With security concerns of our data ever more important, the question of securely erasing data from hard drives that are no longer being used occasionally comes up. This topic is also known as multiple pass wiping of hard drives. This is a separate question from whether to use whole disk encryption for your backups, or whether to turn on encryption in your backup software. Encryption is a definitely a security “best practice” for removable media in environments where sensitive data is stored on the drives. I’ll address the evolution of encryption and it’s importance in an upcoming blog post.
The purpose of this article is to address the urban legend that multiple write passes (up to 35!) are needed to prevent someone with an electron microscope [AKA magnetic force microscopy (MFM) or scanning tunneling microscopy (STM)], from being able to read ghost bits from your hard drive, thus recovering data you carefully overwrote. Note that overwriting bits is different from simply deleting. It is true that conventional deletion on rotating media simply marks the file as deleted, allowing recovery of the file with special software. For SSD the story is a little different because they support TRIM commands. When an operating system deletes a file from an SSD, it sends a TRIM command to the drive, and the drive erases the data. On a solid state drive, it takes longer to overwrite a used sector rather than writing data to an unused sector, so erasing the sector ahead of time increases performance.
But I digress. Let’s go back to hard drives. Deleting files and overwriting files on rotating media file is a different thing. The myth is that due to magnetic remnants a sophisticated forensic investigator can recover data on a drive. As drive density has increased and encoding methods have changed, I’ve become increasingly skeptical that such forensics are possible. I personally doubt that anyone can recover any reasonable amount of data on a 2TB drive or larger drive after being overwritten even ONCE. Many experts are more conservative than I, recommending two or three overwrites “to be sure”.
The science behind the claims above comes from Dr. Craig Wright. I recommend starting here as a good overview to the topic. The mathematics are complex but the bottom line is that reading the value of an overwritten single bit (zero or one) reliably is little more than a 50/50 proposition (guesswork) and reading multiple bits reliably is simply preposterous, although Dr. Wright is certainly more scientific in saying so.
Government standards for data erasure have evolved and they no longer recommend multiple passes for writing data.
In the comment section of a blog post about all this someone named Keith claimed to have personally recovered some data after 35 writes. I say hogwash. In fact, I will issue this challenge: I offer $2000 to anyone who can recover with 98% accuracy the unencrypted text characters in a 300 page document saved on a 2TB hard drive that has been fully over-written with 1 pass of pseudo random characters. The testing protocol must be agreed to in writing ahead of time, have independent 3rd party experts present, and all results are subject to publication. I’m not offering to pay for time, travel, or expenses. In fact, I suggest the test be performed at an industry trade show in front of an audience. The sound of crickets chirping is heard….