Destroying Files by Notepad

aimo3

In Runtime
Messages
186
Location
Dubai
On hard disks, I use Eraser to destroy confidential files. Before finding out about this open-source software or in computers which don't have it installed, I open the file I'd like to destroy with Notepad. It displays it almost fully in gibberish, then I delete something in it and save it.

As excessive writing on USB flash disks shorten their life, I'm wondering if using Notepad is sufficient in erasing data and in saving a life of a flash disk. If that's true, does it differ if I delete a chunk of it or just few characters enough for it not to open by whatever programs that open it.
 
That's not really erasing data... that's just corrupting the data. It's still going to be on there until you delete the file.

The Eraser program (or any other secure-delete program for that matter), not only deletes it but also overwrites the space the file took up in storage with 0's.

A normal (non-secure) delete or format doesn't actually delete files. It just breaks the link to the file, and allows the space allocated to the file to be overwritten by other files. The file is only totally destroyed/unrecoverable after all space originally allocated by the original file is overwritten (either by new files or 0's, which is what secure delete software does).
 
I understand that with this Notepad way, the data will get corrupted instead of "actually" deleted. But after the data (PDF, image, voice, video, whatever) gets that corrupted, is it possible to get retrieved?
 
Possible.

Likely? Most likely not - depends on how determined somebody is to get your files. People can still attempt to recover even secure-deleted files if they use the right software.
 
The only secure method of data destruction is to destroy the storage device physically. Several companies will actually take small explosives to disk drives, or the IT guy will go out back, and literally put the disk out of it's misery with a shot-gun.

There are other ways to destroy them as well, such as removing the platters and placing them in a special microwave meant for destroying the disk, but shattering platters, or the actual flash memory is usually enough to permanently destroy any data on it.
 
The only secure method of data destruction is to destroy the storage device physically. Several companies will actually take small explosives to disk drives, or the IT guy will go out back, and literally put the disk out of it's misery with a shot-gun.

There are other ways to destroy them as well, such as removing the platters and placing them in a special microwave meant for destroying the disk, but shattering platters, or the actual flash memory is usually enough to permanently destroy any data on it.

I like watching the big HDD shredder videos :D

https://www.youtube.com/watch?v=yd_O7-rqcHc

But yes, like c0rr0sive said, physically destroying the storage device is the only true secure way of getting rid of data.
 
When it comes to deletion of data, there is 1 rule that folks should learn as fact:
Software CANNOT remove all software from hardware...ever.

Data on HDDs is comprised of charges on a magnetic platter. Bare metal. You need to either overwrite the charge or physically break it. SSDs (USB Sticks, SS Drives, RAM) are magnetic charges (this gets more complicated), but can't be completely destroyed by another charge. SSDs are better destroyed by fire/melting or physical breaking.
 
Interesting although very strange!

So when some software overwrites all the space a file took up with 0s or whatever, what is it that can still give a way what was written on it earlier? Is it backed up somewhere else?

Another question, let's say the capacity of an HDD is X GB and that 1/3 X goes to system & apps, 1/3 to data and 1/3 is a free space. If we delete all the date and write another 1/3 X amount of new data, let's say it's possible that all of the new data will take place on the original free space and will not touch the space which was taken up by the deleted date. How about if we write another 1/3 X of data, so the total date will become 2/3 X? Where does the original date remain stored (if that's the case)?
 
Well, let me elaborate a little on the software killing data on hardware. If you zero-fill or one-fill a drive, data can still be recovered. Enough bits to piece together an entire byte in most cases and ultimately pull together enough data to be brought to a legal case. I've seen the government use sophisticated utilities in cases that they really need to apply data from HDDs to. If you zero-fill or one-fill a HDD about 10 times, the chances are extremely slim for any data recovery that will be of any use.

My boss's wife works for the DoHS and directly deals with data recovery. She supervises a team so she really isn't technical herself, but she always shares fun stories about data recovery with me when I come over to work on one of their computers.

As for the logic behind HDD data "writing"... if we were to use your hypothetical, then we might as well throw in more practical hypotheticals like: bad sectors (both logical and physical), writing speeds, the sizes of components being written, et cetera. Data "written" on HDDs can be extremely random based on these variables. An OS will not wait long to try to "write" data to a bad physical sector or cluster, so it will move along. It will, however, try to "write" data to a logical bad sector a couple of times before failing or succeeding. In the meantime though, it will continue to write other data to good sectors while coming back a few times to decide whether or not the logical bad sector can be written to. HDD manufacturers can sell more drives if they accomplish faster speeds. So, they are in it for speed rather than integrity (in my opinion). So data will find itself everywhere over the platter in the end.

Sorry that I don't have an exact answer to your second question, but it is either retrievable in portions (bits of bytes or sectors of clusters) and/or from the table that states where the data was and what it was.

Does that help you at all?

-Michael
 
Thank you for elaboration, although I did not quite get it. I understand that a single file can be scattered over a platter, but are you saying that when software overwrites a file, it does not do it completely, like it leaves some bits of a byte or sectors of a cluster?

My Eraser settings say "Default file erasure method: Gutmann (35 passes)". This is the default setting at the installation and I've not changed it. If this means that even DoHS will never be able to get it, for my way less sensitive purpose, I may only use 3 passes or something specially on flash disks to extend their life. Am I getting it?
 

Attachments

  • Eraser.png
    Eraser.png
    67.2 KB · Views: 2
Back
Top Bottom