Rasputin said:
If you or any one else present finds any definitive articles on these issues I would appreciate their being posted.
Articles from peer reviewed journals would have the highest value.
Next in the order of importance would be verifiable cases of success or failure in data recovery and secure deletion. Verdict reports and court records would be of interest.
It's unfortunately an area where getting hard and fast data proves quite difficult. The time and resources to do the testing are very high so it keeps most hobbyists out of the running and those that can probably don't want others knowing. The last worth while research I remember reading was by Kurt Seifried back in 2001/2002, in which he discovered issues with a number of programs, including I believe eraser, and how they handled meta data (or not as the case was).
Most countries have their own sanitization standards but taking the US as an example
NISTSP800-88 (2006) outlines current sanitization practices for US Govt. There are 4 types
* Disposal is defined as the act of discarding media with no other sanitization considerations. Examples of Disposal include discarding paper in a recycling container, deleting electronic documents using standard file deletion methods and discarding electronic storage media in a standard trash receptacle.
* Clearing is defined as a level of sanitization that renders media unreadable through normal means. Clearing is typically accomplished through an overwriting process that replaces actual data with 0’s or random characters. Clearing prevents data from being recovered using standard disk and file recovery utilities.
* Purging is defined as a more advanced level of sanitization that renders media unreadable even through an advanced laboratory attack. In traditional thinking, Purging consists of using specialized utilities that repeatedly overwrite data; however, with advancements in electronic storage media, the definitions of Clearing and Purging are converging. For example, Purging a hard drive manufactured after 2001 only requires a single overwrite. For the purpose of this Guideline, Clearing and Purging will be considered the same. Degaussing is also an acceptable method of Purging electronic storage media; however, this typically renders the media unusable in the future.
* Destroying is defined as rendering media unusable. Destruction techniques include but are not limited to disintegration, incineration, pulverizing, shredding and melting. This is a common sanitization method for single-write storage media such as a CD or DVD for which other sanitization methods would be ineffective. This is also a common practice when permanently discarding hard drives.
Clearing is generally regarded as safe enough for everything but Top Secret material. In table 2.1 on page 8 of
NISTSP800-88 it states that
Studies have shown that most of today’s media can be effectively cleared by one overwrite followed by verification* for drives from 2001 onwards, drives older than 2001 should have multiple passes.
* interestingly here Eraser while using the oft bandied about
DoD 5220.22-M (chapter 8 section 3.06)(1995) standard they use a method ( /e ) does not meet the US Govt standards for purging data as eraser does not verify after wiping (/d). (There is a verify.exe with eraser but it only allows you to verify deletion of one file at a time and not free space). Eraser does go above and beyond for "clearing" a drive giving a 3 pass option instead of the recommended 1.
(yes I am aware of plausible deniability).