The subject of hard drive destruction, data wiping, and data deletion is source of numerous, forums, websites, and blogs. Sadly, the vast majority of the information being published is rubbish, and is based on urban myth.
In Yahoo! Answers one commentator described deletion of files as “compression”, with the more a file is deleted the “more it is compressed”, and it just gets” smaller and smaller”, until “only the police can recover it”. Bizarrely this was voted “best answer”, hopefully “best surreal answer”.
A lot of the debates about data deletion and hard drive destruction is due to a combination of urban myth, misinformation, old technology, misunderstanding, exaggeration, blaggers and trolls.
This article attempts to resolve some of these issues, and possibly explain why these myths came into existence.
File Deletion: Does this destroy data?
When a file is deleted what happens depends on a variety of factors, how the users deletes the file, what operating system they are using, where the file exists, etc. However, in the most common file system on PCs (the Windows based NTFS), deletion does not destroy a file but merely prevents the user from accessing the file. Then using “specialist tools” deleted files can, sometimes, be recovered.
Over a period of time the deleted file, if its not recovered, will become destroyed/overwritten by the computer. This is not a deliberate action, rather a by product of computer use.
[Specialist tools are not rare any more, and many can be picked up for free, however they will not always work due to issue such as file fragmentation and user error]
It is possible that a user, in a Windows PC, can hit delete, and then moments later be unable to recover the contents of that file, even with the help of a professional data recovery company. But, this is not common and can not be guaranteed. For this reason deletion of data can not be considered “destruction”.
Hard Drive Wiping: Does this destroy data?
This is the most common myth on the internet. The term “to wipe a drive” means overwrite every single sector on a modern hard drive with another character often FF, or it can be a random character sequence.If this is done correctly the data cannot be recovered.
For the purposes of clarity, this will be repeated: If every single sector of a modern hard drive is overwritten, then NO DATA can be recovered, and especially not by the police. In fact companies such as Ontrack, who spend millions of dollars on research into data recovery are not able to do this. This wiping does not need to be done 33, 12, or even 3 times. Just once.
The caveats here are “modern hard drive” and “every single sector”.
If every single sector is not over written then data can be recovered, even a fragment of a file stating “The super secret account number is XXX-XXX-XXX and the password is YYYYYY” takes up just a few characters and would easily fit into a single sector, for example the file slack of an active file, can store 100s of bytes of data.
Therefore if the wiping tool does not work correctly, then a sector could be left unwiped, and that sector could contain a fragment of useful text. But with over 1,000,000,000 sectors on a 500 GB hard drive, the chance of one of them not being wiped and containing data that can be understood is minimal. In fact if 1 sector is not over written the chance is just 1 in a billion.
This probability of recovery is reduced when the data type is taken into account. File types such as pictures, PDFs, emails, etc, are not stored in plain text and therefore are even harder to recover. E.g a fragment of an email with the above statement would look like total garbage when recovered from the hard drive, therefore even recovering a fragment, if that did occur may be pointless.
The second caveat is “modern hard drives”.
Old hard drives, the old 10 mb physically large style hard drives were not very efficient or accurate at writing the data to the platters.
For this reason each time data was written onto a hard drive it was feasible that data would be written onto a different place on the physical hard drive, i.e the actual location of data on the platters would change slightly, as the heads did not write the data correctly. Therefore, the theory goes, by using electron microscopes, it was possible to pull out the previous “shadow” data. i.e DataTrack 1 is written onto a hard drive, then DataTrack 2 is used to “overwrite” DataTrack1, however due to poor alignment of heads, and low quality hard drives, its possible to read /recover DataTrack1, and then piece together this information.
This technology makes several assumptions. 1) The hard drive is old. 2) The hard drive is not working very well. 3) The data can be recovered. 4) Enough data can be recovered, de-coded, and re-constructed to produce any information. 5) The data being recovered is so hugely valuable that it is cheaper to do this, than gain the data than any other way.
Having been invited to a tour of a facility in the US, which claims to do exactly this type of recovery, it is fair to say that type of recovery attempts of this nature did, at some point exist. However, technology has long since moved on.
Modern hard drives are far more compressed, with a smaller hard drives containing a 1,000 times more data. This alone makes the old method redundant. In addition to this modern hard drives have multiple heads, with data on both sides. This means that piecing together data on different sides of a multiple platters is an almost impossible task.
For this reason no commercial company is able to recover data from wiped data. It should be emphasized that US and UK government agencies use commercial companies for even the most sensitive data recoveries, as the corporate sector is far more advanced in this arena. The Columbia NASA disaster, parts of the 7/7 investigations, and the Madrid bombing investigations all required data recovery and all were passed out to commercial companies.
Therefore the idea that GCHQ or MI5 has a super secret lab that can recover data from a wiped drive, is the world of fantasy.
With that said the government has still some pretty old technology in existence and tools (and users) cannot be guaranteed to work properly first time. For this reason Government approved wiping tools are always required to wipe data using multiple attempts. This is the most likely reason why the myth about multiple wipes, and electron microscopes, still persists.
But, in the real/modern world any data wiped once is destroyed, and unrecoverable.
How to destroy a hard drive?
Due to stories in the media, which are carefully placed by the PR companies for data recovery companies, it is often believed that anything can happen to a hard drive and the “experts in clean rooms” can recover this data.
Sadly, this is simply not true. The deliberate damage being forced on the innocent hard drives, by the PR controlled media, is almost as controlled as the reporting, with predicable outcomes. This gives the data recovery company the best chance of recovering the data.
Firstly it must be understood how a hard drive works. A hard drive, in brief, has: Platters which contain the data, heads which read the data on the platters, a motor which spins the platters, and a circuit board which controls the heads and motors, and talks to the computer.
Out of all of these parts the platters are the only parts which cannot be replaced in a data recovery process.
Data Recovery Myth 1: Fire
Hard drives are often set on fire to test the ability of a company to recover them. Fire will not touch the platters which are well protected in the casing. Though it may damage the circuit board, which is the easiest part of the hard drive to replace.
Data Recovery Myth 2: Water
Water is more of a risk to hard drives than fire, as the water and dirt, can get in through the hard drive casing and onto the platters. This can be resolved by washing the platters with clean water, drying them out, polishing them, and replacing them into a working hard drive
Data Recovery Myth 3: Electric Shock
Electric shocks are sometimes put through hard drives, this will only damage the electronics, and not the data. All of which can be placed.
Data Recovery Myth 3: Drop/Hit
Hard drives are often subjected to a variety of impacts. Being dropped out of a window, driven over by a tank, or thrown out of a car. Most of these tests have little effect on the hard drive, as it has been powered down first and therefore the heads will not “crash” into the platter. The tests are also not as bad as some may seem – the tank does not put all its weight onto the hard drive, only some of it, being dropped from a car, is only being dropped from a car is only being dropped a few feet and the computer/laptop will act as much of the crumple zone. Dropping the drive out of a window is likely to damage the hard drive circuit board, but this can be replaced.
The results would be very different, i.e from 100% recover to 0%, if the hard drive was hit while it was spinning. Simply placing a scratch along the length of a platter would prevent recovery of data.