I heard on another post something about 0-ing out computer memory not being enough to stop a digital forensics expert with enough time and dedication from recovering the data. They said you needed to overwrite the data randomly at least 7 times to render it completely irretrievable. This seems completely unnecessary to me, unless computer memory has some sort of physical “residual memory” where you could identify the last change made to that bit. And even if that is the case, why wouldn’t overwriting every bit to 0, then 1, then back to 0 work just as well?
In: Technology
My understanding is that for modern, spinning disks, this isn’t an issue. The original conjecture that data could be recovered using expensive tools was from a paper presented at a conference in the late 1990s, and was an attack against hard drives that–even by then–were somewhat outdated. The attack was based on the idea that hardware back then wasn’t particularly precise, so a single overwrite may have left the magnetic signal in a not quite on or off state. If you could look at the physical media closely enough you might be able to tell that something which the hard drive equipment thought was a 0 actually wasn’t all the way in a 0 state, which could indicate that it had been a 1 at some point. The attacker would need to use very specialized tools that could read the magnetic signal in a more precise way than the hard drive itself could accurately read or write. Specifically, [Magnetic force microscopy](https://en.wikipedia.org/wiki/Magnetic_force_microscope) and [scanning tunneling microscopy](https://en.wikipedia.org/wiki/Scanning_tunneling_microscope).
The ELI5 for those is that you use a very sharp “needle” that can “see” the detail in incredibly small magnetic or physical spaces, including being able to see down to the single atom layer.
[It’s not ELI5 territory, but you can read more about it in this old article](https://web.archive.org/web/20121110053501/http://grot.com/wordpress/?p=154). A lot has been written about your question though, so you can find other sources in addition to this one.
Moden SSDs will mark sections of the drive as “bad” after they become unusable. I’m a little uncertain about what happens here, but I think that these drive sections may always be left in their last known state, even if you try to use software tools to overwrite the drive. If that is the case (and hopefully someone more knowledgeable can comment), data in bad areas has a decent likelihood of being recoverable to someone with sufficient means (albeit very well funded means). So, if you’re James Bond and worried that you might have to crash land in enemy territory, make sure your drives are encrypted from day 1, or have a spare vat of acid handy just in case.
Latest Answers