The truth about Overwriting patterns

DelBoy said:
I read this quite a while ago, still worth reading though.

http://rixstep.com/2/sd,001.html
That's a load of crap. The Rixstep guy (as can be seen from his Radsoft association) is a blowhard who knows about 1/10 of what he tries to portray himself as knowing.

Just notice how terse the little article is. I mean, what does this really mean?

They work by constructing a signal map of your entire hard drive, and then comparing this map, byte for byte, with what should be there. From the discrepancies they can backtrack several overwrites to find out what you had before you overwrote your files - several overwrites ago. Yes, it's that scary.
It means the same guy who gives the Evidence Eliminator people a hard time for spreading FUD is doing something along the same lines. And don't forget that this guy sells a utility that performs secure deletion!

Just the fact that he recommends Gutmann should be enough to tell you how little he really knows.
 
DelBoy said:
I read this quite a while ago, still worth reading though.
I beg to disagree, that's just an example of the misinformation on the Internet these days. That guy does not know what he is talking about.
 
Anonymous said:
DelBoy said:
I read this quite a while ago, still worth reading though.
I beg to disagree, that's just an example of the misinformation on the Internet these days. That guy does not know what he is talking about.

Irregardless of what that guy suggests or knows, take this small item http://www.sicher-loeschen.de.vu/ again and fully digest it then incorporate the results you derive from it into your suspicions and you will have succeeded in making a determination that far exceeds the dim and vague viewpoint from that one single source alone.
 
Do NOT use official overwriting patterns

Don't quote me on this but I did hear (not sure of the source now) that those DoD, NSA, etc, methods were not approved for using on hard disks. Maybe I'm wrong?
 
Many methods for many personal choices

Swifty said:
Do NOT use official overwriting patterns

Don't quote me on this but I did hear (not sure of the source now) that those DoD, NSA, etc, methods were not approved for using on hard disks. Maybe I'm wrong?

Those you refer to are the most widely used methods. I'm certain there are others unlisted or documented. It boils down to which is preferred by the user. As far as approved for Hard Disks, i've yet to read where they are not approved.[/i]
 
Secure erasing?

I feel a little paranoia creeping into nearly all the above comments! Be real guys(gals?) -what the heck are we trying to conceal here? Unless you have state secrets,something highly illegal,or General Motors business plan for the next ten years, what the heck are you all worrying about? I imagine it would take a hell of a lot of resources to beat decent encryption and the thorough use of Eraser as per the help file instructions,so why worry? Personally,I would not even like a stranger reading a letter to my favourite aunt,and I certainly take reasonable precautions with financial or very personal matter,but am not so worried to question techniques to the levels shown in the previous postings,so please do note the word "reasonable"!!
 
Undo worry

I have to agree. Unless you are operating with secret sensitive files and consider your data a threat to National Security, i would just go about the normal routine of selecting the bare minimum for wiping. Now to you Guest, i would like to pose this one question to you personally. In an above post an unlucky gentleman experienced recently some problem after using ERASER on i presume a Disk Wipe of Unused Space. His is a XP operating system as i understand. My question already posed earlier and addressed was HOW MANY WIPES CAN BE DONE BEFORE EITHER ERASER OR THE HARD DISK lose its effectiveness????????????????With the HEAVY writing these PASSES conduct, isn't there a THRESHHOLD for safety written into the program OR IS IT NOT NEEDED. Thats all thank you.[/b]
 
Viper said:
hello,

if you want to know the truth about overwriting patterns, visit my site:

http://www.sicher-loeschen.de.vu/

You'll see that most advertising like "Our software even exceeds the Department of Defense standard" is simply bull....
E.g. many ppl use the Gutmann 35-pass method. They don't know that 27 of the 35 passes are designed to flip the bits in MFM/RLL encoding. But modern hard drives don't use that encoding. If you do 8 passes with "random" numbers, it will have the same effect.

greets, Viper

THANK YOU. I have been gnashing my teeth on this for a bit, in fact I am now making my own "version" because of this. Drives me nuts, if you pardon the bad pun. Having said that the DoD standard doesn't take into account the engineering realities of the drives either. so you are basically stuck with using the 35 passes/patterns from the Gutmann's paper simply because nobody implements a good random generator with the overwrite of file capabilities. The only one that I know of (tho there might be others) is the pseudo-random entropy polling of Eraser and that unfortunately locks up my system. =/

MFS
 
sigh....

Viper said:
hello,

if you want to know the truth about overwriting patterns, visit my site:

http://www.sicher-loeschen.de.vu/

You'll see that most advertising like "Our software even exceeds the Department of Defense standard" is simply bull....
E.g. many ppl use the Gutmann 35-pass method. They don't know that 27 of the 35 passes are designed to flip the bits in MFM/RLL encoding. But modern hard drives don't use that encoding. If you do 8 passes with "random" numbers, it will have the same effect.

greets, Viper

can't access the paper. But still Gutmann himself has written about the fact that the "mantra" of 35 passes is ridiculous.

