*Magnetic Residue on Hard Drives*
By: Hikage
07 Feb 2009

Magnetic media leaves a residue, or imprint after deletion. This is true for all hard drives. Whether they are SCSI, ATA, SATA, etc. This is NOT true for solid state material (usb pen drives) and laser etched media (CDs, DVDs). This is also true for devices that contain an internal hard drive, such as your iPod.

Your interest in using a shredder means that you know of this magnetic residue, and wish to do something about it. Well, there are two things that will best advance your desire for obliteration of previously held data:

Let's say I have a bit of secret data and it looks like this:

ajfeoeiawjefaselfi

Now, let's overwrite that data 5 times to help us eliminate magnetic residue:

ghowqiwefjaewfffeia
ghowqiwefjaewfffeia
ghowqiwefjaewfffeia
ghowqiwefjaewfffeia
ghowqiwefjaewfffeia

I hope you've noticed by now that I overwrote the above sensitive data with the same garbage 5 times in a row. This could actually defeat our purpose of hiding data. Think how this data will look to someone attempting to recover it. When a hard drive saves data it converts human-readable and machine-readable code into a series of binary 1s and 0s. This string of 1 and 0 can also represent "on" and "off" as it is the most basic communication method possible. A person attempting to recover data from a hard drive will collect these strings of 1s and 0s in order to search for known patterns. These known patterns include the header files to images, web pages, documents, mp3 files, etc. When portions can be recognized, and recovered, the whole datastream can be decrypted like any other puzzle. One byte at a time.

Obviously, it is our desire to prevent this as much as possible. So, let's review the above example and improve upon it.

When our nosy neighbor lifts the supposedly destroyed data from our hard drive found in the trash they will end up with the aforementioned string of binary bits. Now, the secret data I wanted to secure is in there somewhere, and has had another residue printed on top of it five times. Unfortunately for me, five times is not enough to make it irrecoverable. Also, since I used the same pattern five times I may as well have only done it once. As soon as the perpetrator determines the pattern I use simple math will allow him to subtract the garbage from the prize.

Let's say I was a bit smarter about destroying that secret bit of data. Perhaps I wrote over it ten times with as much random data as I could possibly generate. Like this:

gjraoweifjagiawjegawefijawefa
wefijaweoiawefo23irqj340t34gj
awejgl34jqwefija2309j23fsdfsd
aweoifja230q92j3r3ifjawefoaiwejf
rgij349g8qhgpq349g8h0rggh2oih
wfigqp349g8h34a0w38hfawwehisewj
on and on for 10 lines total ...

I hope by now you see the point I'm driving at. If you wish to scrub off data stored on magnetic media you need a lot of random data, and you need to go over the same area at least ten times. I'd recommend something like thirty-five passes if you're only dealing with a few megabytes of data. You may notice that these are similar tools to cracking ciphers. A computer language could easily be considered a cipher, and even used as one if it were not very well known, or entirely unique.

As a bonus to this article I am going to include a linux-style command-line procedure for wiping a hard drive clean. In this example, the device /dev/hda0 is the hard drive I wish to scrub clean of all data before throwing it away, and the hash/pound sign is used to represent a command-line prompt. Following are the commands I would type at a shell prompt as the Root user:

# dd if=/dev/random of=/dev/hda0
# dd if=/dev/random of=/dev/hda0
# dd if=/dev/random of=/dev/hda0
# dd if=/dev/random of=/dev/hda0
# dd if=/dev/random of=/dev/hda0
# dd if=/dev/random of=/dev/hda0
# dd if=/dev/random of=/dev/hda0
# dd if=/dev/random of=/dev/hda0
# dd if=/dev/random of=/dev/hda0
# dd if=/dev/zero of=/dev/hda0

What happens here is that the linux kernel uses two devices, /dev/random and /dev/zero, to overwrite my hard drive located at /dev/hda0. Random data will be written over the hard drive a total of nine times, and then a final pass of zeroes will be made. This final pass of zeroes returns the hard drive to the exact same state as when it was purchased. Hopefully, the magnetic residue underneath is all garbage.


Hikage



www.alpharubicon.com
All materials at this site not otherwise credited are Copyright 1996 - 2009 Trip Williams. All rights reserved. May be reproduced for personal use only. Use of any material contained herein is subject to stated terms or written permission.