown sources.

 
Posted : 19/11/2012 9:29 pm
(@belkasoft)
Posts: 169
Estimable Member
 

In addition to what's been already said, full (or even quick) format of an SSD drive will normally destroy its content due to the TRIM/garbage collection operation. However, some remnants of original data may still appear in SSD's reserved memory areas, so saying that several cycles of full format destroy 100% of data on an SSD drive would not be technically correct.

Also, formatting a traditional (magnetic) hard disk, even if you're filling the sectors with zeroes, is not the same as using a cryptographically sound wipe. Properly implemented wiping fills disk content with random data (that must be cryptographically sound random data in order to pass certain certifications). This is due to the fact that, theoretically, data overwritten with zeroes can still be recovered off magnetic plates with dedicated hardware. Note that I said "theoretically", as I don't really know what happens if such hardware is used with a modern drive with high storage density and perpendicular writing.

 
Posted : 21/11/2012 4:12 pm
(@trewmte)
Posts: 1877
Noble Member
 

Properly implemented wiping fills disk content with random data (that must be cryptographically sound random data in order to pass certain certifications).

Belkasoft, would you recommend this for SSD?

 
Posted : 21/11/2012 4:33 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Also, formatting a traditional (magnetic) hard disk, even if you're filling the sectors with zeroes, is not the same as using a cryptographically sound wipe. Properly implemented wiping fills disk content with random data (that must be cryptographically sound random data in order to pass certain certifications). This is due to the fact that, theoretically, data overwritten with zeroes can still be recovered off magnetic plates with dedicated hardware. Note that I said "theoretically", as I don't really know what happens if such hardware is used with a modern drive with high storage density and perpendicular writing.

BUT practically this is NOT needed.

Please note how there is not a single report/document/evidence that ANYTHING has been EVER been recovered after a single 00 pass, even on more traditional media, exception made for this reference
http//www.forensicfocus.com/Forums/viewtopic/p=6518726/#6518726

And theoretically this does not apply anymore since perpendicular recording has become in wider use.

Of course Government Agencies may have the technology ….. 😯
So it's safer anyway to break the disk and send pieces to China
http//www.forensicfocus.com/Forums/viewtopic/t=9682

jaclaz

 
Posted : 21/11/2012 7:56 pm
(@belkasoft)
Posts: 169
Estimable Member
 

Properly implemented wiping fills disk content with random data (that must be cryptographically sound random data in order to pass certain certifications).

Belkasoft, would you recommend this for SSD?

No. For SSD's, you enter the shaky grounds of probability theory. Modern SSD's have reserved space that helps them handle wear leveling. That space is not directly addressable. The only (and I mean, ONLY) proper way to destroy information from an SSD drive is via issuing an ATA "Secure Erase" command (see e.g. here http//www.corsair.com/applicationnote/secure-erase).

By the way, Secure Erase may operate in a different manner on some drives featuring internal encryption (this mostly applies to business-grade magnetic hard drives, but also to some SSD models). If this is the case, Secure Erase will destroy the original decryption keys, which only takes a moment, and then proceed to actually cleaning the disk. If an such a controller was used, the data is effectively gone the very instant the command is issued.

I can even say that, for SSD drives, overwriting the content of a file serves no meaningful purpose, as wear leveling will most probably prevent the new data from being written to those very same flash cells anyway. Which means that you'll fill some other cells with zeroes, while the content of the original file will remain available for a while, and then erased by the internal garbage collection process (which, again, is not 100% guaranteed).

As such, there is no way to securely delete a file from an SSD disk except wiping the entire drive with a secure erase command. This, however, does not mean that any deleted data can be easily recovered. If your SSD is configured so that its TRIM feature is enabled (which, for Windows, means using Windows 7, NTFS, internal connection via a SATA link, motherboard RAID disabled for that drive), then the controller will probably (for many models anyway) return all zeroes even before the garbage collection process actually erases the cells.

Sorry if I added more confusion. SSD's are just too iffy at the moment.

 
Posted : 22/11/2012 2:26 pm
(@trewmte)
Posts: 1877
Noble Member
 

Properly implemented wiping fills disk content with random data (that must be cryptographically sound random data in order to pass certain certifications).

Belkasoft, would you recommend this for SSD?

No. For SSD's, you enter the shaky grounds of probability theory. Modern SSD's have reserved space that helps them handle wear leveling. That space is not directly addressable. The only (and I mean, ONLY) proper way to destroy information from an SSD drive is via issuing an ATA "Secure Erase" command (see e.g. here http//www.corsair.com/applicationnote/secure-erase).

By the way, Secure Erase may operate in a different manner on some drives featuring internal encryption (this mostly applies to business-grade magnetic hard drives, but also to some SSD models). If this is the case, Secure Erase will destroy the original decryption keys, which only takes a moment, and then proceed to actually cleaning the disk. If an such a controller was used, the data is effectively gone the very instant the command is issued.

I can even say that, for SSD drives, overwriting the content of a file serves no meaningful purpose, as wear leveling will most probably prevent the new data from being written to those very same flash cells anyway. Which means that you'll fill some other cells with zeroes, while the content of the original file will remain available for a while, and then erased by the internal garbage collection process (which, again, is not 100% guaranteed).

As such, there is no way to securely delete a file from an SSD disk except wiping the entire drive with a secure erase command. This, however, does not mean that any deleted data can be easily recovered. If your SSD is configured so that its TRIM feature is enabled (which, for Windows, means using Windows 7, NTFS, internal connection via a SATA link, motherboard RAID disabled for that drive), then the controller will probably (for many models anyway) return all zeroes even before the garbage collection process actually erases the cells.

Sorry if I added more confusion. SSD's are just too iffy at the moment.

Belkasoft, no you haven't added confusion at all. I find your observations very enlightening.

When I posed my question it was because I was finding so many varying statements that it is no wonder, to a degree, why there is uncertainty. Any clarification you can bring to this matter is always greatly appreciated.

I read a number of articles suggesting the extent of some of the claims espoused by suppliers offering systems marketed with 100% complete data erasure but when tested produced contradictory results and outcomes.

The NVSLab has two useful .png images. I believe (but accept I could be mistaken in that belief) they are representing research from 2011; of course things have moved on

http//nvsl.ucsd.edu/assets/png/file.png
Individual file sanitization techniques, all of which failed and left at least 10MB of a 1000MB file.

http//nvsl.ucsd.edu/assets/png/setable.png
Auditing of several-built in sanitization commands, showing several failures.

I did note that Metal Wave claim they have an SSD data sanitisation system that does work. The 2012 Metal Wave presentation refers to the work of the NVSlabs already in existence but then goes on to make the claim

"MetalWave Inc. , currently has the only solution that can sanitize data from solid state drive"

http//www.metalwaveinc.com/docs/WS-SSD-Data-Sanitization-MetalWaveSolution.pdf

 
Posted : 22/11/2012 4:48 pm
Page 1 / 2
Share: