Eraserd?

  • Thread starter Thread starter Anonymous
  • Start date Start date
A

Anonymous

Guest
Hi,

We've been using a boot disk with eraserd to wipe systems hdd before they leave the building. I've read though that eraserd may not provide enough features to perform this task satisfactorily. Whats the general opinion? Is eraserd set to 8 passes enough to prevent software recovery? Or do we need to rewipe these systems with different software?

Thanks
 
EraserD is just great for erasing files, but it cannot erase the entire free disk space if the drive is larger then 2GB. Most drives these days are. The problem is not with the number of overwriting passes or the data used for overwriting.

Now, if you want to erase the entire hard drive, I suggest using DBAN that comes with current versions of Eraser. If you wish to leave the operating system and only erase the unused disk space, just use the Windows version of Eraser.
 
And to answer your other question, overwriting even once with any data is enough to prevent software recovery. Multiple overwriting passes are only necessary if you are worried about hardware recovery.
 
Ok thanks - the disks on these pc's are larger than 2gb so we are gonna have to look at DBAN.

THanks
 
Anonymous said:
And to answer your other question, overwriting even once with any data is enough to prevent software recovery. Multiple overwriting passes are only necessary if you are worried about hardware recovery.

One overwrite pass, is enough to prevent the recovery from STANDERED, undelete programs . However there are programs out there that can recover parts of files from 'magnetic echoes' these echoes require 7+ passes to be corrupted securely.
 
How about mentioning some references to these programs that can recover "magnetic echoes" using the hard drive's own read/write head through the published interface? Until you do, I say this cannot be done. It makes no sense to equip a hard drive with a mechanism sensitive enough to be able to detect traces of previous writes -- so the manufacturer interested in minimizing the cost simply doesn't do it. Besides, even if the drive electronics could find traces from previous writes, and this is completely hypothetical, there is no standard interface for accessing this functionality (1), and thus it would be only a manufacturer-specific hack.

So let me repeat, one overwriting pass is enough to prevent software recovery. If you go around hard drive's own reading mechanism by using a scanning tunneling microscope for example, then you may be able to find magnetic remnants from a previous write. This is because the path of the read/write head may slightly change between writes, or because a very small minority of the magnetic domains on the disk platter did not change during the write. This is called hardware recovery, and it is becoming more and more difficult as recording densities increase.

(1) While browsing through the 400+-page ATAPI standard I once again stumbled across the SECURITY ERASE PREPARE/UNIT commands, which are supposed to instruct the drive to completely overwrite all data areas. If this function is implemented, the drive shall overwrite data once with zeroes. A manufacturer may also choose to implement an enhanced erase mode, which calls for predetermined overwriting patterns and the erasure of reallocated bad sectors as well. I wonder how many drives actually implement this?
 
Back
Top