Also on the subject of random generation, the use of strong pseudo random generation IS what is talked about for this, Yarrow is among the best and isn't in fact necessarily impossible to implement nor would it be difficult. Any CHIP based random generator isn't in fact random. Multi source creation of seeds and multi seeds for the random generator is all that is needed EXACTLY like that produced for strong encryption. Which I believe somebody else mentioned already on this thread. One other thing, the admin has mentioned that to do the best "security" you can do in a journaling FS is to encrypt a partition and go from there. Or should it be the whole disk... hmmm.

MFS
 
http://v4.livegate.net/wipe

sry for the inconvenience. I deleted the old domain because it's in German and only about 10% of my visitors are from German-speaking countries. The rest is from US, Canada or Afghanistan :)

I rewriting the Linux encryption part, so plz don't be strict. An detailed evaluation is coming soon. Will add anchors for better navigating and some HTML tidying soon.

Thx, Anonymous
 
When you say modern drives do not use MFM patterns, how modern are we talking about? What year did drives cease using MFM patterns?

Is my old PC HD from 1996 classed as modern?
 
Anonymous said:
OK, so:

* If a user was to use overwrite with pseudo-random data, how many passes would be a good choice? (Let's suppose this user was concerned about thwarting law enforcement, and safeguarding privacy against data-recovery professionals. Let's also suppose that this user did use strong encryption where really required, and isn't looking for argument on using it more extensively instead of overwriting.)

What do you mean by "law enforcement" or "data recovery professionals"?
Local police or national security services?;local IT firm or big university computer technology/cryptography dept.?
I think we are in the realms of not writing such sensitive info to the HD in the first place,and certainly not using Windows! If it`s concerning illegal matter,I guess you won`t get a considered answer anyway.
 
You also need to be aware that much of what you send and receive over the internet can be watched(almost everything you might want to erase comes from other computers I presume). Let us say you are in China and want to visit a site that they do not want you to see. There is a good chance that they can reconstruct/watch what you where looking at or at least guess at it which can be just as bad as actually having the info found on your computer....just something else to worry about. Of course, this depends on the level of "Law Enforcement" you are talking about. National agencies tend to have more money and special programs that local law enforcements do not.

Look on the web for forensic programs and they can sort of give you a look at what local law enforcement can buy and use.
 
One more point......"local law enforcement" probably will have the same program access as say a general technical thief may have......many good programs out there that anyone can buy or try. So a general knowledge of what these "local law enforcemnt" programs can find would help people who have real worries about stolen laptops or PC's.
 
The document is 404, looks like there was a problem paying the bills, does anyone have a copy of the document
 
in the end...

Provided that you have read all the previous replies as well as lurked throughout the rest of this forum, then my post will come as no suprise.

On modern HD's (that is, computers made from the year 2000 onwards), psuedo-random number generation (PRNG) is the most suitable method to use in order to overwrite sensitive data. Eraser uses (or claims to use) the ISAAC PRNG. Although not the most sofisticated method, ISAAC is still considered secure.

Running at least 15 up to 30 passes in PRNG can be considered as secure (if not more) as the Gutmann. I CHALLANGE ANYONE TO PROVE ME WRONG!!!

As such, Eraser will only delete what you tell it to delete. Your truly sensitive data lies deep within your OS (operating system). Eraser can only do what it is commanded to do.

Hope this answers your original question!!!!
 
Summary and Easter Brain Food

Warning, long post. Useful for folks passing by or killing time.

I've been dealing with highly confidential data for many years (banking and finance, personnel records, tax data), and delved deeply into several operating sytems and their security and privacy weaknesses. Eraser is a damned good tool. Use it, but there is a lot more. I don't delete any more, haven't for years. Just got into the habit of erasing. And Eraser does it.

There a lot of good sensible posts on this site, and there is a lot of combined experience (Duke, if he is the orginal of that nick, has been around for many years), but there are also some posts that are entirely ludicrous, laughable. There is a mix of the curious, the geeks (I would count myself as a minor guru), and, probably the most important, people who just want to be careful and would like to know what really works, and whether they really need wait hours for a 120Gbyte drive to be cleaned.

For the last category, try this for a quick summary with some of my own input. There is also a bit of "food for thought". Comments welcome:

1)It is possible and has happened that people have been busted and their computers confiscated "for investigatory purposes". Most often there is already a "reason" for this (your credit card number was found on a suspicious list, you "visited" a dodgy web site (no you didn't, you went to a linked page and your ip got on the log) etc etc but our good old law enforcement people are nothing if not thorough and patient. So covering your tracks on the internet should be a prime concern, not just erasing data. There are ways to do that which you can pick up as you go.

