This is an add-on to a previous post about erasing data securely. Since i wrote that post i have had the chance to learn more on the topic of hard drives and, as i promised in my very first post, whatever i learn i’ll share so others may learn too.
The information in this post is about traditional hard drives only, I still do not have enough information about Solid State Drives. I mentioned ways to securely erase data from a hard drive in the previous post but while i mention that “a single pass is great, a 3-pass is perfect, anything after that is overkill.” it turns out that anything more than a single pass is overkill. So why are the options offered? Why do some still swear by a 3, 7 or 35 pass secure erase? I think it all comes down to piece of mind and old myths.
From what i have found, the belief that data can be recovered/reconstructed even if it has been erased or overwritten once held true, though it is worth mentioning that even when this held true it was in old technology like floppy disks and old hard drive technology that it applied to. This belief comes from the fact that the head positioning is not accurate enough to always write to the exact same position on a track. While this held true a long time ago it does not anymore. Floppy disks had a rudimentary positioning mechanism which was indeed not exact enough to write data back to the precise location of the original data. Hard drives (even the ones from many years ago) have a much more accurate head positioning mechanism. But even though these old hard drives were far more accurate, data recovery was still a possibility (even if it was a very slim one). A hard drive is made up of tracks and the tracks are divided into sectors, the head reads and writes data to and from these tracks. Older technology (like floppy disks and old hard drives such as 2, 4, 8, 10 GB) had tracks that were slightly wider than the head surface so there were very small spaces in a track that could be skipped or not completely covered when overwriting (securely erasing) data (see image below). This small area is the track boundary or edge. So to maximize the chances of erasing every area of a drive, multiple passes were needed to ensure the head covered every part of the track and all data was gone so an electron microscope could not be used to read skipped data from those track boundaries. It was possible but very improbable. Either way this very small possibility was enough to start the myth that persists even today.
The below graphic shows very roughly what happens when a track is wider than the read/write head.
The small pieces of green are the track boundaries that would have been used to recover small bits of data from using an electron microscope. Even when this was possible it was not nearly enough information to reconstruct many megabytes or terabytes of data.
Modern hard drives no longer have this problem, the heads are able to read the entire width of a track so a single erase/overwrite is enough to make the data that was once there, disappear forever. There is actually a challenge out there where $250.000 is offered to anyone that can recover the contents of a text file from a drive that has been erased with just a single wipe. As far as i know so far this challenge has not been met yet. Of course you can do a 3 or 7-pass wipe just for piece of mind but the time and money this costs is really a waste.
if you have comments or more information please leave a comment.