Problem

Lewie

New Member
Hi all.
Been using this to delete a few things.
I've come across a propblem.
I have formated the 'D' drive (not the os drive) then tried to use the unused disc pace option
It tells me that it has failed and to log in using a admin account and try again.
I am using a admin account and have even tried a new admin account.
Any clues??
Cheers.
 

Joel

Active Member

Lewie

New Member
Joel, you are a star.
Is a 7 pass secure enough or is it alwasys best to run the 35??
Thanks again.
 

Joel

Active Member
It depends on the level of security. There's no standard answer for that.
 

Lewie

New Member
Oooooohh you question dodger you :)

Fair enough, I asked for that one.
I'll take it if you want to be sure, run the highest level of passes.
 

Joel

Active Member
Of course, but current sentiments are that on a modern hard drive, one pass is sufficient to get rid of all data.
 

DavidHB

Active Member
Joel said:
Of course, but current sentiments are that on a modern hard drive, one pass is sufficient to get rid of all data.
Note that Joel wisely says "current sentiments". Considering the importance of the issue, there is remarkably little publicly documented research on what it actually takes to remove data irrecoverably from a drive. Peter Gutmann's research (from which the 35 pass method that bears his name derives) is now some 15 years old and relates (seemingly quite specifically) to hard drive technology that no one uses any more. Such research as there is supports Joel's statement.

David
 

Lewie

New Member
OK.
So is there NO way, apart from smashing the drive, to erase everything permanently??
I ran Eraser using Schneier 7 pass on a few AVI files to test it.
I then ran a FREE recovery tool and over half the files were still there, intact and playable.
 

DavidHB

Active Member
That's probably because they were shadow copies and in space that Eraser did not see as free. The NTFS file system is a complex beast at the best of times, and a single Eraser run may well miss some items; it is very hard to be specific about this, because much will depend on other things that you did.

In these circumstances, Eraser is best regarded as part of a security system, rather than as the whole solution. I suggest the following :
  • keep data on a drive or partition other than the system drive (which is always harder to clean completely);
  • wherever possible, set programs so that they keep their logs, caches and catalogues etc on the data drive;
  • disable system restore and shadow copies on the data drive;
  • explicitly erase files you know are sensitive rather than deleting them and wiping free space, as Eraser will then know about any shadow copies and deal with them;
  • when you test the erase (as you correctly did), use a file recovery program such as Recuva that can overwrite files you recovered; that, particularly in combination with the next Eraser run, will pretty much ensure that they are gone.

Incidentally, a single pass wipe used in the correct way is much more secure than a multiple pass that misses something. Which is why, for free space wiping, I use a single pass, in conjunction with Recuva as appropriate, and then repeat if necessary.

With a procedure such as this, you will find that a few separate Eraser runs to wipe free space will make your data drive progressively cleaner. Once Recuva (or whatever) is no longer finding recoverable files, you do not need to run the free space erase all that often. And the sensitive material will be gone. Irrecoverably.

David
 

Lewie

New Member
Thanks for all that info David.
I shall look into it.
I didn't run Eraser to erase all unused space.
I used it on a specific folder so I knew exactly what files SHOULD have been destroyed.
I thought directing it like that would give it a better chance to target the files.
Recuva was the app I used as it happens. I hadn't noticed that it will wipe the recovered file if requested.
I'm surprised that the single wipe may be better than the multi passes but then again I believe the Gutmann 35 pass is very old now and drives have changed.
Very interesting.
Thanks again and any thing else you think of do let me know.
 

DavidHB

Active Member
The only other point I can think of is that, if you used a disk defragmenter, it would have left copies of data behind which the file system doesn't know about, and which Recuva can often recover.

David
 

Lewie

New Member
Found how to overwrite using recuva.
I find it strange that you can choose to make all the files unrecoverable but when you run recuva again it finds the unrecoverable files??
I thought that once they were 'permanently' deleted they were gone but if that was so recuva wouldn't be able to find them at all.
This deleting thing is a bit more complex than I thought.
 

DavidHB

Active Member
Lewie said:
This deleting thing is a bit more complex than I thought.
Welcome to the club :)

Recuva still identifies the files, but overwriting them puts them beyond recovery. If you then run a free space wipe with Eraser (and it completes!), there are far fewer files identifiable by Recuva. On my data drive, Recuva sometimes identifies no recoverable files at all.

David
 
Top