Like Yar said, there is an outstanding challenge to by the Great Zero Challenge to recover data from even a single pass.

The SANS Forensic blog published a paper back in January looking at the problem from a statistical viewpoint. Their findings were that while you might be able to retrieve the value of a particular bit (it is 50/50 chance after all) unless you could guarantee the placement of a file on a given drive, the chance of successfully retrieving the data in that file was statistically zero.
(http://sansforensics.wordpress.com/2009/01/15/overwriting-hard-drive-data/)

For paranoid people, no amount of statistics are going to change their mind, which is why my company, EPC, also developed a mobile drive shredder – which we call the DDRV, that can perform physical destruction at an enterprise, ensuring the chain of custody is never broken. (http://www.epcusa.com/ddrv/)

However, when I say disk wiping, I mean using software which will write over every bit of the hard drive.

Formatting and reinstalling an OS will not write over every bit on the drive.

I also do some work with data recoveries and it is nice to be able to pull off nearly every photo someone has lost after they’ve accidentally formatted their hard drive with the “recovery CDs.”

I have not used OnTrack’s data recovery software. The main software I use is EnCase, X-Ways Forensics/WinHex, Power Data Recovery and Easy Recovery Professional, in that order. I may have a look at OnTrack’s software :]

Working for a PC repair shop, I know. There are plenty of tools out there (one that we liked to use was OnTracks recovery software) that will look at individual sectors and re-build files from there. You wouldnt be able to pull out every file unscathed without incident, but you’d be surprised how many files are still left intact.

We’ve used this tool to save our own asses sometimes after we accidentally formatted a drive before data was backed up. Even after a fresh install of the OS was thrown on the newly formatted drive.

I’m guessing the Federal Government has put in standards for multiple passes and complete incineration or destruction of every particle of drives because they want to stop future recovery attempts if technology were ever to ever get to that point.

I recommend encryption as a technique because you can fully encrypt a hard disk beforehand but you can’t fully wipe a disk beforehand and still use it. All of these suggestions are from the perspective that your activities violate some sort of law in your country.

Great comment on the HPA (host protected area) as well. I should note that DBAN does not clear this area of the drive either.

I was going to add a link to The Great Zero Challenge (http://16systems.com/zero.php) because it is still a widespread myth that a single pass is not effective. It is very effective and all that is needed.Essentially, it is a challenge to recover data from a hard drive that has been fully wiped with a single pass.

As for magnetic force microscopy and using electron microscopes, from what I’ve read the process is very cumbersome and long and the chances of correctly identifying the previous state of a bit are very low. So take a simple word document or picture for example…

For a simple forensics examination or even data recovery your forensics software will first need to identify a header or footer for the file (or a complete file table which is highly unlikely for the same reason as below). Once it finds this, it will need to rely on the data not being fragmented across the hard drive.

Even a simple text document with one sentence will be unrecoverable after a single pass. You will need 8 consecutive successful bit recoveries to recover a byte. In a text document that byte represents a single character. If even one of those bits is recovered incorrectly through magnetic force microscopy then that byte is completely different.

Thank you again though for a very informative reply. This is good stuff. I figured microwaving your optical media would produce some sort of toxic fume but that would be the last thing on my mind if I were to be destroying potential evidence.

So, what is this single pass process called Secure Erase that can eliminate data beyond other overwrite processes… It is a technology initially developed by IBM as a feature to their TravelStar line of drives. The protocol was elaborated by the UCSD’s Center for Magnetic Recording Research at the request of the NSA. Today, Secure Erase is integrated in to all standards compliant ATA storage devices manufactured since 2001.
Secure Erase is initiated by a command sequence, and once initiated, can not be stopped until the process is finished.

So, if SE is so effective, why isn’t everyone using it? Well… this is due to the fact that although it is highly effective, it is seen by ost PC manufacturers as a potential security vulnerability. This is due to the fact that if a virus, or malware were to initiate the SE process, the data contained on the drive would be eliminated with no hope for recovery. Accordingly, the BIOS, hardware and OS manufacturers have implemented features to inhibit the passing of the SE Init command to devices connected to the host controller… Ultimately, anyone producing software to launch SE would find themselves in a position where their product would not work on the majority of the equipment out there… and if it did work, there is a good chance that the host controller hardware should not permit access to the Host Protected Area and other Protected Service Areas on the drive,. Whereby rendering the processed device with recoverable data.

Why Multipass? well the concept goes a lot further than attempted recovery by Magnetic Force Microscopy (MFM). The concept comes down to, what is a reliable process to assure effective coercion of every pole, whereby eliminating any trace of latent data? Many processes proselytize 3 passes including a pass of all ’1′s, random data, and all ’0′s. As you say, others go as far as many more passes. Regardless, no matter how many passes are done, regions such as the G-List sectors, HPA, and the regions beyond the Device Control Overlay still may contain recoverable information (less probable in the DCO regions).

Degaussing is a cat and mouse game. As drives increase in media density, the need for more powerful degaussers is required. Currently, a common 500 Gig device will require a degausser capable of 11,000 oerstead to effectively achieve coercion of the entire media surface on a disk stack. The issue with Degaussing is not only the concern about assuring the power of the degausser being suitable for the task, but that the process disables the electro-mechanical components of the drive before effective coercion may be achieved. This means that, assessment of the effectiveness of the process will be complicated. Also as a connection free process, any logging is done manually and may be susceptible to human error.

Encryption is an effective solution for the protection of live data. It is NOT considered best practice for the protection of End Of Life Data. Referencing government protocol established for the protection of higher level classified data the concept is that data must be eliminated beyond any recovery effort using current or future technologies. Accordingly, encryption is the process of using a key to obfuscate the original data. Regardless of the key strength, a key can exist, or be recreated using technology available in the future to create and process such complex keys.

Physical destruction is a good alternative to permanent data destruction. However, again, when handling high levels of classified data, the particles from the process must be smaller than the smallest recoverable element, a single data sector, or a particle smaller than 1/250th of an inch (formerly 1/125th of an inch up to March ’08). However, for most of us, shredding, smelting and other physical destruction processes will do the job. The one issue with physical destruction is that it is often conducted at an offsite facility, which means that unprotected devices are shipped off to this site.. The handing off of unprotected (or poorly protected) storage hardware exposes the organization to the potential for loss of assets in transit. Regardless of who is in possession of your drive, the data is still owned by you, which means, it will be your org filing the mandatory disclosure notice, and that the carriers name will only be a footnote on the filing. This is another good reason to favor in-house processing, or pre0-processing should your policy dictate physical destruction for higher levels of data classification.

Microwaving optical media is dangerous, and produces toxic fumes. If you feel compelled to practice this method of media destruction, think twice, it may be amusing to watch, but the risk may not be worth the perceived gain.

Software based technology may be suitable for the clearance of non-confidential information, and suitable for the home user. In the enterprise, where multiple levels of data classification exists in a work environment, short of inventorying your data assets by class, then it is difficult to assess handling procedures for by device. Where confidential or personally identifiable information exists, clear based processes will not be an adequate process.

Secure Erase can be used effectively and can be affordable when approached through the use of purpose built Secure Erase appliances. These devices such as those manufactured by Ensconce Data Technology (www.deadondemand.com) enable users to effectively purge all data from the drive, beyond forensic effort in a process that requires between 17-35 minutes per 100 Gig of volume space. Secure ErRase is also a green solution, where the device is rendered re-usable at the end of the process (unlike degaussing).

Just my 5 cents…