Brain fart: no format option on a pen drive pop-up menu?
Alan Cox
alan at lxorguk.ukuu.org.uk
Mon Aug 29 21:02:36 UTC 2011
> This is just plain wrong. For modern hard drives (manufactured after
> 1994), it is sufficient to overwrite the disk once, with any pattern you
> desire. I'm not talking about floppy diskettes or core memory here, I'm
No it is not, because of things like block sparing.
> talking about hard disks.
> Also, I would bet that the longer the data had not been re-written, the
> less embeeded it is, not more embedded. Again, we're not talking about
> core memory.
> Google "Advisory No. LAA-006-2004" for NSA's statement on this.
http://www.dtic.mil/whs/directives/corres/pdf/522022mchaps.pdf
is a process manual. It's not precisely defining such things. It's also a
very boring manual but happy reading.
> and some of the old hard disks, like the RM03s. But for modern hard
> drives, a single overwrite pass makes it impossible to recover prior data
> from that particular location.
That is they key bit.. the drive is not in any way required to re-use the
same locations for the data. Furthermore a drive is perfectly entitled to
optimise some types of common access (eg it could remember zeroed blocks
by list). For rotating media sparing and some other goings on actually
mean you won't always hit the same block. Move from simple rotating media
and it all gets much more complex with SSD, flash caches and the like.
Whether it matters really depends upon how valuable the data is and who
the bad guys are. You at the very least talking a recovery tools and
custom firmware. A lot of the people who can do that can also turn up at
your front door with a warrant and ask you politely for the information
anyway.
Because of all this the ATA standards define a secure erase command which
instructions the drive to securely erase its contents. On most rotating
media this does a data erase of all data sectors in a way the drive
itself knows is ok. On flash it may be handled various ways and on a lot
of flash drives it is *much* faster than blanking all the sectors
(almost instantaneous in fact), at least as secure as blanking all the
sectors and doesn't cause drive wear in the same way.
If you want to erase your drive, issue a secure erase command. It's as
simple as that.
If you aren't fussed just overwrite the metadata, but that in itself
doesn't make old files that hard to recover, at least on VFAT file
systems.
Alan
More information about the users
mailing list