Hey there, just a quickie question.
I know this has been discussed a lot, but more information on this subject would be very welcome. I've recently sold a 1,5TB SATA HDD. There was some valueble data on there so I decided to wipe the disk. I've had a lot of good experiences with DBAN in the past, so I picked this tool to wipe the disk.
As you (might) know DBAN offers multiple wiping methods. Since I didn't want to wait a week (upcoming holiday season etc.) I decided to use the "Quick Erase" method which uses a single pass and fills the hdd with zero's. What worries me here is that DBAN states that the security level is low and that the data can be retrieved ( However, I've read some stuff on the web saying a single pass does the job just fine. After the wipe was completed I launch a hex editor to check the sectors. They all contained 0's.
Maybe i sound a bit paranoid but im just wondering if there's any way that the buyer can still retrieve any data from the disk?
Thanks very much.
In my opinion, you can sleep soundly.
Areas of concern are sectors that have been remapped. This is typcially only a few sectors on a disk (less than maybe 100). The chances of your critcial data being in these sectors is 0.000000x. The chances of anyone finding these sectors is just as remote. ie 99.999999% of your data has been erased.
Unless you work with super super confidential data, and have sold the disk to someone who knows that, nothing will ever be found.
The other way to access data is that sometimes reading a track slighly off centre can display old data. BUT you have to find a track that can be read, and then work out what the data might mean. With current track densities this process is not likely to work well - on 48tpi floppy disks one stood a better chance.
There are stories of governments using electron microscropes to determine if the bit pattern is at 90% or 10%, and they obtain maybe a 50% success rate on each sector. The process is SLOW and very expensive. (Thumbscrews are quicker and cheaper and probably a more effective way of recovering the data - just not legal).
My summary is that your data has been erased
@mscotgrove
If the sectors were remapped, wouldn't the number of passes be unimportant? I mean, if DBAN doesn't write over them the first time (due to the remapping), isn't it unlikely that they would be written to on the remaining passes as well?
I have a vague understanding of remapping, but is there any way for a user to us, for instance, AT commands to get to the data in a remapped sector?
Thanks Michael for pointing this out, very interesting. Feels like a relief to be honest with ya ) .
So to summarize You must be a professional and have tons of money to recover a couple of sectors off the disk?
Any other input on this subject is welcome.
twjolson
Yes, a remapped sector will not be seen by 'normal' software.
You would have to start playing with 'P lists' and G Lists in the drive firmware to determine which sectors have been remapped. If you cleared these tables down, the original sectors would probably be visible but the chance of having any useful information is likely to be less than remote.
So to summarize You must be a professional and have tons of money to recover a couple of sectors off the disk?
And have context to make use of any recovered data as well. It's not like you could recover 2 potentially skipped sectors in between millions of zeros and know that this was an elbow within an image file.
Bottom line is you don't have anything to worry about; the porn is gone forever. 😉
Bottom line is you don't have anything to worry about; the porn is gone forever. 😉
LOL, no its not porn. The disk contained some valueble documents and images. But thanks for your confirmation -)
And if you use the "proper" approach, which is the internal ATA commands
http//
also some additional, normally unaccessible sectors will be (probably) deleted.
In any case it wiil be FASTER than DBAN.
http//
http//
There is AFAIK NO reliable record of anything EVER retrieved by a private company from a 00ed disk (single pass) from any "modern" hard disk (anything manufactured in the last, say 15 years), and there are serious doubts that Government Agencies may have the technology/capabilities to do so (at least with any kind of accuracy/reliability or in a reasonable time).
jaclaz
Thanks Jaclaz, that sums it up perfectly. I heard about the Secure Erase method and tried it in the past. The drawback was that most of the time the SE command was blocked by the system's BIOS. Secure Erase is faster and can delete bad sectors though.
Anyway I'm glad and feeling relieved about the answers that were given in this topic. Thanks a bunch -)