Data Destruction: Is One Pass Overwriting Enough?

There is some controversy regarding data destruction in the IT industry, some vendors claim that no software writing solution is secure, and only firmware level erasing, like Secure Erase, is certifiable. Others go further and say that only physical destruction is enough. The DoD spec calls for either a 3 pass or a 7 pass wipe, and NIST has stated:

Studies have shown that most of today’s media can be effectively cleared by one overwrite.

Popular TV shows like Numb3rs show scientists able to recover data from drives even after they have been wiped. There are probably as many standards to wipe data from hard drives as there are companies providing solutions. When is it enough? EPC as a company has standardized on the 3 pass DoD wipe as it is well recognized in the IT industry and it is a relatively fast process.

Back in January, SANS Forensics blog published an article entitled “Overwriting Hard Drive Data”. SANS paper is noteworthy because it concludes that a single pass of zeros is enough to make the drive forensically unrecoverable:

Although there is a good chance of recovery for any individual bit from a drive, the chances of recovery of any amount of data from a drive using an electron microscope are negligible..

What does this mean?

Basically the SANS study said that unless you could guarantee where on the drive a particular set of data was stored, it was virtually impossible to rebuild that data from a wiped drive. Even if you could recover an individual bit, you would not have enough information to make usable data.

This study, filled with probability charts and bayesian confidence scores, probably won’t change your mind if you are really paranoid. However for those people, I recommend a certified drive shredding program like EPC’s DDRV.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *