2

I have an old hard disk that I want to completely format. I have found online that the windows quick format deletes the partition table and labels all the data as "Available Space", but the data will remain and can be recovered with some recovery tools.

I have also read the windows long format will overwrite every piece of data with zeros amongst other things. But, despite this, some people will do this process several times or even use junk data instead of zeros.

For those who don't know the windows formatting is the formatting that can be seen when right clicking on a disk in the windows file explorer where it says format... (at least on windows 11).

My question, from a security point of view: Should hard disks be long formatted multiple times or is just one time enough? And what's the benefit of doing the long format multiple times?

MrIzzat
  • 21

3 Answers3

3

Full format zero fills the volume

Full format does write zeros to the entire volume being formatted Since Windows Vista. If we then assume a 1:1 translator such as found on CMR drives, data recovery from this volume is impossible after a full format.

I consider the ability of 3 letter agencies to recover data from zero filled (single pass) areas on a conventional drive a myth. I know of no documented cases of a successful recovery of data overwritten by zeros. Cases where it was attempted yielded no practical usable results, example:

This study has demonstrated that correctly wiped data cannot reasonably be retrieved even if it is of a small size or found only over small parts of the hard drive. Not even with the use of a MFM or other known methods. The belief that a tool can be developed to retrieve gigabytes or terabytes of information from a wiped drive is in error.

And we read ..

One of the chief controversies is that if a head positioning system is not exact enough, new data written to a drive may not be written back to the precise location of the original data. This track misalignment is argued to make possible the process of identifying traces of data from earlier magnetic patterns alongside the current track.

And ..

The argument arises from the statement that “each track contains an image of everything ever written to it, but that the contribution from each ``layer" gets progressively smaller the further back it was made”. This is a misunderstanding of the physics of drive functions and magneto-resonance. There is in fact no time component and the image is not layered. It is rather a density plot.

Send any zero filled drive to the DriveSavers and the Ontracks of this World and they'll tell you it can not be done (This post also mentions some claims of the contrary by people who claim to have done it or people working for HDD manufacturers. I take these with a grain of salt, they can not be verified, they're claims, nothing more and it's unsubstantiated claims like these that keep a myth alive).

FWIW I was once contacted by a someone when discussing this topic in some forum, who claimed it could be done but that he shouldn't be talking to me because it "could cost him his job" from some three letter agency he could not reveal to me. IOW, Bollocks.

Note that a single pass fill on SMR and SSD drives is not secure!

There are two main factors that contribute to this:

  • Overprovisioning
  • Dynamic (LBA to PBA) address mapping

What this means in effect is that the new data ,the zero filled blocks, do not get written on top of existing data, IOW they overwrite nothing. And even though the drive will return zeros when we read the zero filled LBA blocks, the original data you intend to overwrite may (or probably does) still reside in blocks that are now outside LBA space.

Recovery of such data is now simply a matter of either bypassing the drive firmware or persuade the firmware to grant access to non LBA space data. And these types of recoveries, although not always possible, are routinely performed by data recovery specialists.

In addition to that modern SSD firmware may apply compression and even may not even write actual zeros. IOW a zero fill doen via the host may be entirely ineffective.

In such cases one would need to rely on the drive's built-in secure erase features. Alternatively one could consider 'pumping' high entropy data (that can not be further compressed) to the drive in quantities that far exceed the advertised LBA capacity.

1

This is kind of an opinion based question.

The question is, when is a secure format required and how secure does it have to be?

Sure, if you do a quick format, almost all recovery tools, including free ones can get the data back.

If you do a long format and write all 0's to the disk, it will be harder for the recovery tools to recover the data, but even then, its not going to be impossible.

Specialized companies can go great lengths to recover data. (but they charge 1000's of $ for their specialized services) Not something the average Joe will use.

The question here is going to be: why do you want to securely erase your drive? What have you had stored on it that cannot fall in the hands of anyone else? If your harddisk was used at home, then the chances are, the people interested in your data are very few people, and the long format is going to suffice.

If your harddisk is from a company and contains very sensitive financial data, you are better off bringing your harddisk to a company specialized in destroying the disk, giving you a certificate of destruction. If anyone gets their hands on your data then, you have a certificate to get all costs blamed om that company.

And yes, there are tools to erase data securely, writing many different kinds of stuff to the drive, and this is useful if you intend to use the drive again afterwards, but it wouldn't make much sense to go through all the effort if the data is not that valuable to begin with. And yes, while precious family photos may be valuable to you, it is not something worth of money to other people. Not even a porn collection would go that far.

So in order to know for yourself if you really have to go through all the lengths, ask yourself this: If a stranger gets your harddisk in their hands, will it cost you money if they get access to the data? If yes, the more money it could cost you, the better of a job you will want to do in securely erase your data.

LPChip
  • 66,193
0

Our cyber security insurance requires that drives to be disposed of are physically destroyed.

Physically hdd, must be magnetically wiped and the remains have to be crushed.

So according to them doing a long format is pointless.

As far as re-using it goes, DBAN seems to be a very popular way of erasing them.

Should hard disks be long formatted multiple times or is one time just enogh? And what's the benefit of doing the long format multiple times?

As far as normal usage, a single zero pass should be sufficient for internal reuse.

The theory for multiple passes with any tool, such as DBAN, is that tiny magnetic traces of the previous data remains that could be recovered. Now if this is possible, which I don't know, The more passes with random data would scramble the magnetic fields and make the data unreadable.

The theory holds that a government could use an advance technology, such as laser, to detect the previous state of the data. Equipment like this would surely cost 100+k which would make it impossible for any normal person to buy.

Extremely sensitive magnetic sensors exist, but whether or not that could detect the previous magnetic fields in a usable way is unknown. Many people theorize that for the governments of the world with virtually unlimited money it could be possible.

cybernard
  • 14,924