Canadian Mac Forums at ehMac banner

1 - 7 of 7 Posts

·
Premium Member
Joined
·
5,247 Posts
Discussion Starter · #1 ·
Although it's been well known for nearly forever, a recent study underlines the need to wipe your hard drives when selling or scrapping old HD Drives.

Trashing files actually deletes nothing, it only removes a link to the file. That's how drive & file utilites work when they recover "lost" files. Until the actual file is overwritten all that information still exists on your drive. Its also important to understand that certain data may be very difficult to rewrite. *

Currently there are a few solutions available to us Mac users. Current paid versions of Pretty Good Privacy (PGP) (OSX & OS9) include a drive wiping utility, as do some older free versions for OS9. Also for OS9 is a freeware wipe utility called Burn.

Eraser (free) is a GPL'd utility for Windows and Linux; we may see an OSX version ported to Darwin or OSX show up sooner or later.

Probably the best method would be to create a bootable OS9 disk with Burn; a user could then startup from the CD and erase a single drive Mac's HD. If necessary, a clean install of the OS could then prepare the computer for resale or disposal.

If you have multiple drives, the task is a bit simpler (no CD burner required). An external bootable drive would also be an excellent choice.

It is also important to note that the random data must be written to the drive many times to fully erase what was there before. 3 wipes is considered a good start, 10 is considered good and 30 or more may be required for sensitive and secure wiping. Forensic Recovery (used by nice people like CSIS and the RCMP) may be able to read drives wiped many times, but of course no normal, law abiding ehMac'er need worry about that.

My first Mac, a Mac Plus bought for $375 from a University Surplus Assets department, came from the Dean's office. No attempt was made to even trash files on the HD, so everything was on that drive, including applications, student data and marks, and personnel information. It was a big eye-opener for me, let me tell you.

MIT drive study

Burn v2.5

PGP Personal OSX/9 with PGPDisk $US 40

PGP v7.0 docs pdf (see pages 109-10)

PGP v7.0.3 freeware & patch

* Drive data is written in blocks. A file that is written to a block may not replace other data in that block. A crude example follows:

Old Data: my VISA number and Bank password my Mastercard number and password 0100
New Data: picture of my carsand Bank password my Mastercard number and password 0100
Wiped Data: 0100101010010101010101010101010100010101110101110101011011010
 

·
Premium Member
Joined
·
2,700 Posts
Holy Smokes! GordGuide thankfully posts useful stuff like this all the time, which most people never even think of. You really do amaze me GG.

Keep on postin' :D
 

·
Banned
Joined
·
14,050 Posts
When formatting a drive using Apple's utility and selectin the "Write zeros" option, does one still have to do it many times?

I thought that writing zeros was writing zeros?
 

·
Premium Member
Joined
·
5,247 Posts
Discussion Starter · #4 ·
Writing zeros is a good, basic precaution, but it won't erase all traces of the data (or even come close). It is adequate if no special means is used to read the data (ie no recovery software or physical examination is done). Anyone in the business (legal or otherwise) of searching drives will have invested in tools designed to find what lies there, though.

It may help if you understand the nature of magnetic media. Even though we store digital data on hard drives (or CDs for that matter) the actual storage media is analog. The analog media can be studied to determine what my have been there before.

Some of us remember former US President Richard Nixon recorded every conversation on magnetic tape. Later, these tapes were studied and portions that had been erased were recovered. This is because traces of the first recording were still there, although subdued to the point where ordinary playback revealed nothing but a low-level noise. Even though this was analog data on an analog medium, digital data on an analog media is essentially the same thing.

Blank magnetic media is made of randomly positioned bits of iron. Recording arranges these bits into a pattern. This pattern will never be the random pattern of a blank, newly manufactured disk. If you look close and hard enough, the old pattern will still be visible.

It is somewhat similar to a double exposure on a roll of film (we've all done that). The old pattern is visible as well as the new pattern, so we can see two images on top of each other.

Perhaps another good analogy would be a pad of paper. Write with a pen, and an imprint is left on the page below that can be seen by our eyes unaided. At some point, we may need a tool to see the imprint (say, the fourth page down). Governments may be able to afford to invest in technology that can see 20 pages down.

With the nature of technology being what it is, sooner or later a crook will be able to afford what it takes a large eneterprise to fund today.

Since we can never reach the state of a new, random magnetic disk, the only way to "hide" the original pattern is to write with a random pattern, over and over and over again. At some point our random pattern will obscure the original up to the point where our current technology can no longer discover what was there at one time.

It would take many more passes to obscure the original pattern if we use the same, constant pattern to overwrite the data. That is why writing zeros is less effective than writing a special random pattern such as those found in the programs mentioned earlier.

I don't know exactly what the relationship is, but for sake of arguement you might say that 1 pass with random data is equal to 10 passes with zeros.

Like any security measure, we may not be able to provide ultimate protection from any possible threat. However, like a thief trying locks in our neighbourhood, we can take steps so that they give up and try someone else's door instead.
 

·
Premium Member
Joined
·
5,247 Posts
Discussion Starter · #5 ·
A new application has been released for OSX by Jiiva SW called SuperScrubber. This commercial utility (US$ 30) wipes partitions or complete drives in preparation for disposal or sale.

Missing from the feature set (in my opinion) is the ability to wipe free space from a drive (ie leaving files intact but erasing empty space on the drive), which would make it a valuable addition to the toolset of ordinary desktop users. Still, those who find themselves trading in computers or drives may find it useful, as would commercial Mac users who occasionally dispose of hardware. I haven't used the application myself.

Jiiva SW SuperScrubber
 

·
Banned
Joined
·
14,050 Posts
gordguide,

thanx for that explanation of the analogue portion of digital data storage as it relates to erasing data.

now my world is more crazy than before.

digital ain't digital and zeros ain't zeros anymore...



chicken little was a genius
 
1 - 7 of 7 Posts
Top