Wiping a Drive (Wiki)

The content of the Security Analogies wiki is now available here, under the GNU Free Documentation License 1.2.

Thanks to Info Assurance Pro for the content of this page.

"Wiping a drive" is the act of securely overwriting data on a storage device so that it cannot be easily restored.

When a user wants to erase files on a storage device (such as a computer hard drive or memory card), s/he usually uses the "delete" command or "formats" the device, assuming that this will irretrievably remove the data stored therein. This is very much not the case. A regular erase operation only deletes the computer's reference to where the file is located on the storage device, not the data contained in the file itself. This data is then recoverable using widely available tools.

An analogy would be going into a library and destroying the card catalog; you've eliminated the common method people use to locate books, but have not touched the books themselves nor any content in them. Someone who went through the (admittedly laborious) task of looking at each book in sequence would eventually find the book and information s/he was looking for.

In order to "wipe" a drive a user should use a process that over-writes each piece of data one or more times. This would be the equivalent of going into the library, opening each book, overwriting every letter inside with a different character, then tearing all the pages out of the book. You now have the equivalent of gibberish, with no organization.

Another analogy would be if you wrote some information on two pieces of paper stacked on top of each other. If you took the first piece of paper away, the second piece would be "blank" (no ink on it) but would still contain the impressions of letters from the first page, which you could reveal by running a pencil sideways over them. However, if you instead wrote multiple sentences on the first piece of paper, one on top of the other, and then removed the page, the impression on the second piece underneath would be impossible to read.

Free tools exist to perform a drive wipe, the most notable of which is Darik's Boot and Nuke (http://dban.sourceforge.net.) For most hard drives built since 2001, the Secure Erase Utility (http://cmrr.ucsd.edu/Hughes/SecureErase.html) goes even deeper by utilizing a protocol built into the drive specifically for drive wiping, although this tool is suited for much more technically advanced users. Commercial tools also exist.

Data on a wiped drive is usually not recoverable short of involving an organization like No Such Agency (NSA).

WebSanity Top Secret