Its certainly no fun to be told you are in the clean and free to pick up your gear from some storage compound if it is 6 months or more down the line and you have had to scratch around for even the phone numbers of friends, acquaintences, and business contacts during that period. It also happens that said gear has been badly treated by underfunded, undereducated twerps who know less than a total newbie, and it don't work any more. Its worse if you have some nut in your office who has been using his work machine for dubious practices only to have your entire office network dismantled and carried off by a harassed looking law enforcement officer. Give that person a break please. They just want to get it done and go home. But your business or job may just have been hosed. How many businesses can survive for long with everthing gone? Backups? Gone as well. They are also potential evidence.

In other words paranoia is not necessarily a bad thing. If in doubt, Erase.

2)But get real. Maybe you do have a bit of copied software or some pirated cds, dvds. Maybe there are some pics on your drive that are legal/grey but you'd rather not have it known that you have them. Maybe you did shave your last few tax returns tight. Maybe you do have a bank account or two that you'd rather your spouse/lover/boss/creditors didn't know about.

Windows in particular hoses, but hoses like it was being paid for it, your drive with "evidence" in the form of temporary files, MRUs, index.dats etc. No app can get all of those, though there is one, and only one, hyped Windows app out on the net that gets most of them. But its darned hard to keep a machine clean. It takes a lot of time and effort. Try finding out more about encrypted drives instead of worrying about erasing. Then discover you really need to know about BOTH, and a lot more! Most regulars or experienced visiting a site like this will already know that. Newbies won't have a clue beyond some half-learnt basics, folklore, and mis- dis- information. Get out there and learn if you think you need to, or are just passing time soaking up new stuff that might be useful one day.

3.You're probably here for info on erasing, so here is the REAL world :

A single pass of pseudo random data is about as good as it gets on modern equipment (post say 1998). Beyond that is hyper paranoia (nothing wrong with that if its your choice, its a free world -- (huh!)). If you want to check that then make a small partition, wipe it with Guttman. Then sprinkle it, fill it, with any files handy, preferably text files so its easy to see if there is anything left after a wipe because you can see words and sentences. Wipe it again with a single randon pass. Then do a recovery with any of the recovery software around. I use Easy Recovery Pro, but there are many. It will find nothing. To convince yourself further try a disk snooper (try Directory Snoop, does FAT and NTFS) that reads sectors one by one and look for text (try it before and after the random wipe). It won't find anything either.


That is IT, that's about as good as average law enforcement and criminal techniques of recovery get....UNLESS you are on a very special set of hitlists which warrant a LOT of money (like 100s of thousands, or even Millions of US$) being spent getting information from your computer. If you are on a list like that, as someone has already hinted, then it is not only your computer that will be a problem. Your mobile phone, home phone, office phone, your dining table, your neighbours upstairs bedroom, your best friend, your trash can, your shoes etc etc etc... are all liabilities. BUY a helicopter and a few spare passports but _don't_ dream.

Only a highly educated, experienced, hardened intelligence officer/ criminal, with lots of resources, money, and friends will have a remote chance of having covered every possible avenue and getting away with something they want to hide if the people who are looking are also highly educated,experienced, hardened, and well funded.

Better save your money for a good lawyer. At least that way if you are innocent of a major crime then you will get a better chance of having that proven to a court's satisfaction.

But if you are just an ordinary person who wants to educate themself and find out just how bad it gets, and you want to know more, a good starting point is Dr Who's privacy FAQ. Its around, try Google.

Oh and dont forget cd-roms and dvds. Most people make backups some of the time. Ever made a backup and then cleaned your machine? Ever thought about the backup program saving all your temp files for future generations? And an uncleaned/uncompacted Windows registry holds a lot of data. As does and uncleaned/uncompacted Outlook pst file or an OE dbx file. And those URLs in your favourites....

If you do need to clean or think its a good idea, fine. Make the backup, do the job, then make another, clean backup and destroy the first one. Like I said, its a pain in the b*** ! A microwave oven does a good job, they don't need cooking, just a brief flash. Quite pretty.

How to recognise the crap like the "history on your drive ..." idiot some posts above? Well if they start talking about stuff that sounds like techno-babble that none of the regulars agree with or have heard of then its garbage. Pure and simple. You already know more than they do.

Have fun!
 
Great post, Chunky; that's sound advice.

People need to realize that they can become the focus of a criminal investigation, whether it seems plausible or not. I had a friend some years ago--a friend who I had communicated with on the computer--who broke the law in a very serious way. I had done nothing wrong personally, but it was entirely conceivable that investigators would come look at my data, to see what communication had taken place (to see if the crime had been preplanned).
 
Back
Top